Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Patched B Gen Trojan, Need Help


  • This topic is locked This topic is locked
16 replies to this topic

#1 krispf3

krispf3

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 09 July 2012 - 11:06 PM

Hi,

NOD32 has been going mad saying im infected with this virus. It wont let me remove it. How can I fix my computer?

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 10 July 2012 - 12:14 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 krispf3

krispf3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 10 July 2012 - 12:27 AM

reen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
ESET NOD32 Antivirus 5.0
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java™ 6 Update 32
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Kris at 1:22:08 on 2012-07-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4084.2420 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Brownie\BrStsW64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Brownie\brpjp04a.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DA6D55E4-136C-45AD-A566-DAF396F0835F} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DA6D55E4-136C-45AD-A566-DAF396F0835F}\261627E61636C656 : DhcpNameServer = 69.78.96.14 66.174.95.44
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\ezomq777.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-5-29 2143072]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-13 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-2 257224]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-9 113120]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-09 21:02:56 -------- d-----w- C:\Users\Kris\AppData\Roaming\Malwarebytes
2012-07-09 21:02:49 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-09 21:02:48 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-09 21:02:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-09 02:07:52 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-06 15:38:46 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3B57B37F-DC94-4C44-ABCE-6614335F334F}\mpengine.dll
2012-06-23 13:39:08 -------- d-----w- C:\Users\Kris\AppData\Local\Macromedia
2012-06-19 02:40:06 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 02:39:55 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 02:39:23 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 02:39:23 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-13 11:02:53 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 11:01:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-07-09 01:55:14 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-09 01:55:14 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-23 13:35:07 9815752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-29 18:46:48 34656 ----a-w- C:\Windows\System32\TURegOpt.exe
2012-05-29 18:46:46 35680 ----a-w- C:\Windows\System32\uxtuneup.dll
2012-05-29 18:46:46 29024 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2012-05-29 18:46:46 25952 ----a-w- C:\Windows\System32\authuitu.dll
2012-05-29 18:46:46 21344 ----a-w- C:\Windows\SysWow64\authuitu.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 20:47:32 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-05-04 20:47:30 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-05-04 18:21:40 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-04 18:21:39 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-03 02:12:41 0 ----a-w- C:\Windows\ativpsrm.bin
2012-05-03 00:03:02 75 --sh--r- C:\Windows\CT4CET.bin
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
.
============= FINISH: 1:22:31.71 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/2/2012 7:39:36 PM
System Uptime: 7/9/2012 10:56:21 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0KM426
Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz | U2E1 | 928/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 231.012 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_E230&SUBSYS_02BD1028&REV_01\4&7E629B4&0&01E4
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_E230&SUBSYS_02BD1028&REV_01\4&7E629B4&0&01E4
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_E852&SUBSYS_02BD1028&REV_01\4&7E629B4&0&02E4
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_E852&SUBSYS_02BD1028&REV_01\4&7E629B4&0&02E4
Service:
.
Class GUID:
Description:
Device ID: ACPI\SMO8800\1
Manufacturer:
Name:
PNP Device ID: ACPI\SMO8800\1
Service:
.
==== System Restore Points ===================
.
RP36: 6/14/2012 6:50:31 AM - Windows Modules Installer
RP37: 6/15/2012 7:49:29 PM - Windows Update
RP38: 6/18/2012 10:38:47 PM - Windows Update
RP39: 6/19/2012 10:37:48 PM - Windows Update
RP40: 6/26/2012 9:57:46 AM - Windows Update
RP41: 6/29/2012 11:16:25 AM - Windows Update
RP42: 7/3/2012 4:32:40 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Ares 2.1.8
Brother HL-2140
Combined Community Codec Pack 2011-11-11
Dell Resource CD
Dell Webcam Central
Java Auto Updater
Java™ 6 Update 32
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Realtek 8136 8168 8169 Ethernet Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
.
==== Event Viewer Messages From Past Week ========
.
7/9/2012 5:44:09 PM, Error: Service Control Manager [7001] -
7/9/2012 5:42:20 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
7/9/2012 5:13:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/9/2012 5:13:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/9/2012 5:13:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/9/2012 5:13:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/9/2012 5:13:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/9/2012 5:13:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/10/2012 12:32:52 AM, Error: atikmdag [43029] - Display is not active
.
==== End Of File ===========================


thanks for the help, Gringo. No problems so far.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 10 July 2012 - 12:30 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 krispf3

krispf3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 10 July 2012 - 11:00 AM

ComboFix 12-07-10.01 - Kris 07/10/2012 11:21:59.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4084.2931 [GMT -4:00]
Running from: c:\users\Kris\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{084347df-4da1-b457-c3b8-76a66e3c1c86}\@
c:\windows\Installer\{084347df-4da1-b457-c3b8-76a66e3c1c86}\L\00000004.@
c:\windows\Installer\{084347df-4da1-b457-c3b8-76a66e3c1c86}\L\1afb2d56
c:\windows\Installer\{084347df-4da1-b457-c3b8-76a66e3c1c86}\L\201d3dde
c:\windows\Installer\{084347df-4da1-b457-c3b8-76a66e3c1c86}\U\00000004.@
c:\windows\Installer\{084347df-4da1-b457-c3b8-76a66e3c1c86}\U\00000008.@
c:\windows\Installer\{084347df-4da1-b457-c3b8-76a66e3c1c86}\U\000000cb.@
c:\windows\Installer\{084347df-4da1-b457-c3b8-76a66e3c1c86}\U\80000032.@
c:\windows\Installer\{084347df-4da1-b457-c3b8-76a66e3c1c86}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-09 21:02 . 2012-07-09 21:02 -------- d-----w- c:\users\Kris\AppData\Roaming\Malwarebytes
2012-07-09 21:02 . 2012-07-09 21:02 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 21:02 . 2012-07-09 21:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-09 21:02 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-09 02:07 . 2012-07-09 02:07 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-07 02:31 . 2012-07-07 02:31 -------- d-----w- c:\programdata\Creative
2012-07-07 02:31 . 2012-07-07 02:31 -------- d-----w- c:\users\Kris\AppData\Roaming\Creative
2012-07-06 15:38 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B57B37F-DC94-4C44-ABCE-6614335F334F}\mpengine.dll
2012-06-23 13:39 . 2012-06-23 13:39 -------- d-----w- c:\users\Kris\AppData\Local\Macromedia
2012-06-19 02:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 02:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 02:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 02:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 02:39 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 02:39 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 02:39 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 02:39 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 02:39 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 11:02 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 11:01 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-09 01:55 . 2012-05-03 00:28 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-09 01:55 . 2012-05-03 00:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 13:35 . 2012-05-05 02:52 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-29 18:46 . 2012-05-03 01:18 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-05-29 18:46 . 2012-05-03 01:20 35680 ----a-w- c:\windows\system32\uxtuneup.dll
2012-05-29 18:46 . 2012-05-03 01:20 29024 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2012-05-29 18:46 . 2012-05-03 01:18 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-05-29 18:46 . 2012-05-03 01:18 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-05-04 20:47 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-04 20:47 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-04 18:21 . 2012-05-04 18:22 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 18:21 . 2012-05-04 18:22 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-03 15:41 . 2012-05-03 15:41 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-03 15:41 . 2012-05-03 15:41 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-03 15:41 . 2012-05-03 15:41 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-03 15:41 . 2012-05-03 15:41 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-03 15:41 . 2012-05-03 15:41 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-03 15:41 . 2012-05-03 15:41 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-03 15:41 . 2012-05-03 15:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-03 15:41 . 2012-05-03 15:41 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-03 15:41 . 2012-05-03 15:41 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-03 15:41 . 2012-05-03 15:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-03 15:41 . 2012-05-03 15:41 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-03 15:41 . 2012-05-03 15:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-03 15:41 . 2012-05-03 15:41 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-03 15:41 . 2012-05-03 15:41 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-03 15:41 . 2012-05-03 15:41 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-03 15:41 . 2012-05-03 15:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-03 15:41 . 2012-05-03 15:41 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-03 15:41 . 2012-05-03 15:41 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-03 15:41 . 2012-05-03 15:41 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-03 15:41 . 2012-05-03 15:41 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-03 15:41 . 2012-05-03 15:41 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-03 15:41 . 2012-05-03 15:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-03 15:41 . 2012-05-03 15:41 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-03 15:41 . 2012-05-03 15:41 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-03 15:41 . 2012-05-03 15:41 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-03 15:41 . 2012-05-03 15:41 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-03 15:41 . 2012-05-03 15:41 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-03 15:41 . 2012-05-03 15:41 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-03 15:41 . 2012-05-03 15:41 448512 ----a-w- c:\windows\system32\html.iec
2012-05-03 15:41 . 2012-05-03 15:41 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-03 15:41 . 2012-05-03 15:41 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-03 15:41 . 2012-05-03 15:41 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-02 23:46 . 2012-05-02 23:46 45056 ----a-r- c:\users\Kris\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files (x86)\Ares\Ares.exe" [2012-02-02 3209216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2007-08-01 903168]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 257224]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-03 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-13 11856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 01:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\ezomq777.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-07-10 11:55:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-10 15:55
.
Pre-Run: 248,926,822,400 bytes free
Post-Run: 250,338,254,848 bytes free
.
- - End Of File - - 46791A687814D08741F9CDBA15D8A638


I uninstalled NOD32 because I couldn't figure out how to completely disable it. Thus, I cannot tell if the virus is gone because there are no pop ups. Should it be gone now? Overall performance is OK, nothing worth noting at the moment. Once this issue is sorted, I will reinstall virus protection.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 10 July 2012 - 08:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 krispf3

krispf3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 10 July 2012 - 10:26 PM

23:18:47.0543 4648 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
23:18:47.0977 4648 ============================================================
23:18:47.0977 4648 Current date / time: 2012/07/10 23:18:47.0977
23:18:47.0977 4648 SystemInfo:
23:18:47.0977 4648
23:18:47.0977 4648 OS Version: 6.1.7601 ServicePack: 1.0
23:18:47.0977 4648 Product type: Workstation
23:18:47.0977 4648 ComputerName: KRIS-PC
23:18:47.0977 4648 UserName: Kris
23:18:47.0977 4648 Windows directory: C:\Windows
23:18:47.0977 4648 System windows directory: C:\Windows
23:18:47.0978 4648 Running under WOW64
23:18:47.0978 4648 Processor architecture: Intel x64
23:18:47.0978 4648 Number of processors: 8
23:18:47.0978 4648 Page size: 0x1000
23:18:47.0978 4648 Boot type: Normal boot
23:18:47.0978 4648 ============================================================
23:18:48.0887 4648 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:18:48.0893 4648 ============================================================
23:18:48.0893 4648 \Device\Harddisk0\DR0:
23:18:48.0894 4648 MBR partitions:
23:18:48.0894 4648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x155F000
23:18:48.0894 4648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x157E800, BlocksNum 0x23EAF800
23:18:48.0894 4648 ============================================================
23:18:48.0918 4648 C: <-> \Device\Harddisk0\DR0\Partition1
23:18:48.0918 4648 ============================================================
23:18:48.0918 4648 Initialize success
23:18:48.0918 4648 ============================================================
23:18:56.0329 4104 ============================================================
23:18:56.0329 4104 Scan started
23:18:56.0329 4104 Mode: Manual;
23:18:56.0329 4104 ============================================================
23:18:57.0460 4104 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:18:57.0474 4104 1394ohci - ok
23:18:57.0518 4104 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:18:57.0533 4104 ACPI - ok
23:18:57.0559 4104 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:18:57.0562 4104 AcpiPmi - ok
23:18:57.0667 4104 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:18:57.0668 4104 AdobeARMservice - ok
23:18:57.0772 4104 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:18:57.0775 4104 AdobeFlashPlayerUpdateSvc - ok
23:18:57.0844 4104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:18:57.0874 4104 adp94xx - ok
23:18:57.0926 4104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:18:57.0932 4104 adpahci - ok
23:18:57.0960 4104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:18:57.0974 4104 adpu320 - ok
23:18:58.0008 4104 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:18:58.0011 4104 AeLookupSvc - ok
23:18:58.0076 4104 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:18:58.0094 4104 AFD - ok
23:18:58.0122 4104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:18:58.0125 4104 agp440 - ok
23:18:58.0145 4104 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:18:58.0147 4104 ALG - ok
23:18:58.0158 4104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:18:58.0161 4104 aliide - ok
23:18:58.0199 4104 AMD External Events Utility (d696f317bd465a602566f8e1dcce15f7) C:\Windows\system32\atiesrxx.exe
23:18:58.0211 4104 AMD External Events Utility - ok
23:18:58.0227 4104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:18:58.0230 4104 amdide - ok
23:18:58.0249 4104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:18:58.0252 4104 AmdK8 - ok
23:18:58.0263 4104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:18:58.0265 4104 AmdPPM - ok
23:18:58.0293 4104 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:18:58.0297 4104 amdsata - ok
23:18:58.0323 4104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:18:58.0337 4104 amdsbs - ok
23:18:58.0350 4104 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:18:58.0351 4104 amdxata - ok
23:18:58.0393 4104 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:18:58.0395 4104 AppID - ok
23:18:58.0416 4104 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:18:58.0418 4104 AppIDSvc - ok
23:18:58.0464 4104 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:18:58.0467 4104 Appinfo - ok
23:18:58.0570 4104 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:18:58.0571 4104 Apple Mobile Device - ok
23:18:58.0624 4104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:18:58.0628 4104 arc - ok
23:18:58.0643 4104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:18:58.0646 4104 arcsas - ok
23:18:58.0665 4104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:18:58.0667 4104 AsyncMac - ok
23:18:58.0694 4104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:18:58.0694 4104 atapi - ok
23:18:59.0101 4104 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
23:18:59.0220 4104 atikmdag - ok
23:18:59.0396 4104 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:18:59.0420 4104 AudioEndpointBuilder - ok
23:18:59.0432 4104 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:18:59.0440 4104 AudioSrv - ok
23:18:59.0476 4104 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:18:59.0479 4104 AxInstSV - ok
23:18:59.0547 4104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:18:59.0578 4104 b06bdrv - ok
23:18:59.0628 4104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:18:59.0641 4104 b57nd60a - ok
23:18:59.0671 4104 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:18:59.0674 4104 BDESVC - ok
23:18:59.0703 4104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:18:59.0705 4104 Beep - ok
23:18:59.0795 4104 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:18:59.0834 4104 BFE - ok
23:18:59.0894 4104 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
23:18:59.0934 4104 BITS - ok
23:18:59.0978 4104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:18:59.0982 4104 blbdrive - ok
23:19:00.0069 4104 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:19:00.0125 4104 Bonjour Service - ok
23:19:00.0170 4104 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:19:00.0173 4104 bowser - ok
23:19:00.0188 4104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:19:00.0190 4104 BrFiltLo - ok
23:19:00.0196 4104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:19:00.0197 4104 BrFiltUp - ok
23:19:00.0211 4104 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:19:00.0213 4104 BridgeMP - ok
23:19:00.0271 4104 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:19:00.0275 4104 Browser - ok
23:19:00.0308 4104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:19:00.0321 4104 Brserid - ok
23:19:00.0329 4104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:19:00.0332 4104 BrSerWdm - ok
23:19:00.0338 4104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:19:00.0339 4104 BrUsbMdm - ok
23:19:00.0345 4104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:19:00.0346 4104 BrUsbSer - ok
23:19:00.0357 4104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:19:00.0358 4104 BTHMODEM - ok
23:19:00.0385 4104 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:19:00.0387 4104 bthserv - ok
23:19:00.0406 4104 catchme - ok
23:19:00.0420 4104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:19:00.0422 4104 cdfs - ok
23:19:00.0452 4104 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:19:00.0455 4104 cdrom - ok
23:19:00.0491 4104 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:19:00.0494 4104 CertPropSvc - ok
23:19:00.0504 4104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:19:00.0505 4104 circlass - ok
23:19:00.0538 4104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:19:00.0553 4104 CLFS - ok
23:19:00.0618 4104 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:19:00.0621 4104 clr_optimization_v2.0.50727_32 - ok
23:19:00.0662 4104 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:19:00.0665 4104 clr_optimization_v2.0.50727_64 - ok
23:19:00.0730 4104 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:19:00.0733 4104 clr_optimization_v4.0.30319_32 - ok
23:19:00.0756 4104 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:19:00.0760 4104 clr_optimization_v4.0.30319_64 - ok
23:19:00.0774 4104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:19:00.0776 4104 CmBatt - ok
23:19:00.0794 4104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:19:00.0797 4104 cmdide - ok
23:19:00.0855 4104 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:19:00.0874 4104 CNG - ok
23:19:00.0891 4104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:19:00.0892 4104 Compbatt - ok
23:19:00.0922 4104 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:19:00.0924 4104 CompositeBus - ok
23:19:00.0929 4104 COMSysApp - ok
23:19:00.0948 4104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:19:00.0951 4104 crcdisk - ok
23:19:00.0991 4104 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:19:01.0004 4104 CryptSvc - ok
23:19:01.0044 4104 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
23:19:01.0059 4104 CtClsFlt - ok
23:19:01.0122 4104 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:19:01.0159 4104 DcomLaunch - ok
23:19:01.0206 4104 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:19:01.0218 4104 defragsvc - ok
23:19:01.0249 4104 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:19:01.0252 4104 DfsC - ok
23:19:01.0293 4104 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:19:01.0310 4104 Dhcp - ok
23:19:01.0333 4104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:19:01.0335 4104 discache - ok
23:19:01.0367 4104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:19:01.0369 4104 Disk - ok
23:19:01.0407 4104 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:19:01.0420 4104 Dnscache - ok
23:19:01.0459 4104 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:19:01.0473 4104 dot3svc - ok
23:19:01.0494 4104 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:19:01.0503 4104 DPS - ok
23:19:01.0546 4104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:19:01.0548 4104 drmkaud - ok
23:19:01.0631 4104 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:19:01.0641 4104 DXGKrnl - ok
23:19:01.0670 4104 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:19:01.0674 4104 EapHost - ok
23:19:01.0876 4104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:19:01.0970 4104 ebdrv - ok
23:19:02.0073 4104 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:19:02.0075 4104 EFS - ok
23:19:02.0161 4104 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:19:02.0182 4104 ehRecvr - ok
23:19:02.0216 4104 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:19:02.0220 4104 ehSched - ok
23:19:02.0279 4104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:19:02.0300 4104 elxstor - ok
23:19:02.0331 4104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:19:02.0333 4104 ErrDev - ok
23:19:02.0395 4104 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:19:02.0412 4104 EventSystem - ok
23:19:02.0444 4104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:19:02.0458 4104 exfat - ok
23:19:02.0483 4104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:19:02.0492 4104 fastfat - ok
23:19:02.0556 4104 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:19:02.0580 4104 Fax - ok
23:19:02.0588 4104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:19:02.0590 4104 fdc - ok
23:19:02.0601 4104 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:19:02.0602 4104 fdPHost - ok
23:19:02.0617 4104 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:19:02.0620 4104 FDResPub - ok
23:19:02.0648 4104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:19:02.0650 4104 FileInfo - ok
23:19:02.0664 4104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:19:02.0666 4104 Filetrace - ok
23:19:02.0673 4104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:19:02.0674 4104 flpydisk - ok
23:19:02.0718 4104 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:19:02.0731 4104 FltMgr - ok
23:19:02.0821 4104 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:19:02.0868 4104 FontCache - ok
23:19:02.0940 4104 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:19:02.0942 4104 FontCache3.0.0.0 - ok
23:19:02.0988 4104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:19:02.0990 4104 FsDepends - ok
23:19:03.0015 4104 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:19:03.0016 4104 Fs_Rec - ok
23:19:03.0051 4104 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:19:03.0066 4104 fvevol - ok
23:19:03.0091 4104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:19:03.0094 4104 gagp30kx - ok
23:19:03.0124 4104 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:19:03.0125 4104 GEARAspiWDM - ok
23:19:03.0195 4104 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:19:03.0238 4104 gpsvc - ok
23:19:03.0254 4104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:19:03.0256 4104 hcw85cir - ok
23:19:03.0320 4104 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:19:03.0338 4104 HdAudAddService - ok
23:19:03.0369 4104 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:19:03.0373 4104 HDAudBus - ok
23:19:03.0379 4104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:19:03.0381 4104 HidBatt - ok
23:19:03.0403 4104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:19:03.0415 4104 HidBth - ok
23:19:03.0433 4104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:19:03.0435 4104 HidIr - ok
23:19:03.0459 4104 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:19:03.0462 4104 hidserv - ok
23:19:03.0481 4104 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:19:03.0483 4104 HidUsb - ok
23:19:03.0511 4104 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:19:03.0515 4104 hkmsvc - ok
23:19:03.0553 4104 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:19:03.0568 4104 HomeGroupListener - ok
23:19:03.0604 4104 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:19:03.0620 4104 HomeGroupProvider - ok
23:19:03.0644 4104 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:19:03.0647 4104 HpSAMD - ok
23:19:03.0720 4104 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:19:03.0765 4104 HTTP - ok
23:19:03.0783 4104 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:19:03.0784 4104 hwpolicy - ok
23:19:03.0814 4104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:19:03.0817 4104 i8042prt - ok
23:19:03.0861 4104 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:19:03.0877 4104 iaStorV - ok
23:19:03.0983 4104 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:19:04.0008 4104 idsvc - ok
23:19:04.0040 4104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:19:04.0042 4104 iirsp - ok
23:19:04.0122 4104 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:19:04.0148 4104 IKEEXT - ok
23:19:04.0163 4104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:19:04.0166 4104 intelide - ok
23:19:04.0192 4104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:19:04.0193 4104 intelppm - ok
23:19:04.0225 4104 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:19:04.0230 4104 IPBusEnum - ok
23:19:04.0265 4104 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:19:04.0268 4104 IpFilterDriver - ok
23:19:04.0341 4104 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:19:04.0361 4104 iphlpsvc - ok
23:19:04.0383 4104 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:19:04.0386 4104 IPMIDRV - ok
23:19:04.0409 4104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:19:04.0413 4104 IPNAT - ok
23:19:04.0513 4104 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
23:19:04.0543 4104 iPod Service - ok
23:19:04.0568 4104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:19:04.0570 4104 IRENUM - ok
23:19:04.0589 4104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:19:04.0591 4104 isapnp - ok
23:19:04.0624 4104 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:19:04.0637 4104 iScsiPrt - ok
23:19:04.0659 4104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:19:04.0660 4104 kbdclass - ok
23:19:04.0680 4104 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:19:04.0682 4104 kbdhid - ok
23:19:04.0705 4104 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:19:04.0707 4104 KeyIso - ok
23:19:04.0726 4104 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:19:04.0729 4104 KSecDD - ok
23:19:04.0751 4104 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:19:04.0760 4104 KSecPkg - ok
23:19:04.0772 4104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:19:04.0774 4104 ksthunk - ok
23:19:04.0828 4104 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:19:04.0846 4104 KtmRm - ok
23:19:04.0897 4104 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:19:04.0912 4104 LanmanServer - ok
23:19:04.0946 4104 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:19:04.0957 4104 LanmanWorkstation - ok
23:19:04.0991 4104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:19:04.0993 4104 lltdio - ok
23:19:05.0030 4104 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:19:05.0042 4104 lltdsvc - ok
23:19:05.0058 4104 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:19:05.0060 4104 lmhosts - ok
23:19:05.0097 4104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:19:05.0101 4104 LSI_FC - ok
23:19:05.0130 4104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:19:05.0133 4104 LSI_SAS - ok
23:19:05.0149 4104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:19:05.0151 4104 LSI_SAS2 - ok
23:19:05.0167 4104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:19:05.0169 4104 LSI_SCSI - ok
23:19:05.0213 4104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:19:05.0215 4104 luafv - ok
23:19:05.0243 4104 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:19:05.0247 4104 Mcx2Svc - ok
23:19:05.0266 4104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:19:05.0269 4104 megasas - ok
23:19:05.0303 4104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:19:05.0316 4104 MegaSR - ok
23:19:05.0408 4104 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
23:19:05.0412 4104 Microsoft Office Groove Audit Service - ok
23:19:05.0443 4104 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:19:05.0447 4104 MMCSS - ok
23:19:05.0463 4104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:19:05.0466 4104 Modem - ok
23:19:05.0483 4104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:19:05.0483 4104 monitor - ok
23:19:05.0514 4104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:19:05.0515 4104 mouclass - ok
23:19:05.0532 4104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:19:05.0534 4104 mouhid - ok
23:19:05.0577 4104 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:19:05.0580 4104 mountmgr - ok
23:19:05.0620 4104 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:19:05.0623 4104 MozillaMaintenance - ok
23:19:05.0657 4104 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:19:05.0671 4104 mpio - ok
23:19:05.0691 4104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:19:05.0694 4104 mpsdrv - ok
23:19:05.0797 4104 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:19:05.0821 4104 MpsSvc - ok
23:19:05.0856 4104 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:19:05.0860 4104 MRxDAV - ok
23:19:05.0897 4104 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:19:05.0906 4104 mrxsmb - ok
23:19:05.0934 4104 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:19:05.0947 4104 mrxsmb10 - ok
23:19:05.0968 4104 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:19:05.0972 4104 mrxsmb20 - ok
23:19:05.0994 4104 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:19:05.0995 4104 msahci - ok
23:19:06.0024 4104 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:19:06.0028 4104 msdsm - ok
23:19:06.0059 4104 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:19:06.0074 4104 MSDTC - ok
23:19:06.0106 4104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:19:06.0108 4104 Msfs - ok
23:19:06.0132 4104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:19:06.0135 4104 mshidkmdf - ok
23:19:06.0148 4104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:19:06.0149 4104 msisadrv - ok
23:19:06.0183 4104 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:19:06.0188 4104 MSiSCSI - ok
23:19:06.0192 4104 msiserver - ok
23:19:06.0217 4104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:19:06.0219 4104 MSKSSRV - ok
23:19:06.0238 4104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:19:06.0240 4104 MSPCLOCK - ok
23:19:06.0252 4104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:19:06.0255 4104 MSPQM - ok
23:19:06.0302 4104 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:19:06.0320 4104 MsRPC - ok
23:19:06.0337 4104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:19:06.0338 4104 mssmbios - ok
23:19:06.0357 4104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:19:06.0358 4104 MSTEE - ok
23:19:06.0366 4104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:19:06.0368 4104 MTConfig - ok
23:19:06.0381 4104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:19:06.0382 4104 Mup - ok
23:19:06.0426 4104 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:19:06.0440 4104 napagent - ok
23:19:06.0484 4104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:19:06.0496 4104 NativeWifiP - ok
23:19:06.0578 4104 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:19:06.0609 4104 NDIS - ok
23:19:06.0629 4104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:19:06.0632 4104 NdisCap - ok
23:19:06.0653 4104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:19:06.0656 4104 NdisTapi - ok
23:19:06.0684 4104 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:19:06.0686 4104 Ndisuio - ok
23:19:06.0714 4104 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:19:06.0723 4104 NdisWan - ok
23:19:06.0761 4104 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:19:06.0763 4104 NDProxy - ok
23:19:06.0790 4104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:19:06.0792 4104 NetBIOS - ok
23:19:06.0823 4104 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:19:06.0837 4104 NetBT - ok
23:19:06.0867 4104 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:19:06.0869 4104 Netlogon - ok
23:19:06.0929 4104 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:19:06.0948 4104 Netman - ok
23:19:06.0983 4104 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:19:06.0994 4104 netprofm - ok
23:19:07.0065 4104 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:19:07.0068 4104 NetTcpPortSharing - ok
23:19:07.0411 4104 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
23:19:07.0545 4104 netw5v64 - ok
23:19:07.0681 4104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:19:07.0683 4104 nfrd960 - ok
23:19:07.0720 4104 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:19:07.0737 4104 NlaSvc - ok
23:19:07.0753 4104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:19:07.0755 4104 Npfs - ok
23:19:07.0780 4104 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:19:07.0782 4104 nsi - ok
23:19:07.0792 4104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:19:07.0794 4104 nsiproxy - ok
23:19:07.0917 4104 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:19:07.0959 4104 Ntfs - ok
23:19:08.0029 4104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:19:08.0030 4104 Null - ok
23:19:08.0075 4104 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:19:08.0078 4104 nvraid - ok
23:19:08.0098 4104 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:19:08.0102 4104 nvstor - ok
23:19:08.0132 4104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:19:08.0136 4104 nv_agp - ok
23:19:08.0224 4104 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:19:08.0239 4104 odserv - ok
23:19:08.0262 4104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:19:08.0265 4104 ohci1394 - ok
23:19:08.0315 4104 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:19:08.0319 4104 ose - ok
23:19:08.0375 4104 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:19:08.0394 4104 p2pimsvc - ok
23:19:08.0434 4104 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:19:08.0452 4104 p2psvc - ok
23:19:08.0484 4104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:19:08.0488 4104 Parport - ok
23:19:08.0514 4104 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:19:08.0517 4104 partmgr - ok
23:19:08.0543 4104 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:19:08.0560 4104 PcaSvc - ok
23:19:08.0582 4104 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:19:08.0595 4104 pci - ok
23:19:08.0609 4104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:19:08.0611 4104 pciide - ok
23:19:08.0636 4104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:19:08.0652 4104 pcmcia - ok
23:19:08.0672 4104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:19:08.0674 4104 pcw - ok
23:19:08.0718 4104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:19:08.0739 4104 PEAUTH - ok
23:19:08.0835 4104 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:19:08.0838 4104 PerfHost - ok
23:19:08.0955 4104 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:19:08.0986 4104 pla - ok
23:19:09.0043 4104 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:19:09.0085 4104 PlugPlay - ok
23:19:09.0108 4104 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:19:09.0112 4104 PNRPAutoReg - ok
23:19:09.0141 4104 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:19:09.0146 4104 PNRPsvc - ok
23:19:09.0204 4104 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:19:09.0224 4104 PolicyAgent - ok
23:19:09.0261 4104 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:19:09.0276 4104 Power - ok
23:19:09.0325 4104 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:19:09.0328 4104 PptpMiniport - ok
23:19:09.0356 4104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:19:09.0359 4104 Processor - ok
23:19:09.0392 4104 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:19:09.0408 4104 ProfSvc - ok
23:19:09.0433 4104 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:19:09.0435 4104 ProtectedStorage - ok
23:19:09.0472 4104 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:19:09.0476 4104 Psched - ok
23:19:09.0588 4104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:19:09.0622 4104 ql2300 - ok
23:19:09.0717 4104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:19:09.0721 4104 ql40xx - ok
23:19:09.0756 4104 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:19:09.0771 4104 QWAVE - ok
23:19:09.0790 4104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:19:09.0792 4104 QWAVEdrv - ok
23:19:09.0804 4104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:19:09.0806 4104 RasAcd - ok
23:19:09.0824 4104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:19:09.0826 4104 RasAgileVpn - ok
23:19:09.0851 4104 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:19:09.0854 4104 RasAuto - ok
23:19:09.0881 4104 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:19:09.0885 4104 Rasl2tp - ok
23:19:09.0936 4104 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:19:09.0955 4104 RasMan - ok
23:19:09.0971 4104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:19:09.0973 4104 RasPppoe - ok
23:19:09.0992 4104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:19:09.0995 4104 RasSstp - ok
23:19:10.0038 4104 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:19:10.0051 4104 rdbss - ok
23:19:10.0069 4104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:19:10.0071 4104 rdpbus - ok
23:19:10.0089 4104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:19:10.0091 4104 RDPCDD - ok
23:19:10.0099 4104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:19:10.0100 4104 RDPENCDD - ok
23:19:10.0126 4104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:19:10.0127 4104 RDPREFMP - ok
23:19:10.0164 4104 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:19:10.0180 4104 RDPWD - ok
23:19:10.0223 4104 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:19:10.0237 4104 rdyboost - ok
23:19:10.0274 4104 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:19:10.0278 4104 RemoteAccess - ok
23:19:10.0303 4104 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:19:10.0309 4104 RemoteRegistry - ok
23:19:10.0325 4104 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:19:10.0329 4104 RpcEptMapper - ok
23:19:10.0338 4104 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:19:10.0341 4104 RpcLocator - ok
23:19:10.0395 4104 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:19:10.0402 4104 RpcSs - ok
23:19:10.0428 4104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:19:10.0431 4104 rspndr - ok
23:19:10.0467 4104 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:19:10.0483 4104 RTL8167 - ok
23:19:10.0505 4104 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:19:10.0507 4104 SamSs - ok
23:19:10.0533 4104 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:19:10.0536 4104 sbp2port - ok
23:19:10.0563 4104 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:19:10.0578 4104 SCardSvr - ok
23:19:10.0601 4104 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:19:10.0603 4104 scfilter - ok
23:19:10.0680 4104 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:19:10.0712 4104 Schedule - ok
23:19:10.0739 4104 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:19:10.0740 4104 SCPolicySvc - ok
23:19:10.0772 4104 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
23:19:10.0776 4104 sdbus - ok
23:19:10.0816 4104 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:19:10.0830 4104 SDRSVC - ok
23:19:10.0871 4104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:19:10.0873 4104 secdrv - ok
23:19:10.0902 4104 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:19:10.0906 4104 seclogon - ok
23:19:10.0935 4104 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:19:10.0939 4104 SENS - ok
23:19:10.0953 4104 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:19:10.0959 4104 SensrSvc - ok
23:19:10.0978 4104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:19:10.0981 4104 Serenum - ok
23:19:11.0004 4104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:19:11.0007 4104 Serial - ok
23:19:11.0037 4104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:19:11.0039 4104 sermouse - ok
23:19:11.0075 4104 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:19:11.0086 4104 SessionEnv - ok
23:19:11.0116 4104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:19:11.0118 4104 sffdisk - ok
23:19:11.0128 4104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:19:11.0130 4104 sffp_mmc - ok
23:19:11.0144 4104 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:19:11.0146 4104 sffp_sd - ok
23:19:11.0163 4104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:19:11.0165 4104 sfloppy - ok
23:19:11.0239 4104 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:19:11.0256 4104 SharedAccess - ok
23:19:11.0302 4104 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:19:11.0328 4104 ShellHWDetection - ok
23:19:11.0349 4104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:19:11.0352 4104 SiSRaid2 - ok
23:19:11.0364 4104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:19:11.0367 4104 SiSRaid4 - ok
23:19:11.0403 4104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:19:11.0406 4104 Smb - ok
23:19:11.0443 4104 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:19:11.0447 4104 SNMPTRAP - ok
23:19:11.0459 4104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:19:11.0460 4104 spldr - ok
23:19:11.0507 4104 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:19:11.0542 4104 Spooler - ok
23:19:11.0777 4104 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:19:11.0794 4104 sppsvc - ok
23:19:11.0899 4104 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:19:11.0904 4104 sppuinotify - ok
23:19:11.0963 4104 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:19:12.0000 4104 srv - ok
23:19:12.0035 4104 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:19:12.0051 4104 srv2 - ok
23:19:12.0088 4104 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:19:12.0102 4104 srvnet - ok
23:19:12.0139 4104 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:19:12.0155 4104 SSDPSRV - ok
23:19:12.0169 4104 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:19:12.0174 4104 SstpSvc - ok
23:19:12.0196 4104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:19:12.0198 4104 stexstor - ok
23:19:12.0266 4104 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:19:12.0288 4104 stisvc - ok
23:19:12.0309 4104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:19:12.0310 4104 swenum - ok
23:19:12.0353 4104 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:19:12.0374 4104 swprv - ok
23:19:12.0423 4104 SynTP (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys
23:19:12.0426 4104 SynTP - ok
23:19:12.0577 4104 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:19:12.0615 4104 SysMain - ok
23:19:12.0721 4104 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:19:12.0727 4104 TabletInputService - ok
23:19:12.0758 4104 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:19:12.0775 4104 TapiSrv - ok
23:19:12.0796 4104 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:19:12.0801 4104 TBS - ok
23:19:12.0951 4104 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:19:13.0005 4104 Tcpip - ok
23:19:13.0208 4104 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:19:13.0223 4104 TCPIP6 - ok
23:19:13.0314 4104 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:19:13.0317 4104 tcpipreg - ok
23:19:13.0344 4104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:19:13.0346 4104 TDPIPE - ok
23:19:13.0368 4104 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:19:13.0371 4104 TDTCP - ok
23:19:13.0394 4104 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:19:13.0397 4104 tdx - ok
23:19:13.0433 4104 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:19:13.0434 4104 TermDD - ok
23:19:13.0483 4104 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:19:13.0508 4104 TermService - ok
23:19:13.0534 4104 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:19:13.0538 4104 Themes - ok
23:19:13.0569 4104 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:19:13.0571 4104 THREADORDER - ok
23:19:13.0589 4104 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:19:13.0594 4104 TrkWks - ok
23:19:13.0636 4104 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:19:13.0651 4104 TrustedInstaller - ok
23:19:13.0681 4104 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:19:13.0683 4104 tssecsrv - ok
23:19:13.0735 4104 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:19:13.0737 4104 TsUsbFlt - ok
23:19:13.0926 4104 TuneUp.UtilitiesSvc (8dd1f81749a966ea5a96cb2d89c9670c) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
23:19:13.0967 4104 TuneUp.UtilitiesSvc - ok
23:19:14.0007 4104 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
23:19:14.0008 4104 TuneUpUtilitiesDrv - ok
23:19:14.0112 4104 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:19:14.0115 4104 tunnel - ok
23:19:14.0140 4104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:19:14.0143 4104 uagp35 - ok
23:19:14.0184 4104 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:19:14.0200 4104 udfs - ok
23:19:14.0228 4104 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:19:14.0233 4104 UI0Detect - ok
23:19:14.0265 4104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:19:14.0268 4104 uliagpkx - ok
23:19:14.0305 4104 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:19:14.0308 4104 umbus - ok
23:19:14.0337 4104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:19:14.0339 4104 UmPass - ok
23:19:14.0380 4104 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:19:14.0399 4104 upnphost - ok
23:19:14.0416 4104 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:19:14.0419 4104 usbccgp - ok
23:19:14.0445 4104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:19:14.0448 4104 usbcir - ok
23:19:14.0463 4104 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:19:14.0465 4104 usbehci - ok
23:19:14.0504 4104 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:19:14.0523 4104 usbhub - ok
23:19:14.0542 4104 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:19:14.0545 4104 usbohci - ok
23:19:14.0567 4104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:19:14.0570 4104 usbprint - ok
23:19:14.0591 4104 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:19:14.0594 4104 USBSTOR - ok
23:19:14.0608 4104 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:19:14.0610 4104 usbuhci - ok
23:19:14.0649 4104 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:19:14.0662 4104 usbvideo - ok
23:19:14.0680 4104 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:19:14.0685 4104 UxSms - ok
23:19:14.0738 4104 UxTuneUp (1ca2321789a7188a36f376905daf9c0a) C:\Windows\System32\uxtuneup.dll
23:19:14.0742 4104 UxTuneUp - ok
23:19:14.0770 4104 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:19:14.0772 4104 VaultSvc - ok
23:19:14.0785 4104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:19:14.0786 4104 vdrvroot - ok
23:19:14.0841 4104 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:19:14.0861 4104 vds - ok
23:19:14.0886 4104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:19:14.0889 4104 vga - ok
23:19:14.0908 4104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:19:14.0910 4104 VgaSave - ok
23:19:14.0941 4104 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:19:14.0957 4104 vhdmp - ok
23:19:14.0977 4104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:19:14.0980 4104 viaide - ok
23:19:15.0001 4104 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:19:15.0003 4104 volmgr - ok
23:19:15.0048 4104 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:19:15.0066 4104 volmgrx - ok
23:19:15.0099 4104 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:19:15.0110 4104 volsnap - ok
23:19:15.0142 4104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:19:15.0151 4104 vsmraid - ok
23:19:15.0272 4104 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:19:15.0337 4104 VSS - ok
23:19:15.0450 4104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:19:15.0453 4104 vwifibus - ok
23:19:15.0513 4104 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:19:15.0530 4104 W32Time - ok
23:19:15.0552 4104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:19:15.0555 4104 WacomPen - ok
23:19:15.0589 4104 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:15.0592 4104 WANARP - ok
23:19:15.0607 4104 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:15.0608 4104 Wanarpv6 - ok
23:19:15.0731 4104 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:19:15.0765 4104 WatAdminSvc - ok
23:19:15.0879 4104 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:19:15.0915 4104 wbengine - ok
23:19:15.0993 4104 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:19:16.0010 4104 WbioSrvc - ok
23:19:16.0059 4104 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:19:16.0077 4104 wcncsvc - ok
23:19:16.0097 4104 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:19:16.0102 4104 WcsPlugInService - ok
23:19:16.0140 4104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:19:16.0144 4104 Wd - ok
23:19:16.0199 4104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:19:16.0221 4104 Wdf01000 - ok
23:19:16.0241 4104 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:19:16.0247 4104 WdiServiceHost - ok
23:19:16.0251 4104 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:19:16.0255 4104 WdiSystemHost - ok
23:19:16.0289 4104 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:19:16.0307 4104 WebClient - ok
23:19:16.0335 4104 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:19:16.0351 4104 Wecsvc - ok
23:19:16.0364 4104 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:19:16.0369 4104 wercplsupport - ok
23:19:16.0406 4104 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:19:16.0411 4104 WerSvc - ok
23:19:16.0444 4104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:19:16.0447 4104 WfpLwf - ok
23:19:16.0463 4104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:19:16.0465 4104 WIMMount - ok
23:19:16.0490 4104 WinDefend - ok
23:19:16.0500 4104 WinHttpAutoProxySvc - ok
23:19:16.0569 4104 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:19:16.0583 4104 Winmgmt - ok
23:19:16.0729 4104 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:19:16.0764 4104 WinRM - ok
23:19:16.0919 4104 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:19:16.0950 4104 Wlansvc - ok
23:19:17.0000 4104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:19:17.0001 4104 WmiAcpi - ok
23:19:17.0064 4104 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:19:17.0076 4104 wmiApSrv - ok
23:19:17.0110 4104 WMPNetworkSvc - ok
23:19:17.0128 4104 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:19:17.0134 4104 WPCSvc - ok
23:19:17.0165 4104 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:19:17.0171 4104 WPDBusEnum - ok
23:19:17.0198 4104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:19:17.0200 4104 ws2ifsl - ok
23:19:17.0234 4104 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:19:17.0240 4104 wscsvc - ok
23:19:17.0244 4104 WSearch - ok
23:19:17.0410 4104 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:19:17.0494 4104 wuauserv - ok
23:19:17.0631 4104 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:19:17.0635 4104 WudfPf - ok
23:19:17.0667 4104 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:19:17.0681 4104 WUDFRd - ok
23:19:17.0723 4104 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:19:17.0728 4104 wudfsvc - ok
23:19:17.0753 4104 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:19:17.0767 4104 WwanSvc - ok
23:19:17.0788 4104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:19:18.0032 4104 \Device\Harddisk0\DR0 - ok
23:19:18.0037 4104 Boot (0x1200) (23be61672acdea98a01ec3fc94778320) \Device\Harddisk0\DR0\Partition0
23:19:18.0040 4104 \Device\Harddisk0\DR0\Partition0 - ok
23:19:18.0055 4104 Boot (0x1200) (6646a8873ccfbbf58a754bcfb7b5387e) \Device\Harddisk0\DR0\Partition1
23:19:18.0058 4104 \Device\Harddisk0\DR0\Partition1 - ok
23:19:18.0059 4104 ============================================================
23:19:18.0059 4104 Scan finished
23:19:18.0059 4104 ============================================================
23:19:18.0079 4952 Detected object count: 0
23:19:18.0079 4952 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-10 23:21:10
-----------------------------
23:21:10.730 OS Version: Windows x64 6.1.7601 Service Pack 1
23:21:10.731 Number of processors: 8 586 0x1E05
23:21:10.732 ComputerName: KRIS-PC UserName: Kris
23:21:11.920 Initialize success
23:24:33.760 AVAST engine defs: 12071001
23:26:02.136 The log file has been saved successfully to "C:\Users\Kris\Desktop\aswMBRlog.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 10 July 2012 - 10:35 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 krispf3

krispf3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 10 July 2012 - 11:16 PM

ComboFix 12-07-10.01 - Kris 07/10/2012 23:59:44.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4084.2769 [GMT -4:00]
Running from: c:\users\Kris\Desktop\ComboFix.exe
Command switches used :: c:\users\Kris\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-07-11 04:03 . 2012-07-11 04:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-09 21:02 . 2012-07-09 21:02 -------- d-----w- c:\users\Kris\AppData\Roaming\Malwarebytes
2012-07-09 21:02 . 2012-07-09 21:02 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 21:02 . 2012-07-09 21:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-09 21:02 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-09 02:07 . 2012-07-09 02:07 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-07 02:31 . 2012-07-07 02:31 -------- d-----w- c:\programdata\Creative
2012-07-07 02:31 . 2012-07-07 02:31 -------- d-----w- c:\users\Kris\AppData\Roaming\Creative
2012-07-06 15:38 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B57B37F-DC94-4C44-ABCE-6614335F334F}\mpengine.dll
2012-06-23 13:39 . 2012-06-23 13:39 -------- d-----w- c:\users\Kris\AppData\Local\Macromedia
2012-06-19 02:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 02:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 02:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 02:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 02:39 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 02:39 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 02:39 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 02:39 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 02:39 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 11:02 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 11:01 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-09 01:55 . 2012-05-03 00:28 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-09 01:55 . 2012-05-03 00:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 13:35 . 2012-05-05 02:52 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-29 18:46 . 2012-05-03 01:18 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-05-29 18:46 . 2012-05-03 01:20 35680 ----a-w- c:\windows\system32\uxtuneup.dll
2012-05-29 18:46 . 2012-05-03 01:20 29024 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2012-05-29 18:46 . 2012-05-03 01:18 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-05-29 18:46 . 2012-05-03 01:18 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-05-04 20:47 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-04 20:47 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-04 18:21 . 2012-05-04 18:22 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 18:21 . 2012-05-04 18:22 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-03 15:41 . 2012-05-03 15:41 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-03 15:41 . 2012-05-03 15:41 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-03 15:41 . 2012-05-03 15:41 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-03 15:41 . 2012-05-03 15:41 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-03 15:41 . 2012-05-03 15:41 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-03 15:41 . 2012-05-03 15:41 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-03 15:41 . 2012-05-03 15:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-03 15:41 . 2012-05-03 15:41 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-03 15:41 . 2012-05-03 15:41 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-03 15:41 . 2012-05-03 15:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-03 15:41 . 2012-05-03 15:41 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-03 15:41 . 2012-05-03 15:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-03 15:41 . 2012-05-03 15:41 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-03 15:41 . 2012-05-03 15:41 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-03 15:41 . 2012-05-03 15:41 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-03 15:41 . 2012-05-03 15:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-03 15:41 . 2012-05-03 15:41 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-03 15:41 . 2012-05-03 15:41 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-03 15:41 . 2012-05-03 15:41 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-03 15:41 . 2012-05-03 15:41 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-03 15:41 . 2012-05-03 15:41 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-03 15:41 . 2012-05-03 15:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-03 15:41 . 2012-05-03 15:41 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-03 15:41 . 2012-05-03 15:41 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-03 15:41 . 2012-05-03 15:41 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-03 15:41 . 2012-05-03 15:41 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-03 15:41 . 2012-05-03 15:41 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-03 15:41 . 2012-05-03 15:41 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-03 15:41 . 2012-05-03 15:41 448512 ----a-w- c:\windows\system32\html.iec
2012-05-03 15:41 . 2012-05-03 15:41 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-03 15:41 . 2012-05-03 15:41 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-03 15:41 . 2012-05-03 15:41 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-02 23:46 . 2012-05-02 23:46 45056 ----a-r- c:\users\Kris\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-10_15.54.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-02 23:58 . 2012-07-10 15:58 22342 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-10 15:58 30744 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-02 23:44 . 2012-07-10 15:58 5252 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2893417408-3930229114-1251324902-1001_UserData.bin
+ 2012-07-11 04:03 . 2012-07-11 04:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-10 15:26 . 2012-07-10 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-11 04:03 . 2012-07-11 04:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-10 15:26 . 2012-07-10 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-03 10:51 . 2012-07-11 02:36 234852 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-10 15:31 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-11 04:08 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-11 04:08 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-10 15:31 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-10 15:26 389728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-11 04:03 389728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-05-02 23:55 . 2012-07-10 15:13 780464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2893417408-3930229114-1251324902-1001-8192.dat
+ 2012-05-02 23:55 . 2012-07-11 04:03 780464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2893417408-3930229114-1251324902-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files (x86)\Ares\Ares.exe" [2012-02-02 3209216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2007-08-01 903168]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 257224]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-03 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-13 11856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 01:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\ezomq777.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-07-11 00:14:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-11 04:14
ComboFix2.txt 2012-07-10 15:55
.
Pre-Run: 249,697,382,400 bytes free
Post-Run: 249,734,782,976 bytes free
.
- - End Of File - - BF8C1C9F0AC536765F5DDCA102E5A51E


no problems noted. the computer seems OK at this moment.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 10 July 2012 - 11:53 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 32 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 krispf3

krispf3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 11 July 2012 - 10:32 AM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.11.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kris :: KRIS-PC [administrator]

7/11/2012 11:19:45 AM
mbam-log-2012-07-11 (11-19-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208928
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:31:01 AM, on 7/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Brownie\brpjp04a.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Users\Kris\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7526 bytes


no problems. computer seems ok.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 11 July 2012 - 09:29 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 krispf3

krispf3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 12 July 2012 - 11:29 AM

C:\Qoobox\Quarantine\C\Windows\Installer\{084347df-4da1-b457-c3b8-76a66e3c1c86}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 12 July 2012 - 12:51 PM

Hello

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


C:\Qoobox\Quarantine\<-- combofix


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 krispf3

krispf3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 13 July 2012 - 10:49 AM

Thanks so much for the help, Gringo. Everything is great. Have a good day! :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users