Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Music plays at random, voices and windows security center/firewall became disabled


  • This topic is locked This topic is locked
12 replies to this topic

#1 Icejon

Icejon

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 28 June 2012 - 10:21 PM

Windows security is disabled and I hear random voices/sounds. Some weird trojan detected and removed by MBAM. This is my DDS log.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Jonathon Loo at 20:05:02 on 2012-06-28
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.1020 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Jonathon Loo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Folding@home\Folding@home-gpu\Folding@home.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\microsoft office\Office12\OUTLOOK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOL Radio Toolbar Loader: {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - c:\program files\aol radio toolbar\aolradiotb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: AOL Radio Toolbar: {9167da98-6f9b-46f1-991d-826cae46cab6} - c:\program files\aol radio toolbar\aolradiotb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\jonathon loo\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [EADM] "c:\program files\origin\Origin.exe" -AutoStart
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Launch LgDevAgt] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Turbine Download Manager Tray Icon] "c:\program files\turbine\turbine download manager\TurbineDownloadManagerIcon.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\jonath~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jonathon loo\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\jonath~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\foldin~1.lnk - c:\users\jonathon loo\appdata\roaming\microsoft\installer\{6a90c837-054e-44ae-b9bd-1b1f87986bbc}\_98830A63A82EB98D7BA198.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{77219877-5B01-44F5-875A-CBB10ACBC3CF} : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{7BD0D7B3-1145-4558-86D6-D82FBD4817CB} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 171064]
R0 pe3alvyb;Call of Juarez 4.7 Environment Driver (pe3alvyb);c:\windows\system32\drivers\pe3alvyb.sys [2007-6-18 65424]
R0 ps6alvyb;Call of Juarez 4.7 Synchronization Driver (ps6alvyb);c:\windows\system32\drivers\ps6alvyb.sys [2007-6-18 55704]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-23 176128]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-18 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-12 1153368]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-11-27 5120]
R3 A3AX;D-Link AirPro DWL-A520 PCI Adapter Service;c:\windows\system32\drivers\a3ax.sys [2002-3-2 261112]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-10-23 6472192]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-10-23 228352]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-28 40776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-6-10 136176]
S2 pr2alvyb;Call of Juarez 4.7 Drivers Auto Removal (pr2alvyb);c:\windows\system32\pr2alvyb.exe svc --> c:\windows\system32\pr2alvyb.exe svc [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-10 257224]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-3-8 25832]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest ultimate edition\kerneld.wnt [2008-9-18 23152]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-6-10 136176]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 SaiK0836;SaiK0836;c:\windows\system32\drivers\SaiK0836.sys [2008-9-12 107008]
S3 WinRing0_1_1_1;WinRing0_1_1_1;c:\users\jonathon loo\documents\realtemp_2.70\WinRing0.sys [2008-1-28 13904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-29 02:57:16 -------- d-----w- c:\users\jonathon loo\appdata\local\{AA536487-AE94-4925-9976-FA4090A25AEC}
2012-06-29 02:56:52 -------- d-----w- c:\users\jonathon loo\appdata\local\{0B269815-B736-4622-9F29-D2DA08037890}
2012-06-29 02:55:20 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-28 08:15:48 -------- d-----w- c:\users\jonathon loo\appdata\roaming\Malwarebytes
2012-06-28 08:15:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 08:15:44 -------- d-----w- c:\programdata\Malwarebytes
2012-06-28 08:15:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-28 08:11:51 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-28 07:09:12 -------- d-----w- c:\users\jonathon loo\appdata\local\{C1B79A9E-5C6E-478F-8F52-6DBB2AE36FEB}
2012-06-27 19:08:45 -------- d-----w- c:\users\jonathon loo\appdata\local\{220F9986-30AF-4291-ACE9-01DE86ACB40E}
2012-06-27 19:08:35 -------- d-----w- c:\users\jonathon loo\appdata\local\{6A84EEBA-8873-40C0-88FC-D7071B82D52C}
2012-06-26 04:59:59 -------- d-----w- c:\windows\en
2012-06-26 04:45:00 89944 ----a-w- c:\program files\common files\windows live\.cache\71bc05811cd535601\DSETUP.dll
2012-06-26 04:45:00 537432 ----a-w- c:\program files\common files\windows live\.cache\71bc05811cd535601\DXSETUP.exe
2012-06-26 04:45:00 1801048 ----a-w- c:\program files\common files\windows live\.cache\71bc05811cd535601\dsetup32.dll
2012-06-26 04:44:01 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-26 03:47:30 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2bdd8c9c-a6ca-41c4-b55b-c6978a3d4e81}\mpengine.dll
2012-06-26 03:38:49 -------- d-----w- c:\users\jonathon loo\appdata\local\{A93E4DC3-1A2A-4281-BD6F-9F27024C2242}
2012-06-26 03:38:16 -------- d-----w- c:\users\jonathon loo\appdata\local\{38B88A8E-82A2-48A4-8217-BC7683C7D7BD}
2012-06-25 00:48:39 6762896 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-25 00:39:29 -------- d-----w- c:\users\jonathon loo\appdata\local\{445D5EBD-1B25-499B-953B-DA82CB534406}
2012-06-25 00:38:41 -------- d-----w- c:\users\jonathon loo\appdata\local\{05B03607-09F0-4D32-9271-A7007B7217D9}
2012-06-23 01:11:36 -------- d-----w- c:\users\jonathon loo\appdata\local\{8B2954D7-07F1-40C2-AE1A-D9F6729217AB}
2012-06-23 01:11:11 -------- d-----w- c:\users\jonathon loo\appdata\local\{E32AFC62-25CE-4462-BE57-3B45B7EFC091}
2012-06-22 21:27:31 -------- d-----w- c:\program files\Samsung
2012-06-22 04:48:03 -------- d-----w- c:\users\jonathon loo\appdata\local\{8B4D7C18-5D21-4F65-AB62-B8ECA6C3C5A8}
2012-06-22 04:47:17 -------- d-----w- c:\users\jonathon loo\appdata\local\{60183068-F2EA-4227-BA29-2D8269EF6622}
2012-06-19 06:35:07 -------- d-----w- c:\users\jonathon loo\appdata\local\{72F43E56-4C47-4D8E-AE7D-63FDDB89EF4B}
2012-06-19 05:34:26 -------- d-----w- c:\users\jonathon loo\appdata\local\{16B73CB7-57D4-45B9-9F33-16566ACFE2A3}
2012-06-18 16:26:09 -------- d-----w- c:\users\jonathon loo\appdata\local\{34E6DBFC-BEB0-440E-97C8-4E825C7234E4}
2012-06-18 16:25:41 -------- d-----w- c:\users\jonathon loo\appdata\local\{D26ED9E5-8610-430C-817F-A7D15018A0C6}
2012-06-18 03:34:05 -------- d-----w- c:\users\jonathon loo\appdata\local\{07E51A0A-DE4E-45FE-A22E-13C62B20FB17}
2012-06-18 03:33:32 -------- d-----w- c:\users\jonathon loo\appdata\local\{ACAC5F22-7A07-4636-BFEF-1C081AB77241}
2012-06-17 15:34:53 -------- d-----w- c:\users\jonathon loo\appdata\local\{C7C40531-38D4-45EE-92CF-33517704609C}
2012-06-17 15:34:36 -------- d-----w- c:\users\jonathon loo\appdata\local\{3E7F9A5E-9316-405C-88A4-268590C245A6}
2012-06-16 20:20:50 -------- d-----w- c:\users\jonathon loo\appdata\local\{1853A7D3-57A4-4BD3-A785-6EC1CF192E93}
2012-06-16 20:20:15 -------- d-----w- c:\users\jonathon loo\appdata\local\{F6CC357B-20ED-4C66-BAA8-7E9EC067CED3}
2012-06-14 15:26:37 -------- d-----w- c:\users\jonathon loo\appdata\local\{7D04C6D9-9367-4CB3-8E4D-C07203759BDC}
2012-06-14 15:25:52 -------- d-----w- c:\users\jonathon loo\appdata\local\{891080AF-4E1D-4D8E-9029-42CE3ADA9C0D}
2012-06-14 05:09:43 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 05:09:43 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 05:09:43 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 05:09:19 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 05:09:16 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 00:18:17 -------- d-----w- c:\users\jonathon loo\appdata\local\{71C935CE-A95F-47AB-AA05-C1CA676771E6}
2012-06-14 00:18:04 -------- d-----w- c:\users\jonathon loo\appdata\local\{D9EC4B68-4B64-4D08-AB0A-3BAFCCAB22DB}
2012-06-13 16:09:15 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{62877bd6-97f4-48c1-a567-27ea68242113}\gapaengine.dll
2012-06-13 15:55:08 -------- d-----w- c:\users\jonathon loo\appdata\local\{A8BC0AEE-7262-42A1-B12E-F0BB63F53D5A}
2012-06-13 15:54:50 -------- d-----w- c:\users\jonathon loo\appdata\local\{1CEB0C32-477C-4245-93AC-9C446F61211D}
2012-06-13 01:14:26 -------- d-----w- c:\users\jonathon loo\appdata\local\{5C519162-7E03-4F86-BABB-4DCF6ECDCD8E}
2012-06-13 01:13:45 -------- d-----w- c:\users\jonathon loo\appdata\local\{F9D48D1D-9A36-45AB-8DC6-16C019EF8472}
2012-06-12 01:48:26 -------- d-----w- c:\users\jonathon loo\appdata\local\{2FB030B6-7200-4432-90F4-6C9C9242B043}
2012-06-12 01:48:11 -------- d-----w- c:\users\jonathon loo\appdata\local\{E9A3A840-A65F-4944-A499-D9B702B4B504}
2012-06-11 06:01:46 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-11 01:52:54 -------- d-----w- c:\users\jonathon loo\appdata\local\{9D8CFB39-C126-4151-BB3D-C4F2DACFFA8E}
2012-06-11 01:52:39 -------- d-----w- c:\users\jonathon loo\appdata\local\{0E5110D1-9309-4A67-8006-8B2816B78A4A}
2012-06-10 13:18:34 -------- d-----w- c:\program files\Dropbox
2012-06-10 13:16:10 -------- d-----w- c:\users\jonathon loo\appdata\local\{8A74ECE8-F8BE-4116-8CC8-8C54CABC0BDA}
2012-06-10 13:15:56 -------- d-----w- c:\users\jonathon loo\appdata\local\{FA1A3B62-1BF5-4232-9AD5-57120C3210AB}
2012-06-10 02:57:39 -------- d-----w- c:\users\jonathon loo\appdata\local\{AF8F8A42-BF12-4FFA-A4D8-46D92806FB37}
2012-06-10 02:57:24 -------- d-----w- c:\users\jonathon loo\appdata\local\{DC21C138-210B-4569-8211-404ECAFD8611}
2012-06-09 01:48:49 -------- d-----w- c:\users\jonathon loo\appdata\local\{AAF2D428-184C-4BA7-AFEB-42509B8A863A}
2012-06-09 01:48:21 -------- d-----w- c:\users\jonathon loo\appdata\local\{8B8D1CA7-5DF7-43F1-97F6-59B567B80DC5}
2012-06-09 01:12:25 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-09 01:12:03 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-09 01:11:55 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-09 01:11:55 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-08 14:07:33 -------- d-----w- c:\users\jonathon loo\appdata\local\{2282A925-97C9-4BF6-9C7C-F4FCDF35FE73}
2012-06-08 14:07:19 -------- d-----w- c:\users\jonathon loo\appdata\local\{44E10AD5-97C2-4835-9FC4-1EF78F400556}
2012-06-08 01:52:24 -------- d-----w- c:\users\jonathon loo\appdata\local\{B0A88E12-E2F3-43B0-89BF-C23796DD29D2}
2012-06-08 01:51:45 -------- d-----w- c:\users\jonathon loo\appdata\local\{12E9BDD9-4732-426C-9627-187EE543B1FF}
2012-06-06 15:48:41 -------- d-----w- c:\users\jonathon loo\appdata\local\{E9FB944C-16C5-4B78-971F-9040C5BD80F2}
2012-06-06 15:48:22 -------- d-----w- c:\users\jonathon loo\appdata\local\{4310BBFA-F985-4DF2-963B-58D92E129369}
2012-06-05 22:59:21 -------- d-----w- c:\users\jonathon loo\appdata\local\{9309812A-0DE3-418B-978F-7E276FB70A5F}
2012-06-05 22:59:03 -------- d-----w- c:\users\jonathon loo\appdata\local\{9ABFF012-BD05-4E82-9707-B32A58BFE5A4}
2012-06-05 22:51:40 -------- d-----w- c:\users\jonathon loo\appdata\local\{7D471C15-7D08-40F9-8986-957CB27643D8}
2012-06-05 22:51:22 -------- d-----w- c:\users\jonathon loo\appdata\local\{875103A4-8AB1-410B-827D-B370DD7A0465}
2012-06-05 15:50:20 -------- d-----w- c:\users\jonathon loo\appdata\local\{CF7882C9-CDDE-4C64-969F-54A7144A17CE}
2012-06-05 15:49:48 -------- d-----w- c:\users\jonathon loo\appdata\local\{502E709D-BD41-4E95-8F04-BA1E8DE924F8}
2012-06-05 01:37:13 -------- d-----w- c:\users\jonathon loo\appdata\local\{C31EAB72-00D9-44AF-8E5F-96F095D962D6}
2012-06-05 01:36:57 -------- d-----w- c:\users\jonathon loo\appdata\local\{F6C88551-06B0-4A62-A91B-D5DA945AD307}
2012-06-03 13:56:14 -------- d-----w- c:\users\jonathon loo\appdata\local\{4BA9DDF7-BA8B-43EF-AD42-89B3E039B34A}
2012-06-03 13:55:47 -------- d-----w- c:\users\jonathon loo\appdata\local\{7BE42416-8972-4FCC-B5BB-9672E4182CFD}
2012-06-01 03:02:07 -------- d-----w- c:\users\jonathon loo\appdata\local\{6819F1CB-E7A8-4D71-9CFB-CE614AF3FEC2}
2012-06-01 03:01:47 -------- d-----w- c:\users\jonathon loo\appdata\local\{54F8FFA3-80B4-49B6-B495-F7DF88F60176}
2012-05-31 04:15:53 -------- d-----w- c:\users\jonathon loo\appdata\local\{374A6D67-9F7D-4648-9652-4B8800D4EA06}
2012-05-31 04:15:37 -------- d-----w- c:\users\jonathon loo\appdata\local\{C9018021-F0F8-4388-8DD8-F277F9CE2B30}
2012-05-31 02:14:47 -------- d-----w- c:\users\jonathon loo\appdata\local\{E5A61B0D-1F6D-4CD8-A24F-64943F494E52}
2012-05-31 02:14:34 -------- d-----w- c:\users\jonathon loo\appdata\local\{CD41F0AF-F9DE-4CEF-9BE2-0AA71BF342A8}
.
==================== Find3M ====================
.
2012-06-11 06:01:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 20:12:30.58 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 30 June 2012 - 12:21 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Icejon

Icejon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 30 June 2012 - 03:03 AM

Ran security check but it said the directory name is invalid.

Here is the combofix log. It ran and provided the log after 3 restarts.

ComboFix 12-06-28.03 - Jonathon Loo 06/30/2012 0:28.1.4 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.1805 [GMT -7:00]
Running from: c:\users\Jonathon Loo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\@
c:\windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\U\00000001.@
c:\windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\U\80000000.@
c:\windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\U\800000cb.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy8_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 07:39 . 2012-06-30 07:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-28 08:15 . 2012-06-28 08:15 -------- d-----w- c:\users\Jonathon Loo\AppData\Roaming\Malwarebytes
2012-06-28 08:15 . 2012-06-28 08:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-28 08:15 . 2012-06-28 08:15 -------- d-----w- c:\programdata\Malwarebytes
2012-06-28 08:15 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 08:11 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-26 04:59 . 2012-06-26 04:59 -------- d-----w- c:\windows\en
2012-06-26 04:45 . 2012-06-26 04:45 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\71bc05811cd535601\DSETUP.dll
2012-06-26 04:45 . 2012-06-26 04:45 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\71bc05811cd535601\DXSETUP.exe
2012-06-26 04:45 . 2012-06-26 04:45 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\71bc05811cd535601\dsetup32.dll
2012-06-26 04:44 . 2012-06-26 04:44 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-26 03:47 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDD8C9C-A6CA-41C4-B55B-C6978A3D4E81}\mpengine.dll
2012-06-25 00:48 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-22 21:27 . 2012-06-22 21:27 -------- d-----w- c:\program files\Samsung
2012-06-14 05:09 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 05:09 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 05:09 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 05:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 05:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 16:09 . 2012-02-10 06:11 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62877BD6-97F4-48C1-A567-27EA68242113}\gapaengine.dll
2012-06-11 06:01 . 2012-06-11 06:02 -------- d-----w- c:\program files\Google
2012-06-11 06:01 . 2012-06-11 06:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-10 13:18 . 2012-06-10 13:18 -------- d-----w- c:\program files\Dropbox
2012-06-09 01:12 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-09 01:12 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-09 01:12 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-09 01:12 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-09 01:12 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-09 01:12 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-09 01:12 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-09 01:11 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-09 01:11 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 06:01 . 2011-08-23 14:34 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-12 00:54 . 2012-05-12 00:54 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-03 08:16 . 2012-05-12 01:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-12 01:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Jonathon Loo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Jonathon Loo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Jonathon Loo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-05 3077528]
"EADM"="c:\program files\Origin\Origin.exe" [2012-05-25 3407496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-25 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 154136]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-01 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
c:\users\Jonathon Loo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jonathon Loo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Folding@home-gpu.lnk - c:\users\Jonathon Loo\AppData\Roaming\Microsoft\Installer\{6A90C837-054E-44AE-B9BD-1B1F87986BBC}\_98830A63A82EB98D7BA198.exe [2009-5-12 98477]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfilerU]
2007-10-02 17:10 233472 ----a-w- c:\program files\Saitek\SD6\Software\ProfilerU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
2007-10-02 17:10 131072 ----a-w- c:\program files\Saitek\SD6\Software\SaiMfd.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S3 A3AX;D-Link AirPro DWL-A520 PCI Adapter Service;c:\windows\system32\DRIVERS\a3ax.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-12 01:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 17:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 06:01]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-11 06:02]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-11 06:02]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2482749592-1624302976-3925070668-1000Core.job
- c:\users\Jonathon Loo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-05 06:41]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2482749592-1624302976-3925070668-1000UA.job
- c:\users\Jonathon Loo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-05 06:41]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
SafeBoot-MsMpSvc
AddRemove-MiniStumbler - c:\program files\MiniStumbler\uninst.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files\Common Files\BioWare\Uninstall Mass Effect 2.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2482749592-1624302976-3925070668-1000\Software\SecuROM\License information*]
"datasecu"=hex:3d,a7,2f,05,4f,e2,37,bd,1c,53,19,4d,01,86,03,45,25,2b,37,bd,cb,
1f,fe,99,cd,a5,a1,c5,82,d1,c0,a2,b5,06,1a,d2,9f,ee,85,06,5d,ff,7e,0a,9c,b3,\
"rkeysecu"=hex:99,ee,64,8c,a8,0b,6f,89,9c,b3,2e,69,e2,6b,a2,7c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3868)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\users\Jonathon Loo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ACTXPRXY.DLL
c:\windows\system32\stobject.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\atieclxx.exe
c:\program files\Windows Media Player\WMPNSCFG.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2012-06-30 00:53:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-30 07:52
.
Pre-Run: 138,584,698,880 bytes free
Post-Run: 141,829,963,776 bytes free
.
- - End Of File - - 34F040D27EC0C9E1A9B81179A7D1E2AF

Currently the system is booting up roughly 40-80 secs slower after windows logon. After running MBAM and Combofix I have not heard any voices or music. Now Microsoft security center still remains disabled and it gives an error that it is not installed when I try to activate it.

Here is my MBAM quarantine logs:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.28.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jonathon Loo :: JONATHONLOO2-PC [administrator]

6/28/2012 7:55:32 PM
mbam-log-2012-06-28 (19-55-32).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 548400
Time elapsed: 2 hour(s), 30 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Jonathon Loo\AppData\Local\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\n (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.
C:\Windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.28.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jonathon Loo :: JONATHONLOO2-PC [administrator]

6/29/2012 4:21:09 PM
mbam-log-2012-06-29 (16-21-09).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 552910
Time elapsed: 1 hour(s), 47 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.
C:\Windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Edited by Icejon, 30 June 2012 - 03:09 AM.


#4 Icejon

Icejon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 30 June 2012 - 03:12 AM

My wife notes that the music started the day before I reported the problem. However I believed I visited World.guns.RU as a google search link and since then the problems started.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 30 June 2012 - 11:05 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Icejon

Icejon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 30 June 2012 - 03:07 PM

TDSS log:

12:50:19.0911 4284 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
12:50:19.0927 4284 ============================================================
12:50:19.0927 4284 Current date / time: 2012/06/30 12:50:19.0927
12:50:19.0927 4284 SystemInfo:
12:50:19.0927 4284
12:50:19.0927 4284 OS Version: 6.0.6002 ServicePack: 2.0
12:50:19.0927 4284 Product type: Workstation
12:50:19.0927 4284 ComputerName: JONATHONLOO2-PC
12:50:19.0927 4284 UserName: Jonathon Loo
12:50:19.0927 4284 Windows directory: C:\Windows
12:50:19.0927 4284 System windows directory: C:\Windows
12:50:19.0927 4284 Processor architecture: Intel x86
12:50:19.0927 4284 Number of processors: 4
12:50:19.0927 4284 Page size: 0x1000
12:50:19.0927 4284 Boot type: Normal boot
12:50:19.0927 4284 ============================================================
12:50:22.0395 4284 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:50:22.0411 4284 ============================================================
12:50:22.0411 4284 \Device\Harddisk0\DR0:
12:50:22.0411 4284 MBR partitions:
12:50:22.0411 4284 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
12:50:22.0411 4284 ============================================================
12:50:22.0489 4284 C: <-> \Device\Harddisk0\DR0\Partition0
12:50:22.0489 4284 ============================================================
12:50:22.0489 4284 Initialize success
12:50:22.0489 4284 ============================================================
12:50:24.0208 4336 ============================================================
12:50:24.0208 4336 Scan started
12:50:24.0208 4336 Mode: Manual;
12:50:24.0208 4336 ============================================================
12:50:35.0224 4336 A3AX (59a0e27deedd47bb5a303366b61e7290) C:\Windows\system32\DRIVERS\a3ax.sys
12:50:35.0224 4336 A3AX - ok
12:50:38.0255 4336 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:50:38.0427 4336 ACPI - ok
12:52:13.0114 4336 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:52:13.0427 4336 AdobeFlashPlayerUpdateSvc - ok
12:52:20.0255 4336 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
12:52:20.0911 4336 adp94xx - ok
12:52:25.0109 4336 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
12:52:25.0469 4336 adpahci - ok
12:52:27.0121 4336 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
12:52:27.0214 4336 adpu160m - ok
12:52:29.0393 4336 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
12:52:29.0750 4336 adpu320 - ok
12:52:30.0395 4336 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
12:52:30.0459 4336 AeLookupSvc - ok
12:52:34.0843 4336 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:52:35.0163 4336 AFD - ok
12:52:37.0093 4336 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
12:52:37.0227 4336 agp440 - ok
12:52:38.0948 4336 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:52:39.0193 4336 aic78xx - ok
12:52:40.0800 4336 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
12:52:40.0842 4336 ALG - ok
12:52:41.0075 4336 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
12:52:41.0124 4336 aliide - ok
12:52:50.0230 4336 ALSysIO - ok
12:52:52.0622 4336 AMD External Events Utility (aa8c7a0a40d3b8992ea1845ef89fe2d4) C:\Windows\system32\atiesrxx.exe
12:52:52.0763 4336 AMD External Events Utility - ok
12:52:54.0040 4336 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
12:52:54.0226 4336 amdagp - ok
12:52:54.0492 4336 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
12:52:54.0515 4336 amdide - ok
12:52:54.0584 4336 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
12:52:54.0587 4336 AmdK7 - ok
12:52:54.0890 4336 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
12:52:54.0892 4336 AmdK8 - ok
12:53:17.0128 4336 amdkmdag (5ab10c74c8ea15e98a6c771b7269615e) C:\Windows\system32\DRIVERS\atikmdag.sys
12:53:18.0639 4336 amdkmdag - ok
12:53:19.0994 4336 amdkmdap (e9890f7ec1ab4d09afeb09dd76334622) C:\Windows\system32\DRIVERS\atikmpag.sys
12:53:19.0995 4336 amdkmdap - ok
12:53:20.0115 4336 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
12:53:20.0116 4336 Appinfo - ok
12:53:20.0515 4336 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
12:53:20.0526 4336 AppMgmt - ok
12:53:20.0951 4336 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
12:53:21.0000 4336 arc - ok
12:53:21.0142 4336 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
12:53:21.0157 4336 arcsas - ok
12:53:21.0458 4336 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:53:21.0459 4336 aspnet_state - ok
12:53:21.0565 4336 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:53:21.0589 4336 AsyncMac - ok
12:53:21.0812 4336 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:53:21.0812 4336 atapi - ok
12:53:22.0317 4336 AtiHdmiService (686a9109c638da54eb8c3c967f797079) C:\Windows\system32\drivers\AtiHdmi.sys
12:53:22.0340 4336 AtiHdmiService - ok
12:53:27.0495 4336 atikmdag (5ab10c74c8ea15e98a6c771b7269615e) C:\Windows\system32\DRIVERS\atikmdag.sys
12:53:27.0533 4336 atikmdag - ok
12:53:28.0784 4336 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
12:53:28.0786 4336 atksgt - ok
12:53:29.0111 4336 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:53:29.0126 4336 AudioEndpointBuilder - ok
12:53:29.0130 4336 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:53:29.0132 4336 Audiosrv - ok
12:53:29.0366 4336 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
12:53:29.0369 4336 BBSvc - ok
12:53:29.0494 4336 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
12:53:29.0495 4336 BcmSqlStartupSvc - ok
12:53:29.0530 4336 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:53:29.0531 4336 Beep - ok
12:53:29.0621 4336 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
12:53:29.0633 4336 BFE - ok
12:53:29.0741 4336 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
12:53:29.0756 4336 BITS - ok
12:53:29.0758 4336 blbdrive - ok
12:53:30.0087 4336 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:53:30.0098 4336 bowser - ok
12:53:30.0149 4336 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:53:30.0149 4336 BrFiltLo - ok
12:53:30.0165 4336 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:53:30.0165 4336 BrFiltUp - ok
12:53:30.0191 4336 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
12:53:30.0192 4336 Browser - ok
12:53:30.0229 4336 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:53:30.0230 4336 Brserid - ok
12:53:30.0242 4336 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:53:30.0243 4336 BrSerWdm - ok
12:53:30.0254 4336 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:53:30.0255 4336 BrUsbMdm - ok
12:53:30.0264 4336 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:53:30.0265 4336 BrUsbSer - ok
12:53:30.0291 4336 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:53:30.0292 4336 BTHMODEM - ok
12:53:30.0560 4336 catchme - ok
12:53:30.0613 4336 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:53:30.0614 4336 cdfs - ok
12:53:30.0665 4336 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:53:30.0666 4336 cdrom - ok
12:53:30.0721 4336 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:53:30.0722 4336 CertPropSvc - ok
12:53:30.0735 4336 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
12:53:30.0736 4336 circlass - ok
12:53:31.0272 4336 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:53:31.0280 4336 CLFS - ok
12:53:31.0463 4336 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:53:31.0465 4336 clr_optimization_v2.0.50727_32 - ok
12:53:31.0852 4336 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:53:31.0977 4336 clr_optimization_v4.0.30319_32 - ok
12:53:32.0032 4336 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
12:53:32.0033 4336 cmdide - ok
12:53:32.0160 4336 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
12:53:32.0160 4336 Compbatt - ok
12:53:32.0163 4336 COMSysApp - ok
12:53:32.0188 4336 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
12:53:32.0189 4336 crcdisk - ok
12:53:32.0326 4336 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
12:53:32.0327 4336 Crusoe - ok
12:53:32.0401 4336 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
12:53:32.0404 4336 CryptSvc - ok
12:53:32.0542 4336 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
12:53:32.0949 4336 CSC - ok
12:53:33.0250 4336 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
12:53:33.0256 4336 CscService - ok
12:53:33.0650 4336 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
12:53:33.0781 4336 DAUpdaterSvc - ok
12:53:34.0281 4336 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:53:34.0289 4336 DcomLaunch - ok
12:53:34.0545 4336 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:53:34.0547 4336 DfsC - ok
12:53:34.0854 4336 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
12:53:35.0021 4336 DFSR - ok
12:53:35.0581 4336 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
12:53:35.0582 4336 DgiVecp - ok
12:53:35.0649 4336 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
12:53:35.0654 4336 Dhcp - ok
12:53:35.0692 4336 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:53:35.0692 4336 disk - ok
12:53:35.0745 4336 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
12:53:35.0746 4336 Dnscache - ok
12:53:36.0187 4336 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
12:53:36.0190 4336 dot3svc - ok
12:53:36.0233 4336 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
12:53:36.0236 4336 DPS - ok
12:53:36.0289 4336 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:53:36.0290 4336 drmkaud - ok
12:53:36.0413 4336 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:53:36.0417 4336 DXGKrnl - ok
12:53:36.0499 4336 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
12:53:36.0515 4336 e1express - ok
12:53:36.0576 4336 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:53:36.0578 4336 E1G60 - ok
12:53:36.0615 4336 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
12:53:36.0617 4336 EapHost - ok
12:53:36.0764 4336 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:53:36.0766 4336 Ecache - ok
12:53:37.0213 4336 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
12:53:37.0270 4336 ehRecvr - ok
12:53:37.0320 4336 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
12:53:37.0322 4336 ehSched - ok
12:53:37.0361 4336 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
12:53:37.0363 4336 ehstart - ok
12:53:37.0449 4336 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
12:53:37.0460 4336 elxstor - ok
12:53:37.0614 4336 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
12:53:37.0622 4336 EMDMgmt - ok
12:53:37.0968 4336 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
12:53:37.0991 4336 EventSystem - ok
12:53:38.0352 4336 EverestDriver (7d7d4b5d0327777f4ce45f5e4ab5fed8) C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt
12:53:38.0353 4336 EverestDriver - ok
12:53:38.0563 4336 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:53:38.0566 4336 exfat - ok
12:53:38.0602 4336 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:53:38.0604 4336 fastfat - ok
12:53:38.0674 4336 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
12:53:38.0681 4336 Fax - ok
12:53:38.0728 4336 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:53:38.0729 4336 fdc - ok
12:53:39.0244 4336 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
12:53:39.0263 4336 fdPHost - ok
12:53:39.0586 4336 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
12:53:39.0611 4336 FDResPub - ok
12:53:40.0083 4336 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:53:40.0179 4336 FileInfo - ok
12:53:40.0264 4336 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:53:40.0279 4336 Filetrace - ok
12:53:40.0349 4336 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
12:53:40.0361 4336 flpydisk - ok
12:53:40.0525 4336 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:53:40.0527 4336 FltMgr - ok
12:53:40.0828 4336 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
12:53:41.0102 4336 FontCache - ok
12:53:41.0332 4336 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:53:41.0333 4336 FontCache3.0.0.0 - ok
12:53:41.0459 4336 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
12:53:41.0460 4336 Fs_Rec - ok
12:53:41.0665 4336 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
12:53:41.0682 4336 fvevol - ok
12:53:42.0029 4336 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
12:53:42.0196 4336 gagp30kx - ok
12:53:42.0707 4336 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
12:53:42.0786 4336 gpsvc - ok
12:53:43.0550 4336 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:53:43.0593 4336 gupdate - ok
12:53:43.0596 4336 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:53:43.0597 4336 gupdatem - ok
12:53:44.0249 4336 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:53:44.0377 4336 gusvc - ok
12:53:44.0487 4336 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
12:53:44.0488 4336 hamachi - ok
12:53:44.0585 4336 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
12:53:44.0588 4336 HdAudAddService - ok
12:53:44.0665 4336 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:53:44.0671 4336 HDAudBus - ok
12:53:44.0709 4336 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:53:44.0709 4336 HidBth - ok
12:53:44.0723 4336 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:53:44.0724 4336 HidIr - ok
12:53:44.0767 4336 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
12:53:44.0788 4336 hidserv - ok
12:53:44.0860 4336 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:53:44.0891 4336 HidUsb - ok
12:53:45.0003 4336 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
12:53:45.0028 4336 hkmsvc - ok
12:53:45.0934 4336 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
12:53:45.0974 4336 HpCISSs - ok
12:53:46.0117 4336 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:53:46.0122 4336 HTTP - ok
12:53:46.0143 4336 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
12:53:46.0144 4336 i2omp - ok
12:53:46.0194 4336 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:53:46.0195 4336 i8042prt - ok
12:53:46.0241 4336 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
12:53:46.0245 4336 iaStorV - ok
12:53:46.0923 4336 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:53:47.0113 4336 idsvc - ok
12:53:47.0363 4336 igfx (d4238c9bebba5bf752e4f75a559d74f2) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:53:47.0433 4336 igfx - ok
12:53:48.0029 4336 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:53:48.0030 4336 iirsp - ok
12:53:48.0100 4336 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
12:53:48.0227 4336 IKEEXT - ok
12:53:48.0269 4336 IntcAzAudAddService - ok
12:53:48.0329 4336 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:53:48.0330 4336 intelide - ok
12:53:48.0384 4336 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:53:48.0385 4336 intelppm - ok
12:53:48.0409 4336 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
12:53:48.0452 4336 IPBusEnum - ok
12:53:48.0477 4336 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:53:48.0479 4336 IpFilterDriver - ok
12:53:48.0874 4336 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
12:53:48.0878 4336 iphlpsvc - ok
12:53:48.0880 4336 IpInIp - ok
12:53:48.0906 4336 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
12:53:48.0907 4336 IPMIDRV - ok
12:53:48.0952 4336 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:53:48.0954 4336 IPNAT - ok
12:53:48.0982 4336 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:53:48.0983 4336 IRENUM - ok
12:53:48.0991 4336 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
12:53:48.0992 4336 isapnp - ok
12:53:49.0023 4336 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:53:49.0024 4336 iScsiPrt - ok
12:53:49.0085 4336 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:53:49.0106 4336 iteatapi - ok
12:53:49.0147 4336 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:53:49.0148 4336 iteraid - ok
12:53:49.0185 4336 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:53:49.0185 4336 kbdclass - ok
12:53:49.0340 4336 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:53:49.0341 4336 kbdhid - ok
12:53:49.0363 4336 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:53:49.0364 4336 KeyIso - ok
12:53:49.0409 4336 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
12:53:49.0419 4336 KSecDD - ok
12:53:49.0485 4336 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
12:53:49.0508 4336 KtmRm - ok
12:53:49.0747 4336 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
12:53:49.0764 4336 LanmanServer - ok
12:53:49.0877 4336 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
12:53:49.0882 4336 LanmanWorkstation - ok
12:53:50.0050 4336 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
12:53:50.0050 4336 lirsgt - ok
12:53:50.0075 4336 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:53:50.0076 4336 lltdio - ok
12:53:50.0107 4336 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
12:53:50.0111 4336 lltdsvc - ok
12:53:50.0132 4336 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
12:53:50.0133 4336 lmhosts - ok
12:53:50.0169 4336 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
12:53:50.0171 4336 LSI_FC - ok
12:53:50.0188 4336 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
12:53:50.0190 4336 LSI_SAS - ok
12:53:50.0221 4336 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
12:53:50.0223 4336 LSI_SCSI - ok
12:53:50.0494 4336 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:53:50.0496 4336 luafv - ok
12:53:50.0553 4336 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
12:53:50.0594 4336 Mcx2Svc - ok
12:53:50.0689 4336 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
12:53:50.0690 4336 megasas - ok
12:53:50.0900 4336 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:53:50.0902 4336 MMCSS - ok
12:53:50.0927 4336 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:53:50.0928 4336 Modem - ok
12:53:51.0030 4336 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:53:51.0030 4336 monitor - ok
12:53:51.0053 4336 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:53:51.0054 4336 mouclass - ok
12:53:51.0076 4336 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:53:51.0077 4336 mouhid - ok
12:53:51.0381 4336 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:53:51.0409 4336 MountMgr - ok
12:53:51.0895 4336 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
12:53:51.0897 4336 MpFilter - ok
12:53:52.0053 4336 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
12:53:52.0055 4336 mpio - ok
12:53:52.0086 4336 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:53:52.0087 4336 mpsdrv - ok
12:53:52.0481 4336 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
12:53:52.0583 4336 MpsSvc - ok
12:53:52.0781 4336 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:53:52.0798 4336 Mraid35x - ok
12:53:52.0932 4336 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:53:52.0934 4336 MRxDAV - ok
12:53:52.0962 4336 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:53:52.0963 4336 mrxsmb - ok
12:53:53.0005 4336 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:53:53.0008 4336 mrxsmb10 - ok
12:53:53.0019 4336 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:53:53.0020 4336 mrxsmb20 - ok
12:53:53.0038 4336 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
12:53:53.0039 4336 msahci - ok
12:53:53.0058 4336 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
12:53:53.0059 4336 msdsm - ok
12:53:53.0111 4336 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
12:53:53.0114 4336 MSDTC - ok
12:53:53.0142 4336 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:53:53.0143 4336 Msfs - ok
12:53:53.0192 4336 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:53:53.0193 4336 msisadrv - ok
12:53:53.0311 4336 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
12:53:53.0433 4336 MSiSCSI - ok
12:53:53.0435 4336 msiserver - ok
12:53:53.0510 4336 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:53:53.0511 4336 MSKSSRV - ok
12:53:53.0548 4336 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:53:53.0549 4336 MSPCLOCK - ok
12:53:53.0593 4336 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:53:53.0600 4336 MSPQM - ok
12:53:53.0619 4336 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:53:53.0621 4336 MsRPC - ok
12:53:53.0714 4336 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:53:53.0715 4336 mssmbios - ok
12:53:53.0809 4336 MSSQL$MSSMLBIZ - ok
12:53:53.0931 4336 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:53:53.0933 4336 MSSQLServerADHelper - ok
12:53:53.0953 4336 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:53:53.0954 4336 MSTEE - ok
12:53:53.0980 4336 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:53:53.0980 4336 Mup - ok
12:53:54.0022 4336 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
12:53:54.0036 4336 napagent - ok
12:53:54.0110 4336 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:53:54.0113 4336 NativeWifiP - ok
12:53:54.0147 4336 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:53:54.0166 4336 NDIS - ok
12:53:54.0199 4336 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:53:54.0200 4336 NdisTapi - ok
12:53:54.0224 4336 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:53:54.0224 4336 Ndisuio - ok
12:53:54.0511 4336 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:53:54.0513 4336 NdisWan - ok
12:53:54.0540 4336 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:53:54.0541 4336 NDProxy - ok
12:53:54.0553 4336 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:53:54.0554 4336 NetBIOS - ok
12:53:54.0608 4336 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:53:54.0611 4336 netbt - ok
12:53:54.0629 4336 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:53:54.0631 4336 Netlogon - ok
12:53:55.0011 4336 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
12:53:55.0027 4336 Netman - ok
12:53:55.0060 4336 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
12:53:55.0076 4336 netprofm - ok
12:53:55.0148 4336 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:53:55.0150 4336 NetTcpPortSharing - ok
12:53:55.0202 4336 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:53:55.0204 4336 nfrd960 - ok
12:53:55.0259 4336 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:53:55.0260 4336 NisDrv - ok
12:53:55.0397 4336 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
12:53:55.0400 4336 NisSrv - ok
12:53:55.0433 4336 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
12:53:55.0437 4336 NlaSvc - ok
12:53:55.0559 4336 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:53:55.0560 4336 Npfs - ok
12:53:55.0679 4336 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
12:53:55.0692 4336 nsi - ok
12:53:55.0763 4336 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:53:55.0775 4336 nsiproxy - ok
12:53:56.0008 4336 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:53:56.0026 4336 Ntfs - ok
12:53:56.0053 4336 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:53:56.0054 4336 ntrigdigi - ok
12:53:56.0071 4336 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:53:56.0071 4336 Null - ok
12:53:56.0099 4336 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
12:53:56.0101 4336 nvraid - ok
12:53:56.0147 4336 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
12:53:56.0149 4336 nvstor - ok
12:53:56.0171 4336 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
12:53:56.0173 4336 nv_agp - ok
12:53:56.0176 4336 NwlnkFlt - ok
12:53:56.0179 4336 NwlnkFwd - ok
12:53:56.0475 4336 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:53:56.0525 4336 odserv - ok
12:53:56.0607 4336 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
12:53:56.0608 4336 ohci1394 - ok
12:53:56.0715 4336 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:53:56.0735 4336 ose - ok
12:53:57.0336 4336 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:53:57.0351 4336 p2pimsvc - ok
12:53:57.0358 4336 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:53:57.0364 4336 p2psvc - ok
12:53:57.0386 4336 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:53:57.0388 4336 Parport - ok
12:53:57.0416 4336 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
12:53:57.0417 4336 partmgr - ok
12:53:57.0435 4336 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:53:57.0436 4336 Parvdm - ok
12:53:57.0454 4336 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
12:53:57.0457 4336 PcaSvc - ok
12:53:57.0501 4336 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:53:57.0503 4336 pci - ok
12:53:57.0522 4336 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
12:53:57.0523 4336 pciide - ok
12:53:57.0549 4336 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:53:57.0552 4336 pcmcia - ok
12:53:57.0591 4336 pe3alvyb (c0ccccc2933742ad136d033a3eeda3c4) C:\Windows\system32\drivers\pe3alvyb.sys
12:53:57.0592 4336 pe3alvyb - ok
12:53:57.0664 4336 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:53:57.0688 4336 PEAUTH - ok
12:53:58.0036 4336 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
12:53:58.0055 4336 pla - ok
12:53:58.0481 4336 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
12:53:58.0497 4336 PlugPlay - ok
12:53:58.0683 4336 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:53:58.0725 4336 PNRPAutoReg - ok
12:53:58.0732 4336 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:53:58.0737 4336 PNRPsvc - ok
12:53:58.0872 4336 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
12:53:58.0877 4336 PolicyAgent - ok
12:53:58.0915 4336 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:53:58.0916 4336 PptpMiniport - ok
12:53:58.0937 4336 pr2alvyb - ok
12:53:59.0029 4336 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
12:53:59.0031 4336 Processor - ok
12:53:59.0159 4336 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
12:53:59.0224 4336 ProfSvc - ok
12:53:59.0240 4336 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:53:59.0241 4336 ProtectedStorage - ok
12:53:59.0289 4336 ps6alvyb (934de5c7a46c347494ebd203e0a977df) C:\Windows\system32\drivers\ps6alvyb.sys
12:53:59.0290 4336 ps6alvyb - ok
12:53:59.0377 4336 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:53:59.0377 4336 PSched - ok
12:53:59.0558 4336 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
12:53:59.0601 4336 ql2300 - ok
12:53:59.0800 4336 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:53:59.0802 4336 ql40xx - ok
12:53:59.0841 4336 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
12:53:59.0868 4336 QWAVE - ok
12:53:59.0877 4336 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:53:59.0878 4336 QWAVEdrv - ok
12:53:59.0988 4336 RapiMgr (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
12:53:59.0991 4336 RapiMgr - ok
12:54:00.0005 4336 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:54:00.0005 4336 RasAcd - ok
12:54:00.0021 4336 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
12:54:00.0024 4336 RasAuto - ok
12:54:00.0048 4336 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:54:00.0050 4336 Rasl2tp - ok
12:54:00.0104 4336 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
12:54:00.0119 4336 RasMan - ok
12:54:00.0238 4336 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:54:00.0239 4336 RasPppoe - ok
12:54:00.0291 4336 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:54:00.0292 4336 RasSstp - ok
12:54:00.0345 4336 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:54:00.0362 4336 rdbss - ok
12:54:00.0381 4336 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:54:00.0381 4336 RDPCDD - ok
12:54:00.0550 4336 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
12:54:00.0553 4336 rdpdr - ok
12:54:00.0556 4336 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:54:00.0557 4336 RDPENCDD - ok
12:54:00.0800 4336 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
12:54:00.0803 4336 RDPWD - ok
12:54:00.0831 4336 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
12:54:00.0832 4336 RemoteAccess - ok
12:54:00.0874 4336 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
12:54:00.0899 4336 RemoteRegistry - ok
12:54:00.0960 4336 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
12:54:00.0962 4336 RpcLocator - ok
12:54:01.0022 4336 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:54:01.0027 4336 RpcSs - ok
12:54:01.0064 4336 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:54:01.0065 4336 rspndr - ok
12:54:01.0161 4336 RTHDMIAzAudService (72a5515a2031d458dd38e9336594184b) C:\Windows\system32\drivers\RtHDMIV.sys
12:54:01.0162 4336 RTHDMIAzAudService - ok
12:54:01.0229 4336 SaiK0836 (a7f24863de0375db777a8a3cf4b29539) C:\Windows\system32\DRIVERS\SaiK0836.sys
12:54:01.0231 4336 SaiK0836 - ok
12:54:01.0263 4336 SaiMini (191b8f3b3dfa1e199d398dbc0c09544e) C:\Windows\system32\DRIVERS\SaiMini.sys
12:54:01.0264 4336 SaiMini - ok
12:54:01.0285 4336 SaiNtBus (534161d0a07014a7d81c6721a7ae6c08) C:\Windows\system32\drivers\SaiBus.sys
12:54:01.0286 4336 SaiNtBus - ok
12:54:01.0317 4336 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:54:01.0319 4336 SamSs - ok
12:54:01.0350 4336 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:54:01.0352 4336 sbp2port - ok
12:54:01.0648 4336 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
12:54:01.0662 4336 SBSDWSCService - ok
12:54:01.0995 4336 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
12:54:02.0234 4336 SCardSvr - ok
12:54:02.0545 4336 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
12:54:02.0649 4336 Schedule - ok
12:54:02.0784 4336 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:54:02.0785 4336 SCPolicySvc - ok
12:54:02.0838 4336 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
12:54:02.0842 4336 SDRSVC - ok
12:54:03.0032 4336 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
12:54:03.0034 4336 SeaPort - ok
12:54:03.0166 4336 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:54:03.0167 4336 secdrv - ok
12:54:03.0192 4336 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
12:54:03.0194 4336 seclogon - ok
12:54:03.0199 4336 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
12:54:03.0201 4336 SENS - ok
12:54:03.0231 4336 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
12:54:03.0241 4336 Serenum - ok
12:54:03.0284 4336 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
12:54:03.0285 4336 Serial - ok
12:54:03.0312 4336 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:54:03.0313 4336 sermouse - ok
12:54:03.0346 4336 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
12:54:03.0349 4336 SessionEnv - ok
12:54:03.0366 4336 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
12:54:03.0366 4336 sffdisk - ok
12:54:03.0380 4336 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
12:54:03.0381 4336 sffp_mmc - ok
12:54:03.0390 4336 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
12:54:03.0391 4336 sffp_sd - ok
12:54:03.0398 4336 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:54:03.0399 4336 sfloppy - ok
12:54:03.0474 4336 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
12:54:03.0478 4336 SharedAccess - ok
12:54:03.0529 4336 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
12:54:03.0550 4336 ShellHWDetection - ok
12:54:03.0697 4336 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
12:54:03.0723 4336 sisagp - ok
12:54:03.0777 4336 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
12:54:03.0778 4336 SiSRaid2 - ok
12:54:03.0799 4336 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
12:54:03.0801 4336 SiSRaid4 - ok
12:54:04.0420 4336 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
12:54:04.0500 4336 slsvc - ok
12:54:04.0649 4336 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
12:54:04.0652 4336 SLUINotify - ok
12:54:04.0711 4336 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:54:04.0713 4336 Smb - ok
12:54:04.0739 4336 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
12:54:04.0742 4336 SNMPTRAP - ok
12:54:04.0759 4336 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:54:04.0759 4336 spldr - ok
12:54:04.0789 4336 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
12:54:04.0885 4336 Spooler - ok
12:54:05.0018 4336 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:54:05.0023 4336 SQLBrowser - ok
12:54:05.0216 4336 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:54:05.0217 4336 SQLWriter - ok
12:54:05.0411 4336 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:54:05.0416 4336 srv - ok
12:54:05.0466 4336 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:54:05.0468 4336 srv2 - ok
12:54:05.0494 4336 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:54:05.0495 4336 srvnet - ok
12:54:05.0539 4336 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
12:54:05.0543 4336 SSDPSRV - ok
12:54:05.0637 4336 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
12:54:05.0638 4336 SSPORT - ok
12:54:05.0686 4336 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
12:54:05.0689 4336 SstpSvc - ok
12:54:05.0725 4336 Steam Client Service - ok
12:54:05.0782 4336 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
12:54:05.0792 4336 stisvc - ok
12:54:05.0815 4336 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:54:05.0815 4336 swenum - ok
12:54:05.0893 4336 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
12:54:05.0906 4336 swprv - ok
12:54:05.0937 4336 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:54:05.0938 4336 Symc8xx - ok
12:54:05.0956 4336 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:54:05.0957 4336 Sym_hi - ok
12:54:05.0975 4336 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:54:05.0976 4336 Sym_u3 - ok
12:54:06.0022 4336 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
12:54:06.0039 4336 SysMain - ok
12:54:06.0086 4336 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
12:54:06.0089 4336 TabletInputService - ok
12:54:06.0248 4336 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
12:54:06.0266 4336 TapiSrv - ok
12:54:06.0295 4336 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
12:54:06.0297 4336 TBS - ok
12:54:06.0392 4336 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
12:54:06.0403 4336 Tcpip - ok
12:54:06.0423 4336 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
12:54:06.0428 4336 Tcpip6 - ok
12:54:06.0542 4336 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
12:54:06.0543 4336 tcpipreg - ok
12:54:06.0560 4336 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:54:06.0561 4336 TDPIPE - ok
12:54:06.0587 4336 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:54:06.0588 4336 TDTCP - ok
12:54:06.0633 4336 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:54:06.0634 4336 tdx - ok
12:54:06.0666 4336 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:54:06.0666 4336 TermDD - ok
12:54:07.0041 4336 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
12:54:07.0048 4336 TermService - ok
12:54:07.0090 4336 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
12:54:07.0094 4336 Themes - ok
12:54:07.0186 4336 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:54:07.0188 4336 THREADORDER - ok
12:54:07.0210 4336 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
12:54:07.0213 4336 TrkWks - ok
12:54:07.0405 4336 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
12:54:07.0406 4336 TrustedInstaller - ok
12:54:07.0431 4336 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:54:07.0432 4336 tssecsrv - ok
12:54:07.0826 4336 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:54:07.0827 4336 tunmp - ok
12:54:08.0016 4336 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:54:08.0060 4336 tunnel - ok
12:54:08.0119 4336 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
12:54:08.0121 4336 uagp35 - ok
12:54:08.0347 4336 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:54:08.0351 4336 udfs - ok
12:54:08.0423 4336 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
12:54:08.0425 4336 UI0Detect - ok
12:54:08.0444 4336 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
12:54:08.0446 4336 uliagpkx - ok
12:54:08.0479 4336 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
12:54:08.0482 4336 uliahci - ok
12:54:08.0503 4336 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:54:08.0505 4336 UlSata - ok
12:54:08.0529 4336 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:54:08.0531 4336 ulsata2 - ok
12:54:08.0796 4336 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:54:08.0808 4336 umbus - ok
12:54:08.0859 4336 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
12:54:08.0863 4336 UmRdpService - ok
12:54:09.0035 4336 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
12:54:09.0051 4336 upnphost - ok
12:54:09.0109 4336 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
12:54:09.0111 4336 usbaudio - ok
12:54:09.0160 4336 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:54:09.0161 4336 usbccgp - ok
12:54:09.0186 4336 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:54:09.0187 4336 usbcir - ok
12:54:09.0218 4336 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:54:09.0219 4336 usbehci - ok
12:54:09.0445 4336 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:54:09.0448 4336 usbhub - ok
12:54:09.0465 4336 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
12:54:09.0466 4336 usbohci - ok
12:54:09.0473 4336 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
12:54:09.0474 4336 usbprint - ok
12:54:09.0506 4336 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:54:09.0507 4336 USBSTOR - ok
12:54:09.0538 4336 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:54:09.0538 4336 usbuhci - ok
12:54:09.0722 4336 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
12:54:09.0724 4336 usbvideo - ok
12:54:09.0758 4336 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
12:54:09.0759 4336 usb_rndisx - ok
12:54:09.0777 4336 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
12:54:09.0780 4336 UxSms - ok
12:54:10.0052 4336 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
12:54:10.0067 4336 vds - ok
12:54:10.0092 4336 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
12:54:10.0093 4336 vga - ok
12:54:10.0121 4336 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:54:10.0122 4336 VgaSave - ok
12:54:10.0147 4336 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
12:54:10.0148 4336 viaagp - ok
12:54:10.0165 4336 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
12:54:10.0166 4336 ViaC7 - ok
12:54:10.0186 4336 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
12:54:10.0187 4336 viaide - ok
12:54:10.0210 4336 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:54:10.0211 4336 volmgr - ok
12:54:10.0259 4336 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:54:10.0272 4336 volmgrx - ok
12:54:10.0310 4336 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:54:10.0321 4336 volsnap - ok
12:54:10.0347 4336 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
12:54:10.0349 4336 vsmraid - ok
12:54:10.0482 4336 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
12:54:10.0497 4336 VSS - ok
12:54:10.0543 4336 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
12:54:10.0550 4336 W32Time - ok
12:54:10.0638 4336 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:54:10.0638 4336 WacomPen - ok
12:54:10.0668 4336 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:54:10.0669 4336 Wanarp - ok
12:54:10.0672 4336 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:54:10.0672 4336 Wanarpv6 - ok
12:54:10.0901 4336 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
12:54:10.0913 4336 wbengine - ok
12:54:11.0285 4336 WcesComm (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
12:54:11.0290 4336 WcesComm - ok
12:54:11.0657 4336 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
12:54:11.0713 4336 wcncsvc - ok
12:54:11.0727 4336 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
12:54:11.0730 4336 WcsPlugInService - ok
12:54:11.0809 4336 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
12:54:11.0810 4336 Wd - ok
12:54:11.0881 4336 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:54:11.0887 4336 Wdf01000 - ok
12:54:11.0975 4336 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:54:11.0979 4336 WdiServiceHost - ok
12:54:11.0981 4336 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:54:11.0983 4336 WdiSystemHost - ok
12:54:12.0155 4336 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
12:54:12.0159 4336 WebClient - ok
12:54:12.0314 4336 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
12:54:12.0319 4336 Wecsvc - ok
12:54:12.0536 4336 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
12:54:12.0539 4336 wercplsupport - ok
12:54:12.0574 4336 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
12:54:12.0581 4336 WerSvc - ok
12:54:12.0650 4336 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
12:54:12.0653 4336 WinDefend - ok
12:54:12.0657 4336 WinHttpAutoProxySvc - ok
12:54:12.0920 4336 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
12:54:12.0922 4336 Winmgmt - ok
12:54:13.0066 4336 WinRing0_1_1_1 (57fbced72f6ebee6c5e5776e08768ee8) C:\Users\Jonathon Loo\Documents\RealTemp_2.70\WinRing0.sys
12:54:13.0131 4336 WinRing0_1_1_1 - ok
12:54:13.0303 4336 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
12:54:13.0327 4336 WinRM - ok
12:54:13.0453 4336 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
12:54:13.0454 4336 winusb - ok
12:54:13.0504 4336 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
12:54:13.0550 4336 Wlansvc - ok
12:54:13.0944 4336 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:54:14.0006 4336 wlidsvc - ok
12:54:14.0413 4336 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
12:54:14.0426 4336 WmiAcpi - ok
12:54:14.0571 4336 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
12:54:14.0574 4336 wmiApSrv - ok
12:54:14.0664 4336 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:54:14.0685 4336 WMPNetworkSvc - ok
12:54:14.0781 4336 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
12:54:14.0988 4336 WPCSvc - ok
12:54:15.0048 4336 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
12:54:15.0052 4336 WPDBusEnum - ok
12:54:15.0151 4336 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:54:15.0152 4336 WpdUsb - ok
12:54:15.0561 4336 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:54:15.0600 4336 WPFFontCache_v0400 - ok
12:54:15.0673 4336 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:54:15.0674 4336 ws2ifsl - ok
12:54:15.0724 4336 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
12:54:15.0727 4336 wscsvc - ok
12:54:15.0730 4336 WSearch - ok
12:54:15.0997 4336 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
12:54:16.0019 4336 wuauserv - ok
12:54:16.0561 4336 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:54:16.0562 4336 WUDFRd - ok
12:54:16.0705 4336 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
12:54:16.0708 4336 wudfsvc - ok
12:54:16.0720 4336 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:54:17.0233 4336 \Device\Harddisk0\DR0 - ok
12:54:17.0236 4336 Boot (0x1200) (afc4d6efe5ccaeac41ca704d448c673b) \Device\Harddisk0\DR0\Partition0
12:54:17.0237 4336 \Device\Harddisk0\DR0\Partition0 - ok
12:54:17.0237 4336 ============================================================
12:54:17.0238 4336 Scan finished
12:54:17.0238 4336 ============================================================
12:54:17.0248 4328 Detected object count: 0
12:54:17.0248 4328 Actual detected object count: 0

ASWMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-30 12:56:40
-----------------------------
12:56:40.220 OS Version: Windows 6.0.6002 Service Pack 2
12:56:40.220 Number of processors: 4 586 0x1707
12:56:40.221 ComputerName: JONATHONLOO2-PC UserName: Jonathon Loo
12:56:48.136 Initialize success
13:00:09.114 AVAST engine defs: 12063001
13:01:36.803 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-3
13:01:36.806 Disk 0 Vendor: WDC_WD5000AACS-00G8B0 05.04C05 Size: 476940MB BusType: 3
13:01:36.830 Disk 0 MBR read successfully
13:01:36.832 Disk 0 MBR scan
13:01:36.836 Disk 0 Windows VISTA default MBR code
13:01:36.886 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
13:01:36.904 Disk 0 scanning sectors +976771072
13:01:36.985 Disk 0 scanning C:\Windows\system32\drivers
13:01:47.723 Service scanning
13:02:13.851 Modules scanning
13:02:19.417 Disk 0 trace - called modules:
13:02:19.433 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
13:02:19.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87546ac8]
13:02:19.775 3 CLASSPNP.SYS[8c5d68b3] -> nt!IofCallDriver -> [0x86147a70]
13:02:19.780 5 acpi.sys[806916bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-3[0x86b7ab98]
13:02:22.911 AVAST engine scan C:\Windows
13:02:37.643 AVAST engine scan C:\Windows\system32
13:04:57.626 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:06:04.643 AVAST engine scan C:\Windows\system32\drivers
13:06:18.796 AVAST engine scan C:\Users\Jonathon Loo
13:07:22.309 Disk 0 MBR has been saved successfully to "C:\Users\Jonathon Loo\Desktop\MBR.dat"
13:07:22.332 The log file has been saved successfully to "C:\Users\Jonathon Loo\Desktop\aswMBR.txt"




The system seems to run faster now. How would I fix windows security center. Good news is window's firewall started working again.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 30 June 2012 - 03:44 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Windows\assembly\GAC\Desktop.ini

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Icejon

Icejon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 30 June 2012 - 04:03 PM

Now I get random browser popups, do I need to use fix MBR? I just did the log.

#9 Icejon

Icejon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 30 June 2012 - 04:39 PM

ComboFix 12-06-28.03 - Jonathon Loo 06/30/2012 14:14:37.2.4 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.2171 [GMT -7:00]
Running from: c:\users\Jonathon Loo\Desktop\ComboFix.exe
Command switches used :: c:\users\Jonathon Loo\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\assembly\GAC\Desktop.ini"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\@
c:\windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\L\00000004.@
c:\windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\L\55490ac4
c:\windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\n
c:\windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\U\00000004.@
c:\windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\U\00000008.@
c:\windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\U\000000cb.@
c:\windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\U\80000000.@
c:\windows\Installer\{eff6c25b-b78e-14fd-f29f-29862ebf3d80}\U\80000032.@
c:\windows\system32\
.
c:\windows\system32\services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 21:22 . 2012-06-30 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-28 08:15 . 2012-06-28 08:15 -------- d-----w- c:\users\Jonathon Loo\AppData\Roaming\Malwarebytes
2012-06-28 08:15 . 2012-06-28 08:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-28 08:15 . 2012-06-28 08:15 -------- d-----w- c:\programdata\Malwarebytes
2012-06-28 08:15 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 08:11 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-26 04:59 . 2012-06-26 04:59 -------- d-----w- c:\windows\en
2012-06-26 04:45 . 2012-06-26 04:45 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\71bc05811cd535601\DSETUP.dll
2012-06-26 04:45 . 2012-06-26 04:45 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\71bc05811cd535601\DXSETUP.exe
2012-06-26 04:45 . 2012-06-26 04:45 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\71bc05811cd535601\dsetup32.dll
2012-06-26 04:44 . 2012-06-26 04:44 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-26 03:47 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BDD8C9C-A6CA-41C4-B55B-C6978A3D4E81}\mpengine.dll
2012-06-25 00:48 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-22 21:27 . 2012-06-22 21:27 -------- d-----w- c:\program files\Samsung
2012-06-14 05:09 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 05:09 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 05:09 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 05:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 05:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 16:09 . 2012-02-10 06:11 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62877BD6-97F4-48C1-A567-27EA68242113}\gapaengine.dll
2012-06-11 06:01 . 2012-06-11 06:02 -------- d-----w- c:\program files\Google
2012-06-11 06:01 . 2012-06-11 06:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-10 13:18 . 2012-06-10 13:18 -------- d-----w- c:\program files\Dropbox
2012-06-09 01:12 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-09 01:12 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-09 01:12 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-09 01:12 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-09 01:12 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-09 01:12 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-09 01:12 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-09 01:11 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-09 01:11 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 06:01 . 2011-08-23 14:34 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-12 00:54 . 2012-05-12 00:54 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-03 08:16 . 2012-05-12 01:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-12 01:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Jonathon Loo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Jonathon Loo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Jonathon Loo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-05 3077528]
"EADM"="c:\program files\Origin\Origin.exe" [2012-05-25 3407496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-25 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 154136]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-01 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
c:\users\Jonathon Loo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jonathon Loo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Folding@home-gpu.lnk - c:\users\Jonathon Loo\AppData\Roaming\Microsoft\Installer\{6A90C837-054E-44AE-B9BD-1B1F87986BBC}\_98830A63A82EB98D7BA198.exe [2009-5-12 98477]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfilerU]
2007-10-02 17:10 233472 ----a-w- c:\program files\Saitek\SD6\Software\ProfilerU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
2007-10-02 17:10 131072 ----a-w- c:\program files\Saitek\SD6\Software\SaiMfd.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S3 A3AX;D-Link AirPro DWL-A520 PCI Adapter Service;c:\windows\system32\DRIVERS\a3ax.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-12 01:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 17:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 06:01]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-11 06:02]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-11 06:02]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2482749592-1624302976-3925070668-1000Core.job
- c:\users\Jonathon Loo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-05 06:41]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2482749592-1624302976-3925070668-1000UA.job
- c:\users\Jonathon Loo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-05 06:41]
.
.
------- Supplementary Scan -------
.
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-30 14:28
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2482749592-1624302976-3925070668-1000\Software\SecuROM\License information*]
"datasecu"=hex:3d,a7,2f,05,4f,e2,37,bd,1c,53,19,4d,01,86,03,45,25,2b,37,bd,cb,
1f,fe,99,cd,a5,a1,c5,82,d1,c0,a2,b5,06,1a,d2,9f,ee,85,06,5d,ff,7e,0a,9c,b3,\
"rkeysecu"=hex:99,ee,64,8c,a8,0b,6f,89,9c,b3,2e,69,e2,6b,a2,7c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3484)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\windows\system32\MSWSOCK.dll
mswsock.dll 74fb0000 241664 \\?\globalroot\systemroot\system32\mswsock.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\users\Jonathon Loo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\System32\NLSData0009.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\atieclxx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2012-06-30 14:35:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-30 21:35
ComboFix2.txt 2012-06-30 07:53
.
Pre-Run: 143,157,780,480 bytes free
Post-Run: 143,158,149,120 bytes free
.
- - End Of File - - 4099A9924856BACCB6A819871A29D0CD

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 30 June 2012 - 08:52 PM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 03 July 2012 - 12:18 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 05 July 2012 - 11:21 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 08 July 2012 - 11:17 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users