Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan horse Patched_c.LXT


  • This topic is locked This topic is locked
14 replies to this topic

#1 Big Chumpy

Big Chumpy

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 26 June 2012 - 09:00 PM

Hi. Thanks in advance for your time and help.

AVG detected this threat in C:\windows\system32\services.exe and could not remove it because it is in a critical/system file.
Every few minutes, AVG detects it again in the same place. Also, new trojans appear at random (trying to repair results in system crash) and Firefox redirects me to random sites (I hope this is related).
I have run full scans with Malwarebytes and Super Anti-spyware.
Running Win 7 Ultimate 64bit.

DSS log below and attach.txt attached.

--------------------------------------------------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Chumpy at 11:02:56 on 2012-06-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4094.2398 [GMT 10:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Windows\system32\conhost.exe
E:\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: mswsock.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{56CD9D47-4693-4063-B275-EF66D9CA932B} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chumpy\AppData\Roaming\Mozilla\Firefox\Profiles\6k4k2z3y.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: E:\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-3-23 2321520]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-25 1262400]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-25 257224]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-26 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-06-27 00:53:22 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-26 07:31:31 -------- d-----w- C:\Windows\System32\appmgmt
2012-06-26 07:05:06 -------- d-----w- C:\Program Files\Bonjour
2012-06-26 07:05:06 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-06-26 07:03:24 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-26 07:01:48 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-26 07:01:48 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-26 07:00:18 -------- d-----w- C:\Users\Chumpy\AppData\Local\Apple Computer
2012-06-26 06:59:24 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-06-26 06:59:24 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-06-26 06:59:24 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-06-26 06:59:10 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-26 06:59:10 -------- d-----w- C:\Program Files\iTunes
2012-06-26 06:59:10 -------- d-----w- C:\Program Files\iPod
2012-06-26 06:58:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-26 06:58:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-26 06:58:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-26 06:58:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-26 06:58:29 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-26 06:58:28 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-26 06:58:28 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-26 06:57:29 -------- d-----w- C:\Users\Chumpy\AppData\Local\Apple
2012-06-26 05:56:01 -------- d-----w- C:\Users\Chumpy\AppData\Local\Nero
2012-06-26 05:27:08 -------- d-----w- C:\Users\Chumpy\AppData\Local\Nero_AG
2012-06-26 04:29:31 -------- d-----w- C:\ProgramData\Nero
2012-06-26 04:16:30 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-06-26 04:16:29 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2012-06-26 04:16:29 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2012-06-26 04:16:29 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-06-26 04:16:29 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2012-06-26 04:15:15 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2012-06-26 04:14:02 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-06-26 04:12:48 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-06-26 04:11:35 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll
2012-06-26 04:10:21 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll
2012-06-26 03:45:15 -------- d-----w- C:\Users\Chumpy\AppData\Roaming\Malwarebytes
2012-06-26 03:45:05 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-26 03:45:04 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-26 03:45:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-26 03:41:37 -------- d-----w- C:\Users\Chumpy\AppData\Roaming\SUPERAntiSpyware.com
2012-06-26 03:40:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-26 03:40:52 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-26 03:15:20 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-06-26 02:58:05 -------- d-----w- C:\Users\Chumpy\AppData\Local\Adobe
2012-06-26 00:38:42 -------- d-----w- C:\Users\Chumpy\AppData\Roaming\uTorrent
2012-06-26 00:30:20 -------- d-----w- C:\Program Files (x86)\SlySoft
2012-06-26 00:20:12 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-26 00:20:12 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-26 00:17:13 -------- d-----w- C:\Users\Chumpy\AppData\Roaming\AVG2012
2012-06-26 00:15:47 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-06-26 00:15:14 -------- d--h--w- C:\$AVG
2012-06-26 00:15:14 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-06-26 00:15:14 -------- d-----w- C:\ProgramData\AVG2012
2012-06-26 00:13:24 -------- d-----w- C:\Program Files (x86)\AVG
2012-06-25 17:30:51 -------- d-----w- C:\Windows\Panther
2012-06-25 17:30:36 -------- d-sh--w- C:\Boot
2012-06-25 04:53:06 -------- d--h--w- C:\ProgramData\Common Files
2012-06-25 04:51:38 -------- d-----w- C:\ProgramData\MFAData
2012-06-25 04:39:50 -------- d-----w- C:\Users\Chumpy\AppData\Local\ElevatedDiagnostics
2012-06-25 04:36:33 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-06-25 04:36:33 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-06-25 04:36:33 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-06-25 04:36:33 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-06-25 04:36:33 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-06-25 04:36:33 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-06-25 04:33:59 -------- d-----w- C:\NVIDIA
2012-06-25 04:26:37 -------- d--h--w- C:\ProgramData\ProgramData
2012-06-25 04:15:57 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-06-25 04:14:43 77824 ----a-w- C:\Windows\System32\drivers\nusb3hub.sys
2012-06-25 04:14:43 180224 ----a-w- C:\Windows\System32\drivers\nusb3xhc.sys
2012-06-25 04:13:04 -------- d-----w- C:\Program Files (x86)\MagicDisc
2012-06-25 02:23:33 -------- d-----w- C:\Windows\System32\SPReview
2012-06-25 02:23:10 -------- d-----w- C:\Windows\System32\EventProviders
2012-06-25 02:18:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 02:18:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-25 02:07:59 90112 ----a-w- C:\Windows\SysWow64\srvcli.dll
2012-06-25 02:06:18 53760 ----a-w- C:\Windows\System32\vmicres.dll
2012-06-25 02:05:59 611840 ----a-w- C:\Windows\System32\wpd_ci.dll
2012-06-25 01:42:39 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-06-25 01:23:04 -------- d-sh--w- C:\Windows\Installer
2012-06-25 01:20:03 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-25 01:19:33 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-25 01:19:15 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-25 01:19:15 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-25 00:20:54 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-25 00:20:54 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-25 00:20:54 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-25 00:20:54 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-25 00:20:54 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-25 00:20:54 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-25 00:20:54 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-25 00:16:51 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2012-06-25 00:15:55 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-06-25 00:14:57 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-06-25 00:13:59 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-06-25 00:12:59 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-06-25 00:01:28 77312 ----a-w- C:\Windows\System32\packager.dll
2012-06-25 00:01:28 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-06-24 23:50:50 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-06-24 23:50:47 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-06-24 23:50:47 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-06-24 23:49:09 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-06-24 23:49:09 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-06-24 23:49:09 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2012-06-24 23:49:09 162816 ----a-w- C:\Windows\System32\rdpudd.dll
2012-06-24 23:49:09 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-06-24 23:44:29 -------- d-----w- C:\Users\Chumpy\AppData\Local\VirtualStore
2012-06-24 23:41:15 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2012-06-25 06:20:37 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-06-25 06:20:37 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-05-15 10:48:00 949056 ----a-w- C:\Windows\System32\nvumdshimx.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-18 18:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 11:05:30.47 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 PM

Posted 27 June 2012 - 01:05 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 27 June 2012 - 02:24 AM

Hi Gringo. Thanks for the quick reply.

Computer seems ok after the Security Check and Combofix scans (so far anyway):)

No problems running the scans.

Logs below.

----------------------------------------------------------------

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.1
Java™ 7 Update 5
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````



-------------------------------------------------------------------------------------------------


ComboFix 12-06-26.02 - Chumpy 27/06/2012 16:56:40.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4094.3017 [GMT 10:00]
Running from: c:\users\Chumpy\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{534463a3-fe66-4a54-0103-9e9fbf872149}\@
c:\windows\Installer\{534463a3-fe66-4a54-0103-9e9fbf872149}\L\00000004.@
c:\windows\Installer\{534463a3-fe66-4a54-0103-9e9fbf872149}\L\201d3dde
c:\windows\Installer\{534463a3-fe66-4a54-0103-9e9fbf872149}\L\55490ac4
c:\windows\Installer\{534463a3-fe66-4a54-0103-9e9fbf872149}\U\00000004.@
c:\windows\Installer\{534463a3-fe66-4a54-0103-9e9fbf872149}\U\00000008.@
c:\windows\Installer\{534463a3-fe66-4a54-0103-9e9fbf872149}\U\000000cb.@
c:\windows\Installer\{534463a3-fe66-4a54-0103-9e9fbf872149}\U\80000000.@
c:\windows\Installer\{534463a3-fe66-4a54-0103-9e9fbf872149}\U\80000032.@
c:\windows\Installer\{534463a3-fe66-4a54-0103-9e9fbf872149}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy2_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 07:01 . 2012-06-27 07:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 00:53 . 2012-06-27 00:53 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-26 07:31 . 2012-06-26 07:36 -------- d-----w- c:\windows\system32\appmgmt
2012-06-26 07:07 . 2012-06-26 07:07 -------- d-----w- c:\programdata\DVD Shrink
2012-06-26 07:05 . 2012-06-26 07:05 -------- d-----w- c:\program files\Bonjour
2012-06-26 07:05 . 2012-06-26 07:05 -------- d-----w- c:\program files (x86)\Bonjour
2012-06-26 07:04 . 2012-06-26 07:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-26 07:03 . 2012-06-26 07:03 -------- d-----w- c:\program files (x86)\Oracle
2012-06-26 07:01 . 2012-05-04 09:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-26 07:01 . 2012-05-04 09:29 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-26 07:01 . 2012-06-26 07:01 -------- d-----w- c:\program files (x86)\Java
2012-06-26 06:59 . 2009-05-18 03:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-26 06:57 . 2012-06-26 06:58 -------- d-----w- c:\program files (x86)\QuickTime
2012-06-26 06:57 . 2012-06-26 06:57 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-06-26 06:57 . 2012-06-26 06:57 -------- d-----w- c:\program files\Common Files\Apple
2012-06-26 06:56 . 2012-06-26 06:59 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-06-26 06:56 . 2012-06-26 06:56 -------- d-----w- c:\programdata\Apple
2012-06-26 04:41 . 2012-06-26 07:31 -------- dc----w- c:\windows\system32\DRVSTORE
2012-06-26 04:29 . 2012-06-26 04:47 -------- d-----w- c:\programdata\Nero
2012-06-26 04:16 . 2010-05-26 01:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-06-26 04:16 . 2010-05-26 01:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-06-26 04:16 . 2010-05-26 01:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-06-26 04:16 . 2010-05-26 01:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-06-26 04:16 . 2010-05-26 01:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2012-06-26 04:15 . 2009-09-04 07:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-06-26 04:14 . 2009-09-04 07:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-06-26 04:12 . 2008-10-14 20:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-06-26 04:11 . 2007-07-19 08:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2012-06-26 04:10 . 2007-05-16 06:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2012-06-26 03:45 . 2012-06-26 03:45 -------- d-----w- c:\programdata\Malwarebytes
2012-06-26 03:45 . 2012-06-26 03:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-26 03:45 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 03:40 . 2012-06-26 03:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-26 03:40 . 2012-06-26 03:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-26 03:15 . 2012-06-26 03:15 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-06-26 03:06 . 2012-06-26 03:09 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-26 03:05 . 2012-06-26 03:05 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-06-26 03:03 . 2012-06-26 03:03 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-06-26 03:00 . 2012-06-26 03:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-26 02:09 . 2012-06-26 02:09 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-26 01:15 . 2012-06-26 01:15 -------- d-----w- c:\programdata\SlySoft
2012-06-26 00:30 . 2012-06-26 00:30 -------- d-----w- c:\program files (x86)\SlySoft
2012-06-26 00:20 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-26 00:20 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-26 00:15 . 2012-06-26 01:06 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-26 00:15 . 2012-06-27 00:58 -------- d-----w- c:\programdata\AVG2012
2012-06-26 00:15 . 2012-06-27 00:38 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-26 00:15 . 2012-06-26 00:15 -------- d-----w- C:\$AVG
2012-06-26 00:13 . 2012-06-26 00:13 -------- d-----w- c:\program files (x86)\AVG
2012-06-25 17:30 . 2012-06-24 23:42 -------- d-----w- c:\windows\Panther
2012-06-25 17:30 . 2012-06-25 06:29 -------- d-----w- C:\Boot
2012-06-25 04:53 . 2012-06-25 04:53 -------- d--h--w- c:\programdata\Common Files
2012-06-25 04:51 . 2012-06-27 06:31 -------- d-----w- c:\programdata\MFAData
2012-06-25 04:37 . 2012-06-26 07:44 -------- d-----w- c:\users\UpdatusUser
2012-06-25 04:36 . 2012-06-25 04:37 -------- d-----w- c:\programdata\NVIDIA
2012-06-25 04:36 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-25 04:36 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-06-25 04:36 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-25 04:36 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-06-25 04:36 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-25 04:36 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-25 04:33 . 2012-06-25 04:33 -------- d-----w- C:\NVIDIA
2012-06-25 04:26 . 2012-06-25 04:34 -------- d--h--w- c:\programdata\ProgramData
2012-06-25 04:15 . 2012-06-26 00:40 -------- d-----w- c:\program files (x86)\uTorrent
2012-06-25 04:14 . 2010-01-22 01:22 180224 ----a-w- c:\windows\system32\drivers\nusb3xhc.sys
2012-06-25 04:14 . 2010-01-22 01:22 77824 ----a-w- c:\windows\system32\drivers\nusb3hub.sys
2012-06-25 04:13 . 2012-06-25 04:13 -------- d-----w- c:\program files (x86)\MagicDisc
2012-06-25 02:23 . 2012-06-25 02:23 -------- d-----w- c:\windows\system32\SPReview
2012-06-25 02:23 . 2012-06-25 02:23 -------- d-----w- c:\windows\system32\EventProviders
2012-06-25 02:18 . 2012-06-26 06:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 02:18 . 2012-06-26 06:09 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-25 02:18 . 2012-06-25 02:18 -------- d-----w- c:\windows\SysWow64\Macromed
2012-06-25 02:18 . 2012-06-25 02:18 -------- d-----w- c:\windows\system32\Macromed
2012-06-25 02:07 . 2010-11-20 12:23 144768 ----a-w- c:\windows\SysWow64\basecsp.dll
2012-06-25 02:06 . 2010-11-20 13:09 53760 ----a-w- c:\windows\system32\vmicres.dll
2012-06-25 02:05 . 2010-11-20 13:27 611840 ----a-w- c:\windows\system32\wpd_ci.dll
2012-06-25 01:42 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-06-25 01:23 . 2012-06-25 01:23 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-25 01:23 . 2012-06-26 07:39 -------- d-sh--w- c:\windows\Installer
2012-06-25 01:20 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 01:20 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 01:20 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 01:20 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 01:19 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 01:19 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 01:19 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 01:19 . 2012-06-02 05:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 01:19 . 2012-06-02 05:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 00:20 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-25 00:20 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-25 00:20 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-25 00:20 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-25 00:20 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-25 00:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-25 00:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-25 00:16 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-06-25 00:15 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-06-25 00:14 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-06-25 00:13 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-06-25 00:12 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-06-25 00:01 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-25 00:01 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-24 23:50 . 2012-06-24 23:50 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-06-24 23:50 . 2012-06-25 04:37 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-06-24 23:50 . 2012-06-25 04:37 -------- d-----w- c:\program files\NVIDIA Corporation
2012-06-24 23:49 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-24 23:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-06-24 23:49 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-24 23:49 . 2010-11-20 11:07 162816 ----a-w- c:\windows\system32\rdpudd.dll
2012-06-24 23:49 . 2010-11-20 11:03 20992 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-06-24 23:42 . 2012-06-26 07:41 -------- d-----w- c:\users\Chumpy
2012-06-24 23:41 . 2012-06-24 23:41 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 06:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-25 06:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-15 10:48 . 2012-02-09 12:43 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-02-09 12:43 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-09 12:43 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-02-09 12:43 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-02-09 12:43 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-04-18 18:50 . 2012-04-18 18:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-04-09 3378112]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-26 1021840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="e:\itunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 257224]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-21 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-18 383808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-22 2321520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-29 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-09 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 06:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Chumpy\AppData\Roaming\Mozilla\Firefox\Profiles\6k4k2z3y.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-27 17:08:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 07:08
.
Pre-Run: 84,041,859,072 bytes free
Post-Run: 87,466,835,968 bytes free
.
- - End Of File - - 1078E57A25990D505DCA778E17D262CE

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 PM

Posted 27 June 2012 - 02:47 AM

Greetings Big Chumpy

lets run these and make sure nothing comes up

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 27 June 2012 - 03:11 AM

Have had computer on for over an hour now without incident. YAY!! :clapping:

No troubles running either scan.

Logs below.

----------------------------------------------------------------------

17:52:01.0893 0444 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
17:52:03.0905 0444 ============================================================
17:52:03.0905 0444 Current date / time: 2012/06/27 17:52:03.0905
17:52:03.0905 0444 SystemInfo:
17:52:03.0905 0444
17:52:03.0905 0444 OS Version: 6.1.7601 ServicePack: 1.0
17:52:03.0905 0444 Product type: Workstation
17:52:03.0905 0444 ComputerName: A-LA-PUTA
17:52:03.0905 0444 UserName: Chumpy
17:52:03.0905 0444 Windows directory: C:\Windows
17:52:03.0905 0444 System windows directory: C:\Windows
17:52:03.0905 0444 Running under WOW64
17:52:03.0905 0444 Processor architecture: Intel x64
17:52:03.0905 0444 Number of processors: 8
17:52:03.0905 0444 Page size: 0x1000
17:52:03.0905 0444 Boot type: Normal boot
17:52:03.0905 0444 ============================================================
17:52:05.0028 0444 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:52:05.0044 0444 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:52:05.0059 0444 ============================================================
17:52:05.0059 0444 \Device\Harddisk0\DR0:
17:52:05.0059 0444 MBR partitions:
17:52:05.0059 0444 \Device\Harddisk1\DR1:
17:52:05.0059 0444 MBR partitions:
17:52:05.0059 0444 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
17:52:05.0059 0444 ============================================================
17:52:05.0075 0444 C: <-> \Device\Harddisk1\DR1\Partition0
17:52:05.0075 0444 ============================================================
17:52:05.0075 0444 Initialize success
17:52:05.0075 0444 ============================================================
17:52:19.0630 3220 ============================================================
17:52:19.0630 3220 Scan started
17:52:19.0645 3220 Mode: Manual;
17:52:19.0645 3220 ============================================================
17:52:20.0254 3220 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:52:20.0254 3220 !SASCORE - ok
17:52:20.0394 3220 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:52:20.0394 3220 1394ohci - ok
17:52:20.0457 3220 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:52:20.0457 3220 ACPI - ok
17:52:20.0503 3220 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:52:20.0503 3220 AcpiPmi - ok
17:52:20.0613 3220 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:52:20.0613 3220 AdobeFlashPlayerUpdateSvc - ok
17:52:20.0691 3220 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:52:20.0706 3220 adp94xx - ok
17:52:20.0737 3220 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:52:20.0753 3220 adpahci - ok
17:52:20.0769 3220 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:52:20.0784 3220 adpu320 - ok
17:52:20.0800 3220 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:52:20.0800 3220 AeLookupSvc - ok
17:52:20.0847 3220 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:52:20.0862 3220 AFD - ok
17:52:20.0909 3220 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:52:20.0909 3220 agp440 - ok
17:52:20.0940 3220 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:52:20.0940 3220 ALG - ok
17:52:20.0987 3220 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:52:20.0987 3220 aliide - ok
17:52:21.0003 3220 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:52:21.0003 3220 amdide - ok
17:52:21.0034 3220 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:52:21.0034 3220 AmdK8 - ok
17:52:21.0049 3220 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:52:21.0049 3220 AmdPPM - ok
17:52:21.0081 3220 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:52:21.0081 3220 amdsata - ok
17:52:21.0127 3220 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:52:21.0127 3220 amdsbs - ok
17:52:21.0143 3220 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:52:21.0159 3220 amdxata - ok
17:52:21.0205 3220 AnyDVD (454b3cb335089b674917247ca67d5bb0) C:\Windows\system32\Drivers\AnyDVD.sys
17:52:21.0221 3220 AnyDVD - ok
17:52:21.0283 3220 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:52:21.0283 3220 AppID - ok
17:52:21.0330 3220 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:52:21.0330 3220 AppIDSvc - ok
17:52:21.0377 3220 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:52:21.0377 3220 Appinfo - ok
17:52:21.0533 3220 Apple Mobile Device - ok
17:52:21.0627 3220 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:52:21.0642 3220 AppMgmt - ok
17:52:21.0689 3220 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:52:21.0689 3220 arc - ok
17:52:21.0705 3220 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:52:21.0720 3220 arcsas - ok
17:52:21.0736 3220 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:52:21.0736 3220 AsyncMac - ok
17:52:21.0767 3220 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:52:21.0767 3220 atapi - ok
17:52:21.0845 3220 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:52:21.0845 3220 AudioEndpointBuilder - ok
17:52:21.0861 3220 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:52:21.0861 3220 AudioSrv - ok
17:52:21.0939 3220 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
17:52:21.0939 3220 Avgfwfd - ok
17:52:22.0079 3220 avgfws (3f246752bc1309f71a737c6a90dd5295) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
17:52:22.0095 3220 avgfws - ok
17:52:22.0391 3220 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
17:52:22.0422 3220 AVGIDSAgent - ok
17:52:22.0578 3220 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:52:22.0578 3220 AVGIDSDriver - ok
17:52:22.0594 3220 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
17:52:22.0594 3220 AVGIDSFilter - ok
17:52:22.0625 3220 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
17:52:22.0625 3220 AVGIDSHA - ok
17:52:22.0672 3220 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
17:52:22.0672 3220 Avgldx64 - ok
17:52:22.0703 3220 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
17:52:22.0703 3220 Avgmfx64 - ok
17:52:22.0734 3220 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
17:52:22.0734 3220 Avgrkx64 - ok
17:52:22.0781 3220 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
17:52:22.0781 3220 Avgtdia - ok
17:52:22.0890 3220 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:52:22.0890 3220 avgwd - ok
17:52:22.0953 3220 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:52:22.0953 3220 AxInstSV - ok
17:52:23.0015 3220 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:52:23.0031 3220 b06bdrv - ok
17:52:23.0062 3220 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:52:23.0077 3220 b57nd60a - ok
17:52:23.0124 3220 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:52:23.0124 3220 BDESVC - ok
17:52:23.0155 3220 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:52:23.0155 3220 Beep - ok
17:52:23.0265 3220 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:52:23.0265 3220 BFE - ok
17:52:23.0343 3220 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:52:23.0358 3220 BITS - ok
17:52:23.0436 3220 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:52:23.0436 3220 blbdrive - ok
17:52:23.0577 3220 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:52:23.0577 3220 Bonjour Service - ok
17:52:23.0623 3220 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:52:23.0623 3220 bowser - ok
17:52:23.0655 3220 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:52:23.0655 3220 BrFiltLo - ok
17:52:23.0655 3220 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:52:23.0655 3220 BrFiltUp - ok
17:52:23.0717 3220 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:52:23.0717 3220 BridgeMP - ok
17:52:23.0795 3220 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:52:23.0795 3220 Browser - ok
17:52:23.0826 3220 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:52:23.0826 3220 Brserid - ok
17:52:23.0857 3220 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:52:23.0857 3220 BrSerWdm - ok
17:52:23.0857 3220 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:52:23.0857 3220 BrUsbMdm - ok
17:52:23.0857 3220 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:52:23.0873 3220 BrUsbSer - ok
17:52:23.0904 3220 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:52:23.0904 3220 BTHMODEM - ok
17:52:23.0951 3220 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:52:23.0951 3220 bthserv - ok
17:52:23.0982 3220 catchme - ok
17:52:24.0029 3220 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:52:24.0029 3220 cdfs - ok
17:52:24.0091 3220 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:52:24.0091 3220 cdrom - ok
17:52:24.0138 3220 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:52:24.0138 3220 CertPropSvc - ok
17:52:24.0185 3220 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:52:24.0185 3220 circlass - ok
17:52:24.0263 3220 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:52:24.0263 3220 CLFS - ok
17:52:24.0357 3220 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:52:24.0357 3220 clr_optimization_v2.0.50727_32 - ok
17:52:24.0435 3220 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:52:24.0435 3220 clr_optimization_v2.0.50727_64 - ok
17:52:24.0528 3220 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:52:24.0528 3220 clr_optimization_v4.0.30319_32 - ok
17:52:24.0559 3220 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:52:24.0559 3220 clr_optimization_v4.0.30319_64 - ok
17:52:24.0591 3220 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:52:24.0591 3220 CmBatt - ok
17:52:24.0622 3220 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:52:24.0622 3220 cmdide - ok
17:52:24.0684 3220 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:52:24.0684 3220 CNG - ok
17:52:24.0715 3220 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:52:24.0715 3220 Compbatt - ok
17:52:24.0762 3220 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:52:24.0762 3220 CompositeBus - ok
17:52:24.0778 3220 COMSysApp - ok
17:52:24.0840 3220 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:52:24.0840 3220 crcdisk - ok
17:52:24.0887 3220 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
17:52:24.0903 3220 CryptSvc - ok
17:52:24.0965 3220 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:52:24.0965 3220 CSC - ok
17:52:25.0137 3220 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:52:25.0137 3220 CscService - ok
17:52:25.0215 3220 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:52:25.0215 3220 DcomLaunch - ok
17:52:25.0261 3220 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:52:25.0277 3220 defragsvc - ok
17:52:25.0355 3220 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:52:25.0355 3220 DfsC - ok
17:52:25.0417 3220 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:52:25.0417 3220 Dhcp - ok
17:52:25.0464 3220 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:52:25.0464 3220 discache - ok
17:52:25.0495 3220 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:52:25.0495 3220 Disk - ok
17:52:25.0527 3220 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:52:25.0527 3220 Dnscache - ok
17:52:25.0558 3220 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:52:25.0573 3220 dot3svc - ok
17:52:25.0620 3220 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:52:25.0620 3220 DPS - ok
17:52:25.0667 3220 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:52:25.0667 3220 drmkaud - ok
17:52:25.0729 3220 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:52:25.0729 3220 DXGKrnl - ok
17:52:25.0776 3220 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:52:25.0776 3220 EapHost - ok
17:52:25.0917 3220 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:52:26.0026 3220 ebdrv - ok
17:52:26.0197 3220 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:52:26.0197 3220 EFS - ok
17:52:26.0291 3220 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:52:26.0307 3220 ehRecvr - ok
17:52:26.0369 3220 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:52:26.0369 3220 ehSched - ok
17:52:26.0416 3220 ElbyCDIO (a14d6e3ef78f6d6ac42f98d633f2400a) C:\Windows\system32\Drivers\ElbyCDIO.sys
17:52:26.0416 3220 ElbyCDIO - ok
17:52:26.0494 3220 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:52:26.0494 3220 elxstor - ok
17:52:26.0556 3220 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:52:26.0556 3220 ErrDev - ok
17:52:26.0603 3220 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:52:26.0603 3220 EventSystem - ok
17:52:26.0790 3220 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:52:26.0790 3220 exfat - ok
17:52:26.0837 3220 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:52:26.0837 3220 fastfat - ok
17:52:26.0915 3220 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:52:26.0931 3220 Fax - ok
17:52:26.0946 3220 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:52:26.0946 3220 fdc - ok
17:52:26.0993 3220 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:52:26.0993 3220 fdPHost - ok
17:52:27.0009 3220 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:52:27.0009 3220 FDResPub - ok
17:52:27.0055 3220 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:52:27.0055 3220 FileInfo - ok
17:52:27.0055 3220 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:52:27.0055 3220 Filetrace - ok
17:52:27.0087 3220 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:52:27.0087 3220 flpydisk - ok
17:52:27.0118 3220 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:52:27.0118 3220 FltMgr - ok
17:52:27.0196 3220 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:52:27.0227 3220 FontCache - ok
17:52:27.0305 3220 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:52:27.0305 3220 FontCache3.0.0.0 - ok
17:52:27.0367 3220 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:52:27.0367 3220 FsDepends - ok
17:52:27.0414 3220 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:52:27.0414 3220 Fs_Rec - ok
17:52:27.0461 3220 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:52:27.0461 3220 fvevol - ok
17:52:27.0492 3220 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:52:27.0492 3220 gagp30kx - ok
17:52:27.0555 3220 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:52:27.0555 3220 GEARAspiWDM - ok
17:52:27.0617 3220 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:52:27.0617 3220 gpsvc - ok
17:52:27.0648 3220 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:52:27.0648 3220 hcw85cir - ok
17:52:27.0711 3220 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:52:27.0726 3220 HdAudAddService - ok
17:52:27.0773 3220 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:52:27.0773 3220 HDAudBus - ok
17:52:27.0804 3220 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:52:27.0804 3220 HidBatt - ok
17:52:27.0820 3220 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:52:27.0820 3220 HidBth - ok
17:52:27.0835 3220 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:52:27.0835 3220 HidIr - ok
17:52:27.0867 3220 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:52:27.0867 3220 hidserv - ok
17:52:27.0913 3220 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
17:52:27.0913 3220 HidUsb - ok
17:52:27.0960 3220 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:52:27.0960 3220 hkmsvc - ok
17:52:28.0023 3220 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:52:28.0023 3220 HomeGroupListener - ok
17:52:28.0038 3220 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:52:28.0038 3220 HomeGroupProvider - ok
17:52:28.0085 3220 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:52:28.0085 3220 HpSAMD - ok
17:52:28.0147 3220 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:52:28.0163 3220 HTTP - ok
17:52:28.0194 3220 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:52:28.0194 3220 hwpolicy - ok
17:52:28.0225 3220 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:52:28.0225 3220 i8042prt - ok
17:52:28.0288 3220 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:52:28.0288 3220 iaStorV - ok
17:52:28.0428 3220 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:52:28.0444 3220 idsvc - ok
17:52:28.0475 3220 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:52:28.0475 3220 iirsp - ok
17:52:28.0553 3220 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:52:28.0569 3220 IKEEXT - ok
17:52:28.0615 3220 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:52:28.0615 3220 intelide - ok
17:52:28.0631 3220 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:52:28.0631 3220 intelppm - ok
17:52:28.0678 3220 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:52:28.0678 3220 IPBusEnum - ok
17:52:28.0709 3220 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:52:28.0709 3220 IpFilterDriver - ok
17:52:28.0787 3220 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:52:28.0803 3220 iphlpsvc - ok
17:52:28.0849 3220 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:52:28.0849 3220 IPMIDRV - ok
17:52:28.0896 3220 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:52:28.0896 3220 IPNAT - ok
17:52:29.0021 3220 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe
17:52:29.0021 3220 iPod Service - ok
17:52:29.0037 3220 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:52:29.0037 3220 IRENUM - ok
17:52:29.0115 3220 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:52:29.0115 3220 isapnp - ok
17:52:29.0161 3220 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:52:29.0177 3220 iScsiPrt - ok
17:52:29.0208 3220 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:52:29.0208 3220 kbdclass - ok
17:52:29.0255 3220 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:52:29.0255 3220 kbdhid - ok
17:52:29.0302 3220 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:52:29.0302 3220 KeyIso - ok
17:52:29.0317 3220 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:52:29.0317 3220 KSecDD - ok
17:52:29.0333 3220 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:52:29.0349 3220 KSecPkg - ok
17:52:29.0380 3220 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:52:29.0380 3220 ksthunk - ok
17:52:29.0442 3220 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:52:29.0442 3220 KtmRm - ok
17:52:29.0505 3220 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:52:29.0520 3220 LanmanServer - ok
17:52:29.0567 3220 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:52:29.0567 3220 LanmanWorkstation - ok
17:52:29.0614 3220 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:52:29.0614 3220 lltdio - ok
17:52:29.0645 3220 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:52:29.0661 3220 lltdsvc - ok
17:52:29.0692 3220 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:52:29.0692 3220 lmhosts - ok
17:52:29.0754 3220 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:52:29.0754 3220 LSI_FC - ok
17:52:29.0770 3220 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:52:29.0785 3220 LSI_SAS - ok
17:52:29.0801 3220 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:52:29.0801 3220 LSI_SAS2 - ok
17:52:29.0801 3220 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:52:29.0817 3220 LSI_SCSI - ok
17:52:29.0817 3220 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:52:29.0817 3220 luafv - ok
17:52:29.0863 3220 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:52:29.0863 3220 Mcx2Svc - ok
17:52:29.0863 3220 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:52:29.0863 3220 megasas - ok
17:52:29.0879 3220 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:52:29.0895 3220 MegaSR - ok
17:52:29.0910 3220 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:52:29.0926 3220 MMCSS - ok
17:52:29.0926 3220 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:52:29.0941 3220 Modem - ok
17:52:29.0988 3220 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:52:29.0988 3220 monitor - ok
17:52:30.0019 3220 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:52:30.0019 3220 mouclass - ok
17:52:30.0051 3220 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:52:30.0051 3220 mouhid - ok
17:52:30.0113 3220 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:52:30.0113 3220 mountmgr - ok
17:52:30.0238 3220 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:52:30.0238 3220 MozillaMaintenance - ok
17:52:30.0269 3220 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:52:30.0269 3220 mpio - ok
17:52:30.0300 3220 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:52:30.0300 3220 mpsdrv - ok
17:52:30.0394 3220 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:52:30.0409 3220 MpsSvc - ok
17:52:30.0456 3220 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:52:30.0456 3220 MRxDAV - ok
17:52:30.0487 3220 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:52:30.0487 3220 mrxsmb - ok
17:52:30.0503 3220 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:52:30.0503 3220 mrxsmb10 - ok
17:52:30.0519 3220 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:52:30.0519 3220 mrxsmb20 - ok
17:52:30.0565 3220 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:52:30.0565 3220 msahci - ok
17:52:30.0612 3220 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:52:30.0612 3220 msdsm - ok
17:52:30.0659 3220 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:52:30.0659 3220 MSDTC - ok
17:52:30.0721 3220 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:52:30.0721 3220 Msfs - ok
17:52:30.0753 3220 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:52:30.0768 3220 mshidkmdf - ok
17:52:30.0799 3220 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:52:30.0799 3220 msisadrv - ok
17:52:30.0831 3220 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:52:30.0831 3220 MSiSCSI - ok
17:52:30.0846 3220 msiserver - ok
17:52:30.0877 3220 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:52:30.0877 3220 MSKSSRV - ok
17:52:30.0877 3220 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:52:30.0877 3220 MSPCLOCK - ok
17:52:30.0877 3220 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:52:30.0877 3220 MSPQM - ok
17:52:30.0955 3220 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:52:30.0955 3220 MsRPC - ok
17:52:30.0971 3220 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:52:30.0971 3220 mssmbios - ok
17:52:31.0002 3220 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:52:31.0002 3220 MSTEE - ok
17:52:31.0018 3220 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:52:31.0018 3220 MTConfig - ok
17:52:31.0080 3220 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
17:52:31.0080 3220 MTsensor - ok
17:52:31.0096 3220 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:52:31.0096 3220 Mup - ok
17:52:31.0236 3220 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:52:31.0236 3220 napagent - ok
17:52:31.0283 3220 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:52:31.0299 3220 NativeWifiP - ok
17:52:31.0377 3220 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:52:31.0377 3220 NDIS - ok
17:52:31.0423 3220 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:52:31.0439 3220 NdisCap - ok
17:52:31.0470 3220 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:52:31.0470 3220 NdisTapi - ok
17:52:31.0486 3220 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:52:31.0486 3220 Ndisuio - ok
17:52:31.0533 3220 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:52:31.0533 3220 NdisWan - ok
17:52:31.0564 3220 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:52:31.0564 3220 NDProxy - ok
17:52:31.0579 3220 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:52:31.0579 3220 NetBIOS - ok
17:52:31.0626 3220 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:52:31.0626 3220 NetBT - ok
17:52:31.0673 3220 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:52:31.0673 3220 Netlogon - ok
17:52:31.0704 3220 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:52:31.0720 3220 Netman - ok
17:52:31.0735 3220 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:52:31.0751 3220 netprofm - ok
17:52:31.0876 3220 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:52:31.0876 3220 NetTcpPortSharing - ok
17:52:31.0923 3220 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:52:31.0923 3220 nfrd960 - ok
17:52:31.0985 3220 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:52:31.0985 3220 NlaSvc - ok
17:52:32.0001 3220 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:52:32.0001 3220 Npfs - ok
17:52:32.0032 3220 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:52:32.0032 3220 nsi - ok
17:52:32.0032 3220 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:52:32.0047 3220 nsiproxy - ok
17:52:32.0125 3220 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:52:32.0141 3220 Ntfs - ok
17:52:32.0281 3220 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:52:32.0281 3220 Null - ok
17:52:32.0328 3220 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
17:52:32.0328 3220 nusb3hub - ok
17:52:32.0359 3220 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:52:32.0375 3220 nusb3xhc - ok
17:52:32.0437 3220 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
17:52:32.0437 3220 NVHDA - ok
17:52:32.0937 3220 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:52:32.0983 3220 nvlddmkm - ok
17:52:33.0139 3220 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:52:33.0139 3220 nvraid - ok
17:52:33.0155 3220 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:52:33.0171 3220 nvstor - ok
17:52:33.0249 3220 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
17:52:33.0249 3220 nvsvc - ok
17:52:33.0405 3220 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:52:33.0405 3220 nvUpdatusService - ok
17:52:33.0561 3220 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:52:33.0576 3220 nv_agp - ok
17:52:33.0607 3220 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:52:33.0623 3220 ohci1394 - ok
17:52:33.0670 3220 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:52:33.0685 3220 p2pimsvc - ok
17:52:33.0717 3220 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:52:33.0732 3220 p2psvc - ok
17:52:33.0763 3220 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:52:33.0779 3220 Parport - ok
17:52:33.0810 3220 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:52:33.0810 3220 partmgr - ok
17:52:33.0841 3220 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:52:33.0857 3220 PcaSvc - ok
17:52:33.0888 3220 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:52:33.0888 3220 pci - ok
17:52:33.0904 3220 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:52:33.0904 3220 pciide - ok
17:52:33.0935 3220 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:52:33.0935 3220 pcmcia - ok
17:52:33.0951 3220 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:52:33.0951 3220 pcw - ok
17:52:33.0982 3220 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:52:33.0997 3220 PEAUTH - ok
17:52:34.0091 3220 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:52:34.0107 3220 PeerDistSvc - ok
17:52:34.0231 3220 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:52:34.0231 3220 PerfHost - ok
17:52:34.0403 3220 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:52:34.0434 3220 pla - ok
17:52:34.0497 3220 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:52:34.0497 3220 PlugPlay - ok
17:52:34.0528 3220 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:52:34.0528 3220 PNRPAutoReg - ok
17:52:34.0559 3220 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:52:34.0559 3220 PNRPsvc - ok
17:52:34.0606 3220 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:52:34.0621 3220 PolicyAgent - ok
17:52:34.0684 3220 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:52:34.0684 3220 Power - ok
17:52:34.0762 3220 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:52:34.0762 3220 PptpMiniport - ok
17:52:34.0809 3220 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:52:34.0809 3220 Processor - ok
17:52:34.0840 3220 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
17:52:34.0840 3220 ProfSvc - ok
17:52:34.0887 3220 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:52:34.0887 3220 ProtectedStorage - ok
17:52:34.0949 3220 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:52:34.0949 3220 Psched - ok
17:52:35.0058 3220 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:52:35.0121 3220 ql2300 - ok
17:52:35.0277 3220 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:52:35.0277 3220 ql40xx - ok
17:52:35.0308 3220 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:52:35.0323 3220 QWAVE - ok
17:52:35.0339 3220 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:52:35.0339 3220 QWAVEdrv - ok
17:52:35.0355 3220 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:52:35.0355 3220 RasAcd - ok
17:52:35.0417 3220 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:52:35.0417 3220 RasAgileVpn - ok
17:52:35.0448 3220 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:52:35.0464 3220 RasAuto - ok
17:52:35.0495 3220 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:52:35.0495 3220 Rasl2tp - ok
17:52:35.0542 3220 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:52:35.0542 3220 RasMan - ok
17:52:35.0573 3220 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:52:35.0573 3220 RasPppoe - ok
17:52:35.0589 3220 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:52:35.0604 3220 RasSstp - ok
17:52:35.0620 3220 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:52:35.0635 3220 rdbss - ok
17:52:35.0651 3220 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:52:35.0651 3220 rdpbus - ok
17:52:35.0682 3220 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:52:35.0682 3220 RDPCDD - ok
17:52:35.0729 3220 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:52:35.0729 3220 RDPDR - ok
17:52:35.0745 3220 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:52:35.0745 3220 RDPENCDD - ok
17:52:35.0760 3220 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:52:35.0760 3220 RDPREFMP - ok
17:52:35.0807 3220 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:52:35.0807 3220 RdpVideoMiniport - ok
17:52:35.0838 3220 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
17:52:35.0838 3220 RDPWD - ok
17:52:35.0885 3220 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:52:35.0885 3220 rdyboost - ok
17:52:35.0932 3220 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:52:35.0932 3220 RemoteAccess - ok
17:52:35.0963 3220 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:52:35.0979 3220 RemoteRegistry - ok
17:52:35.0994 3220 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:52:35.0994 3220 RpcEptMapper - ok
17:52:36.0010 3220 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:52:36.0010 3220 RpcLocator - ok
17:52:36.0057 3220 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:52:36.0072 3220 RpcSs - ok
17:52:36.0103 3220 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:52:36.0119 3220 rspndr - ok
17:52:36.0181 3220 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:52:36.0181 3220 RTL8167 - ok
17:52:36.0228 3220 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:52:36.0228 3220 s3cap - ok
17:52:36.0259 3220 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:52:36.0259 3220 SamSs - ok
17:52:36.0353 3220 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:52:36.0353 3220 SASDIFSV - ok
17:52:36.0369 3220 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:52:36.0369 3220 SASKUTIL - ok
17:52:36.0400 3220 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:52:36.0400 3220 sbp2port - ok
17:52:36.0431 3220 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:52:36.0431 3220 SCardSvr - ok
17:52:36.0462 3220 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:52:36.0462 3220 scfilter - ok
17:52:36.0540 3220 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:52:36.0556 3220 Schedule - ok
17:52:36.0571 3220 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:52:36.0571 3220 SCPolicySvc - ok
17:52:36.0603 3220 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:52:36.0618 3220 SDRSVC - ok
17:52:36.0696 3220 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:52:36.0696 3220 secdrv - ok
17:52:36.0712 3220 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:52:36.0712 3220 seclogon - ok
17:52:36.0774 3220 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:52:36.0774 3220 SENS - ok
17:52:36.0790 3220 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:52:36.0805 3220 SensrSvc - ok
17:52:36.0837 3220 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:52:36.0837 3220 Serenum - ok
17:52:37.0008 3220 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:52:37.0071 3220 Serial - ok
17:52:37.0227 3220 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:52:37.0227 3220 sermouse - ok
17:52:37.0273 3220 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:52:37.0273 3220 SessionEnv - ok
17:52:37.0305 3220 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:52:37.0305 3220 sffdisk - ok
17:52:37.0305 3220 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:52:37.0305 3220 sffp_mmc - ok
17:52:37.0320 3220 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:52:37.0320 3220 sffp_sd - ok
17:52:37.0351 3220 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:52:37.0367 3220 sfloppy - ok
17:52:37.0445 3220 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:52:37.0445 3220 SharedAccess - ok
17:52:37.0492 3220 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:52:37.0492 3220 ShellHWDetection - ok
17:52:37.0523 3220 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:52:37.0523 3220 SiSRaid2 - ok
17:52:37.0554 3220 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:52:37.0554 3220 SiSRaid4 - ok
17:52:37.0585 3220 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:52:37.0585 3220 Smb - ok
17:52:37.0632 3220 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:52:37.0632 3220 SNMPTRAP - ok
17:52:37.0648 3220 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:52:37.0648 3220 spldr - ok
17:52:37.0710 3220 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:52:37.0710 3220 Spooler - ok
17:52:37.0851 3220 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:52:37.0975 3220 sppsvc - ok
17:52:38.0085 3220 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:52:38.0085 3220 sppuinotify - ok
17:52:38.0163 3220 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:52:38.0163 3220 srv - ok
17:52:38.0194 3220 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:52:38.0194 3220 srv2 - ok
17:52:38.0225 3220 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:52:38.0225 3220 srvnet - ok
17:52:38.0272 3220 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:52:38.0287 3220 SSDPSRV - ok
17:52:38.0303 3220 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:52:38.0303 3220 SstpSvc - ok
17:52:38.0319 3220 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:52:38.0334 3220 stexstor - ok
17:52:38.0397 3220 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:52:38.0412 3220 stisvc - ok
17:52:38.0428 3220 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:52:38.0428 3220 storflt - ok
17:52:38.0443 3220 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:52:38.0443 3220 storvsc - ok
17:52:38.0490 3220 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:52:38.0490 3220 swenum - ok
17:52:38.0615 3220 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:52:38.0615 3220 SwitchBoard - ok
17:52:38.0662 3220 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:52:38.0677 3220 swprv - ok
17:52:38.0709 3220 Synth3dVsc - ok
17:52:38.0818 3220 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:52:38.0833 3220 SysMain - ok
17:52:38.0989 3220 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:52:38.0989 3220 TabletInputService - ok
17:52:39.0052 3220 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:52:39.0052 3220 TapiSrv - ok
17:52:39.0099 3220 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:52:39.0114 3220 TBS - ok
17:52:39.0223 3220 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:52:39.0255 3220 Tcpip - ok
17:52:39.0473 3220 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:52:39.0489 3220 TCPIP6 - ok
17:52:39.0629 3220 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:52:39.0629 3220 tcpipreg - ok
17:52:39.0660 3220 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:52:39.0660 3220 TDPIPE - ok
17:52:39.0691 3220 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:52:39.0691 3220 TDTCP - ok
17:52:39.0738 3220 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:52:39.0738 3220 tdx - ok
17:52:39.0785 3220 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:52:39.0785 3220 TermDD - ok
17:52:39.0832 3220 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:52:39.0847 3220 TermService - ok
17:52:39.0879 3220 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:52:39.0879 3220 Themes - ok
17:52:39.0925 3220 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:52:39.0925 3220 THREADORDER - ok
17:52:39.0941 3220 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:52:39.0941 3220 TrkWks - ok
17:52:40.0003 3220 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:52:40.0003 3220 TrustedInstaller - ok
17:52:40.0050 3220 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:52:40.0050 3220 tssecsrv - ok
17:52:40.0066 3220 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:52:40.0066 3220 TsUsbFlt - ok
17:52:40.0081 3220 tsusbhub - ok
17:52:40.0144 3220 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:52:40.0144 3220 tunnel - ok
17:52:40.0175 3220 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:52:40.0175 3220 uagp35 - ok
17:52:40.0222 3220 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:52:40.0237 3220 udfs - ok
17:52:40.0284 3220 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:52:40.0284 3220 UI0Detect - ok
17:52:40.0331 3220 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:52:40.0347 3220 uliagpkx - ok
17:52:40.0393 3220 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:52:40.0393 3220 umbus - ok
17:52:40.0440 3220 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:52:40.0440 3220 UmPass - ok
17:52:40.0471 3220 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:52:40.0487 3220 UmRdpService - ok
17:52:40.0534 3220 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:52:40.0549 3220 upnphost - ok
17:52:40.0581 3220 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:52:40.0596 3220 usbccgp - ok
17:52:40.0643 3220 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:52:40.0643 3220 usbcir - ok
17:52:40.0674 3220 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:52:40.0674 3220 usbehci - ok
17:52:40.0721 3220 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:52:40.0737 3220 usbhub - ok
17:52:40.0752 3220 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:52:40.0752 3220 usbohci - ok
17:52:40.0799 3220 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:52:40.0799 3220 usbprint - ok
17:52:40.0877 3220 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:52:40.0877 3220 usbscan - ok
17:52:40.0908 3220 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
17:52:40.0924 3220 USBSTOR - ok
17:52:40.0924 3220 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:52:40.0924 3220 usbuhci - ok
17:52:40.0955 3220 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:52:40.0971 3220 UxSms - ok
17:52:41.0002 3220 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:52:41.0002 3220 VaultSvc - ok
17:52:41.0017 3220 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:52:41.0017 3220 vdrvroot - ok
17:52:41.0080 3220 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:52:41.0095 3220 vds - ok
17:52:41.0142 3220 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:52:41.0142 3220 vga - ok
17:52:41.0173 3220 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:52:41.0173 3220 VgaSave - ok
17:52:41.0189 3220 VGPU - ok
17:52:41.0236 3220 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:52:41.0236 3220 vhdmp - ok
17:52:41.0298 3220 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:52:41.0298 3220 viaide - ok
17:52:41.0314 3220 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:52:41.0314 3220 vmbus - ok
17:52:41.0345 3220 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:52:41.0345 3220 VMBusHID - ok
17:52:41.0376 3220 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:52:41.0392 3220 volmgr - ok
17:52:41.0439 3220 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:52:41.0439 3220 volmgrx - ok
17:52:41.0485 3220 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:52:41.0501 3220 volsnap - ok
17:52:41.0548 3220 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:52:41.0548 3220 vsmraid - ok
17:52:41.0657 3220 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:52:41.0673 3220 VSS - ok
17:52:41.0829 3220 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:52:41.0829 3220 vwifibus - ok
17:52:41.0891 3220 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:52:41.0907 3220 W32Time - ok
17:52:41.0907 3220 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:52:41.0922 3220 WacomPen - ok
17:52:41.0969 3220 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:52:41.0969 3220 WANARP - ok
17:52:41.0969 3220 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:52:41.0985 3220 Wanarpv6 - ok
17:52:42.0078 3220 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:52:42.0094 3220 wbengine - ok
17:52:42.0250 3220 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:52:42.0265 3220 WbioSrvc - ok
17:52:42.0297 3220 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:52:42.0297 3220 wcncsvc - ok
17:52:42.0328 3220 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:52:42.0328 3220 WcsPlugInService - ok
17:52:42.0390 3220 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:52:42.0390 3220 Wd - ok
17:52:42.0421 3220 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:52:42.0421 3220 Wdf01000 - ok
17:52:42.0437 3220 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:52:42.0453 3220 WdiServiceHost - ok
17:52:42.0453 3220 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:52:42.0453 3220 WdiSystemHost - ok
17:52:42.0499 3220 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:52:42.0499 3220 WebClient - ok
17:52:42.0531 3220 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:52:42.0546 3220 Wecsvc - ok
17:52:42.0562 3220 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:52:42.0562 3220 wercplsupport - ok
17:52:42.0593 3220 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:52:42.0593 3220 WerSvc - ok
17:52:42.0655 3220 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:52:42.0655 3220 WfpLwf - ok
17:52:42.0687 3220 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:52:42.0687 3220 WIMMount - ok
17:52:42.0733 3220 WinDefend - ok
17:52:42.0733 3220 WinHttpAutoProxySvc - ok
17:52:42.0811 3220 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:52:42.0811 3220 Winmgmt - ok
17:52:42.0921 3220 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:52:42.0952 3220 WinRM - ok
17:52:43.0123 3220 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:52:43.0139 3220 Wlansvc - ok
17:52:43.0186 3220 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:52:43.0186 3220 WmiAcpi - ok
17:52:43.0264 3220 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:52:43.0264 3220 wmiApSrv - ok
17:52:43.0311 3220 WMPNetworkSvc - ok
17:52:43.0326 3220 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:52:43.0342 3220 WPCSvc - ok
17:52:43.0358 3220 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:52:43.0373 3220 WPDBusEnum - ok
17:52:43.0404 3220 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:52:43.0404 3220 ws2ifsl - ok
17:52:43.0467 3220 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:52:43.0467 3220 wscsvc - ok
17:52:43.0467 3220 WSearch - ok
17:52:43.0607 3220 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:52:43.0638 3220 wuauserv - ok
17:52:43.0779 3220 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:52:43.0794 3220 WudfPf - ok
17:52:43.0810 3220 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:52:43.0810 3220 wudfsvc - ok
17:52:43.0841 3220 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:52:43.0857 3220 WwanSvc - ok
17:52:43.0872 3220 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:52:43.0888 3220 \Device\Harddisk0\DR0 - ok
17:52:43.0904 3220 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:52:44.0200 3220 \Device\Harddisk1\DR1 - ok
17:52:44.0231 3220 Boot (0x1200) (9f28910025b6e8289e55adb5f3a51a53) \Device\Harddisk1\DR1\Partition0
17:52:44.0231 3220 \Device\Harddisk1\DR1\Partition0 - ok
17:52:44.0231 3220 ============================================================
17:52:44.0231 3220 Scan finished
17:52:44.0231 3220 ============================================================
17:52:44.0247 4616 Detected object count: 0
17:52:44.0247 4616 Actual detected object count: 0


---------------------------------------------------------------------------------------------------------------------


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-27 17:55:05
-----------------------------
17:55:05.606 OS Version: Windows x64 6.1.7601 Service Pack 1
17:55:05.606 Number of processors: 8 586 0x1E05
17:55:05.606 ComputerName: A-LA-PUTA UserName: Chumpy
17:55:06.355 Initialize success
17:58:16.961 AVAST engine defs: 12062700
17:58:27.381 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
17:58:27.381 Disk 0 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
17:58:27.397 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
17:58:27.397 Disk 1 Vendor: TOSHIBA_MK1235GSL PV010A Size: 114473MB BusType: 3
17:58:27.412 Disk 1 MBR read successfully
17:58:27.428 Disk 1 MBR scan
17:58:27.428 Disk 1 Windows 7 default MBR code
17:58:27.428 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114470 MB offset 63
17:58:27.443 Disk 1 scanning C:\Windows\system32\drivers
17:58:39.611 Service scanning
17:59:11.404 Modules scanning
17:59:11.404 Disk 1 trace - called modules:
17:59:11.451 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:59:11.966 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004392790]
17:59:11.966 3 CLASSPNP.SYS[fffff880019a943f] -> nt!IofCallDriver -> [0xfffffa800416b520]
17:59:11.981 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-5[0xfffffa8004165060]
17:59:12.605 AVAST engine scan C:\Windows
17:59:15.101 AVAST engine scan C:\Windows\system32
18:01:45.018 AVAST engine scan C:\Windows\system32\drivers
18:01:54.534 AVAST engine scan C:\Users\Chumpy
18:02:50.787 AVAST engine scan C:\ProgramData
18:04:11.362 Scan finished successfully
18:04:55.556 Disk 1 MBR has been saved successfully to "C:\Users\Chumpy\Desktop\MBR.dat"
18:04:55.556 The log file has been saved successfully to "C:\Users\Chumpy\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 PM

Posted 27 June 2012 - 03:27 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 27 June 2012 - 03:52 AM

Done.

Computer is running fine after script. :)

---------------------------------------------------------------------------------------------------

ComboFix 12-06-26.02 - Chumpy 27/06/2012 18:34:46.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4094.2908 [GMT 10:00]
Running from: c:\users\Chumpy\Desktop\ComboFix.exe
Command switches used :: c:\users\Chumpy\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 08:37 . 2012-06-27 08:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 00:53 . 2012-06-27 00:53 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-26 07:31 . 2012-06-26 07:36 -------- d-----w- c:\windows\system32\appmgmt
2012-06-26 07:07 . 2012-06-26 07:07 -------- d-----w- c:\programdata\DVD Shrink
2012-06-26 07:05 . 2012-06-26 07:05 -------- d-----w- c:\program files\Bonjour
2012-06-26 07:05 . 2012-06-26 07:05 -------- d-----w- c:\program files (x86)\Bonjour
2012-06-26 07:04 . 2012-06-26 07:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-26 07:03 . 2012-06-26 07:03 -------- d-----w- c:\program files (x86)\Oracle
2012-06-26 07:01 . 2012-05-04 09:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-26 07:01 . 2012-05-04 09:29 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-26 07:01 . 2012-06-26 07:01 -------- d-----w- c:\program files (x86)\Java
2012-06-26 06:59 . 2009-05-18 03:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-26 06:57 . 2012-06-26 06:58 -------- d-----w- c:\program files (x86)\QuickTime
2012-06-26 06:57 . 2012-06-26 06:57 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-06-26 06:57 . 2012-06-26 06:57 -------- d-----w- c:\program files\Common Files\Apple
2012-06-26 06:56 . 2012-06-26 06:59 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-06-26 06:56 . 2012-06-26 06:56 -------- d-----w- c:\programdata\Apple
2012-06-26 04:41 . 2012-06-26 07:31 -------- dc----w- c:\windows\system32\DRVSTORE
2012-06-26 04:29 . 2012-06-26 04:47 -------- d-----w- c:\programdata\Nero
2012-06-26 04:16 . 2010-05-26 01:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-06-26 04:16 . 2010-05-26 01:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-06-26 04:16 . 2010-05-26 01:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-06-26 04:16 . 2010-05-26 01:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-06-26 04:16 . 2010-05-26 01:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2012-06-26 04:15 . 2009-09-04 07:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-06-26 04:14 . 2009-09-04 07:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-06-26 04:12 . 2008-10-14 20:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-06-26 04:11 . 2007-07-19 08:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2012-06-26 04:10 . 2007-05-16 06:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2012-06-26 03:45 . 2012-06-26 03:45 -------- d-----w- c:\programdata\Malwarebytes
2012-06-26 03:45 . 2012-06-26 03:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-26 03:45 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 03:40 . 2012-06-26 03:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-26 03:40 . 2012-06-26 03:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-26 03:15 . 2012-06-26 03:15 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-06-26 03:06 . 2012-06-26 03:09 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-26 03:05 . 2012-06-26 03:05 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-06-26 03:03 . 2012-06-26 03:03 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-06-26 03:00 . 2012-06-26 03:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-26 02:09 . 2012-06-26 02:09 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-26 01:15 . 2012-06-26 01:15 -------- d-----w- c:\programdata\SlySoft
2012-06-26 00:30 . 2012-06-26 00:30 -------- d-----w- c:\program files (x86)\SlySoft
2012-06-26 00:20 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-26 00:20 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-26 00:15 . 2012-06-26 01:06 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-26 00:15 . 2012-06-27 00:58 -------- d-----w- c:\programdata\AVG2012
2012-06-26 00:15 . 2012-06-27 00:38 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-26 00:15 . 2012-06-26 00:15 -------- d-----w- C:\$AVG
2012-06-26 00:13 . 2012-06-26 00:13 -------- d-----w- c:\program files (x86)\AVG
2012-06-25 17:30 . 2012-06-24 23:42 -------- d-----w- c:\windows\Panther
2012-06-25 17:30 . 2012-06-25 06:29 -------- d-----w- C:\Boot
2012-06-25 04:53 . 2012-06-25 04:53 -------- d--h--w- c:\programdata\Common Files
2012-06-25 04:51 . 2012-06-27 06:31 -------- d-----w- c:\programdata\MFAData
2012-06-25 04:37 . 2012-06-26 07:44 -------- d-----w- c:\users\UpdatusUser
2012-06-25 04:36 . 2012-06-25 04:37 -------- d-----w- c:\programdata\NVIDIA
2012-06-25 04:36 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-25 04:36 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-06-25 04:36 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-25 04:36 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-06-25 04:36 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-25 04:36 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-25 04:33 . 2012-06-25 04:33 -------- d-----w- C:\NVIDIA
2012-06-25 04:26 . 2012-06-25 04:34 -------- d--h--w- c:\programdata\ProgramData
2012-06-25 04:15 . 2012-06-26 00:40 -------- d-----w- c:\program files (x86)\uTorrent
2012-06-25 04:14 . 2010-01-22 01:22 180224 ----a-w- c:\windows\system32\drivers\nusb3xhc.sys
2012-06-25 04:14 . 2010-01-22 01:22 77824 ----a-w- c:\windows\system32\drivers\nusb3hub.sys
2012-06-25 04:13 . 2012-06-25 04:13 -------- d-----w- c:\program files (x86)\MagicDisc
2012-06-25 02:23 . 2012-06-25 02:23 -------- d-----w- c:\windows\system32\SPReview
2012-06-25 02:23 . 2012-06-25 02:23 -------- d-----w- c:\windows\system32\EventProviders
2012-06-25 02:18 . 2012-06-26 06:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 02:18 . 2012-06-26 06:09 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-25 02:18 . 2012-06-25 02:18 -------- d-----w- c:\windows\SysWow64\Macromed
2012-06-25 02:18 . 2012-06-25 02:18 -------- d-----w- c:\windows\system32\Macromed
2012-06-25 02:07 . 2010-11-20 12:23 144768 ----a-w- c:\windows\SysWow64\basecsp.dll
2012-06-25 02:06 . 2010-11-20 13:09 53760 ----a-w- c:\windows\system32\vmicres.dll
2012-06-25 02:05 . 2010-11-20 13:27 611840 ----a-w- c:\windows\system32\wpd_ci.dll
2012-06-25 01:42 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-06-25 01:23 . 2012-06-25 01:23 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-25 01:23 . 2012-06-26 07:39 -------- d-sh--w- c:\windows\Installer
2012-06-25 01:20 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 01:20 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 01:20 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 01:20 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 01:19 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 01:19 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 01:19 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 01:19 . 2012-06-02 05:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 01:19 . 2012-06-02 05:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 00:20 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-25 00:20 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-25 00:20 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-25 00:20 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-25 00:20 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-25 00:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-25 00:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-25 00:16 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-06-25 00:15 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-06-25 00:14 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-06-25 00:13 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-06-25 00:12 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-06-25 00:01 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-25 00:01 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-24 23:50 . 2012-06-24 23:50 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-06-24 23:50 . 2012-06-25 04:37 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-06-24 23:50 . 2012-06-25 04:37 -------- d-----w- c:\program files\NVIDIA Corporation
2012-06-24 23:49 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-24 23:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-06-24 23:49 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-24 23:49 . 2010-11-20 11:07 162816 ----a-w- c:\windows\system32\rdpudd.dll
2012-06-24 23:49 . 2010-11-20 11:03 20992 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-06-24 23:42 . 2012-06-26 07:41 -------- d-----w- c:\users\Chumpy
2012-06-24 23:41 . 2012-06-24 23:41 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 06:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-25 06:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-15 10:48 . 2012-02-09 12:43 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-02-09 12:43 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-09 12:43 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-02-09 12:43 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-02-09 12:43 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-04-18 18:50 . 2012-04-18 18:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-27_07.03.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-24 23:57 . 2012-06-27 07:14 21820 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-27 07:14 30270 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 01:20 . 2009-07-14 01:40 55808 c:\windows\system32\spool\drivers\x64\3\EP0SLP01.DLL
+ 2009-07-14 01:20 . 2009-07-14 01:40 77824 c:\windows\system32\EP0SLM01.DLL
- 2009-07-14 05:30 . 2012-06-26 07:06 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-06-27 07:09 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 00:35 . 2009-07-14 00:35 41984 c:\windows\system32\drivers\usbscan.sys
+ 2012-06-24 23:45 . 2012-06-27 07:14 6612 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1918991080-1797479945-2547540143-1001_UserData.bin
+ 2012-06-27 08:38 . 2012-06-27 08:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-27 07:03 . 2012-06-27 07:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-27 07:03 . 2012-06-27 07:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-27 08:38 . 2012-06-27 08:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 01:20 . 2009-07-14 01:40 392704 c:\windows\system32\spool\drivers\x64\3\EP0NB05A.DLL
+ 2009-07-14 01:20 . 2009-07-14 01:40 120320 c:\windows\system32\spool\drivers\x64\3\EP0NB01B.DLL
+ 2009-07-14 01:20 . 2009-07-14 01:40 204288 c:\windows\system32\ep0icn3.dll
- 2009-07-14 05:30 . 2012-06-26 07:06 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-27 07:09 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:01 . 2012-06-27 07:01 312692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-27 08:37 312692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-25 05:01 . 2012-06-27 08:37 5073541 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1918991080-1797479945-2547540143-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-04-09 3378112]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-26 1021840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="e:\itunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 257224]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-21 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-18 383808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-22 2321520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-29 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-09 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 06:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Chumpy\AppData\Roaming\Mozilla\Firefox\Profiles\6k4k2z3y.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-27 18:44:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 08:44
ComboFix2.txt 2012-06-27 07:08
.
Pre-Run: 85,982,777,344 bytes free
Post-Run: 86,042,947,584 bytes free
.
- - End Of File - - C2ED504F0139692D59B1A4E2EE6BEA66

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 PM

Posted 27 June 2012 - 03:59 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 27 June 2012 - 04:57 AM

µTorrent is gone and logs below.

No probs.

-------------------------------------------------------------------

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.27.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chumpy :: A-LA-PUTA [administrator]

27/06/2012 7:48:29 PM
mbam-log-2012-06-27 (19-48-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224929
Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

----------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:53:09 PM, on 27/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
E:\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Chumpy\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-21-1918991080-1797479945-2547540143-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1918991080-1797479945-2547540143-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7175 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 PM

Posted 27 June 2012 - 07:32 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
      O4 - HKUS\S-1-5-21-1918991080-1797479945-2547540143-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1918991080-1797479945-2547540143-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 27 June 2012 - 10:42 PM

Hi again,

Do you know of any good (free) internet security and firewall programs.
I only have the trial version of AVG I.S. and have heard windows firewall isn't very good.



ESET log

C:\Qoobox\Quarantine\C\Windows\Installer\{534463a3-fe66-4a54-0103-9e9fbf872149}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{534463a3-fe66-4a54-0103-9e9fbf872149}\U\80000000.@.vir Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.A.Gen trojan

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 PM

Posted 27 June 2012 - 10:45 PM

Hello

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


C:\Qoobox\Quarantine\<-- combofix


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 27 June 2012 - 11:17 PM

Hey Gringo!! Your help was greatly appreciated.
That Trojan was driving me up the wall!!

A big :thumbsup: to you

Donating.

Thanks heaps,

Big Chumpy

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 PM

Posted 27 June 2012 - 11:20 PM

Thank you it was very nice and you are more than welcome


Very Glad I was able to help



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 PM

Posted 30 June 2012 - 11:58 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users