Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirecting - ZeroAccess rootkit?


  • This topic is locked This topic is locked
24 replies to this topic

#1 kadjk

kadjk

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 24 July 2012 - 04:42 PM

Hello,

I posted this (http://www.bleepingcomputer.com/forums/topic462218.html/page__gopid__2778130#entry2778130) and got great help from Broni. He says I am infected with the ZeroAccess rootkit. When I try clicking on a link on google, it redirects to various websites. Also there has been considerable slow down on load times for the websites I do manage to get through to (by just typing the url in). Every so often a new tab on my firefox just opens and it is another spam website.

As such, I have followed the preparation guide starting from number 6 as was told by Broni.

When I did the GMER program everything except the Services, Registry, Files, and ADS were grey'd out. But I still ran the scan anyways. Here are the logs.

Thanks for the help!

Attached Files

  • Attached File  DDS.txt   14.48KB   1 downloads
  • Attached File  ark.txt   11.38KB   1 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 AM

Posted 26 July 2012 - 01:29 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kadjk

kadjk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 26 July 2012 - 09:40 AM

Hello,

First thank you for your time!

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 31
Out of date Java installed!
Adobe Flash Player 11.3.300.265
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````


Here is the log for the security check. For the combofix, I downloaded it, turned off all my security programs, and tried to extract it. While extracting, it gave me the BSOD twice so I am stopped an am posting here now. Should I try in safety mode?

Thank you

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 AM

Posted 26 July 2012 - 12:44 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kadjk

kadjk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 26 July 2012 - 01:45 PM

Hello,

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 26-07-2012 14:38:11
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-01-31] ()
HKU\Danny\...\Run: [googletalk] C:\Users\Danny\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKU\Danny\...\Run: [Akamai NetSession Interface] "C:\Users\Danny\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe -service [173056 2011-05-28] (Airytec)
2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe -service [173056 2011-05-28] (Airytec)

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 ISODrive; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
0 vmci; C:\Windows\System32\DRIVERS\vmci.sys [x]
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-26 14:38 - 2012-07-26 14:38 - 00000000 ____D C:\FRST
2012-07-26 10:24 - 2012-07-26 10:24 - 01438391 ____A (Farbar) C:\Users\Danny\Desktop\FRST64.exe
2012-07-26 06:37 - 2012-07-26 06:38 - 00275656 ____A C:\Windows\Minidump\072612-26582-01.dmp
2012-07-26 06:34 - 2012-07-26 06:37 - 385105613 ____A C:\Windows\MEMORY.DMP
2012-07-26 06:34 - 2012-07-26 06:37 - 00000000 ____D C:\Windows\Minidump
2012-07-26 06:34 - 2012-07-26 06:34 - 00275656 ____A C:\Windows\Minidump\072612-35209-01.dmp
2012-07-26 06:32 - 2012-07-26 06:36 - 00000000 ___SD C:\32788R22FWJFW
2012-07-26 06:32 - 2012-07-26 06:32 - 00000000 ____D C:\Qoobox
2012-07-26 06:30 - 2012-07-26 06:30 - 04721680 ____R (Swearware) C:\Users\Danny\Desktop\ComboFix.exe
2012-07-26 06:30 - 2012-07-26 06:30 - 00000884 ____A C:\Users\Danny\Desktop\checkup.txt
2012-07-24 13:43 - 2012-07-26 06:30 - 00000000 ____D C:\Users\Danny\Desktop\New folder (4)
2012-07-24 13:16 - 2012-07-24 13:16 - 00000000 ____A C:\Users\Danny\defogger_reenable
2012-07-24 12:38 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-24 12:24 - 2012-07-24 12:24 - 00869194 ____A C:\Users\Danny\Desktop\SecurityCheck.exe
2012-07-24 05:35 - 2012-07-24 05:35 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-07-24 04:34 - 2012-07-24 04:34 - 00000085 ____A C:\Windows\wininit.ini
2012-07-24 04:14 - 2012-07-24 04:14 - 00000000 ____D C:\Users\Danny\AppData\Local\Macromedia
2012-07-24 03:10 - 2012-07-26 10:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-24 03:10 - 2012-07-24 04:12 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-24 03:05 - 2012-07-24 03:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-23 11:35 - 2012-07-23 11:35 - 00000000 ____D C:\Users\Danny\AppData\Local\Aeria Games
2012-07-23 11:34 - 2012-07-24 05:35 - 00000000 ____D C:\Users\All Users\Aeria Games
2012-07-23 11:04 - 2012-07-23 11:05 - 00000000 ____D C:\Users\Danny\AppData\Local\Akamai
2012-07-21 07:09 - 2012-07-21 07:09 - 00957721 ____A C:\Users\Danny\Downloads\????_??.torrent
2012-07-16 13:14 - 2012-07-16 13:23 - 00000000 ____D C:\Users\Danny\Desktop\C++
2012-07-15 17:33 - 2012-07-15 17:33 - 04014715 ____A C:\Users\Danny\Downloads\??.pptx
2012-07-14 08:45 - 2012-07-14 08:47 - 01968944 ____A C:\Users\Danny\Desktop\??.pptx
2012-07-13 06:57 - 2012-07-13 06:57 - 00000000 ____D C:\Users\Danny\Documents\My Games
2012-07-13 06:57 - 2012-07-13 06:57 - 00000000 ____D C:\Users\Danny\AppData\Local\My Games
2012-07-13 02:34 - 2012-07-13 02:34 - 00000000 ____D C:\Users\All Users\REVOLT
2012-07-10 01:06 - 2012-07-10 01:06 - 00000000 ____D C:\Windows\Sun
2012-06-30 10:09 - 2012-06-30 10:09 - 00010300 ____A C:\Users\Danny\Documents\Uninstall STAR WARS The Old Republic.log
2012-06-30 09:46 - 2012-06-30 10:06 - 00000000 ____D C:\Users\Danny\AppData\Roaming\VMware
2012-06-30 09:46 - 2012-06-30 10:03 - 00000000 ____D C:\Users\Danny\AppData\Local\VMware
2012-06-30 09:42 - 2012-07-12 18:39 - 00734810 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-30 09:42 - 2012-06-30 10:08 - 00000000 ____D C:\Users\All Users\VMware
2012-06-30 09:42 - 2012-06-30 09:50 - 00001024 ____A C:\.rnd
2012-06-30 09:42 - 2012-06-30 09:42 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2012-06-30 09:31 - 2012-06-30 09:40 - 494050224 ____A (VMware, Inc.) C:\Users\Danny\Downloads\VMware-workstation-full-8.0.4-744019.exe

============ 3 Months Modified Files ========================

2012-07-26 10:27 - 2009-07-13 21:13 - 00730146 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-26 10:24 - 2012-07-26 10:24 - 01438391 ____A (Farbar) C:\Users\Danny\Desktop\FRST64.exe
2012-07-26 10:24 - 2012-03-31 22:06 - 00018571 ____A C:\Windows\setupact.log
2012-07-26 10:12 - 2012-07-24 03:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-26 06:45 - 2009-07-13 20:45 - 00014848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-26 06:45 - 2009-07-13 20:45 - 00014848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-26 06:38 - 2012-07-26 06:37 - 00275656 ____A C:\Windows\Minidump\072612-26582-01.dmp
2012-07-26 06:37 - 2012-07-26 06:34 - 385105613 ____A C:\Windows\MEMORY.DMP
2012-07-26 06:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-26 06:34 - 2012-07-26 06:34 - 00275656 ____A C:\Windows\Minidump\072612-35209-01.dmp
2012-07-26 06:30 - 2012-07-26 06:30 - 04721680 ____R (Swearware) C:\Users\Danny\Desktop\ComboFix.exe
2012-07-26 06:30 - 2012-07-26 06:30 - 00000884 ____A C:\Users\Danny\Desktop\checkup.txt
2012-07-25 23:43 - 2012-01-11 20:02 - 00003852 ____A C:\Users\Danny\Desktop\New Text Document.txt
2012-07-25 13:12 - 2012-01-11 18:52 - 01742587 ____A C:\Windows\WindowsUpdate.log
2012-07-24 13:16 - 2012-07-24 13:16 - 00000000 ____A C:\Users\Danny\defogger_reenable
2012-07-24 12:36 - 2012-03-31 22:06 - 00003164 ____A C:\Windows\PFRO.log
2012-07-24 12:24 - 2012-07-24 12:24 - 00869194 ____A C:\Users\Danny\Desktop\SecurityCheck.exe
2012-07-24 04:34 - 2012-07-24 04:34 - 00000085 ____A C:\Windows\wininit.ini
2012-07-24 04:12 - 2012-07-24 03:10 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-24 04:12 - 2012-01-11 19:12 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-21 07:09 - 2012-07-21 07:09 - 00957721 ____A C:\Users\Danny\Downloads\????_??.torrent
2012-07-15 17:33 - 2012-07-15 17:33 - 04014715 ____A C:\Users\Danny\Downloads\??.pptx
2012-07-14 08:47 - 2012-07-14 08:45 - 01968944 ____A C:\Users\Danny\Desktop\??.pptx
2012-07-13 06:10 - 2012-04-03 20:50 - 00161045 ____A C:\Windows\DirectX.log
2012-07-12 18:39 - 2012-06-30 09:42 - 00734810 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-03 09:46 - 2012-01-11 19:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 10:09 - 2012-06-30 10:09 - 00010300 ____A C:\Users\Danny\Documents\Uninstall STAR WARS The Old Republic.log
2012-06-30 09:50 - 2012-06-30 09:42 - 00001024 ____A C:\.rnd
2012-06-30 09:40 - 2012-06-30 09:31 - 494050224 ____A (VMware, Inc.) C:\Users\Danny\Downloads\VMware-workstation-full-8.0.4-744019.exe
2012-06-28 05:40 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-24 06:05 - 2012-06-24 06:04 - 07377952 ____A (AutoIt Team) C:\Users\Danny\Downloads\autoit-v3-setup.exe
2012-06-22 08:36 - 2012-06-22 08:29 - 16894931 ____A C:\Users\Danny\Downloads\SAM_4303.MP4
2012-06-22 08:26 - 2012-06-22 08:17 - 26735791 ____A C:\Users\Danny\Downloads\SAM_4290.MP4
2012-06-22 08:24 - 2012-06-22 08:21 - 09780634 ____A C:\Users\Danny\Downloads\SAM_4298.MP4
2012-06-20 06:34 - 2012-06-20 06:34 - 00015635 ____A C:\Users\Danny\Downloads\[]Demonoid.me[]-NDS_Pokemon_Conquest_(USA)_(Clean_Patched).torrent
2012-06-02 14:19 - 2012-06-23 04:47 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 04:47 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 04:47 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 04:47 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 04:47 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-23 04:47 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-23 04:47 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-23 04:47 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-23 04:47 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-14 18:57 - 2012-05-14 18:56 - 00001193 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-14 18:53 - 2012-05-14 18:52 - 32288896 ____A (Blizzard Entertainment) C:\Users\Danny\Downloads\Diablo-III-Setup-enUS.exe
2012-05-14 18:46 - 2009-07-13 20:45 - 00424512 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-14 10:45 - 2012-01-11 19:09 - 00110096 ____A C:\Users\Danny\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-01 02:48 - 2012-05-01 02:48 - 20385655 ____A C:\Users\Danny\Downloads\UdieMXL2012.zip
2012-05-01 02:44 - 2012-03-22 14:43 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2012-05-01 02:43 - 2012-03-22 14:43 - 00073216 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2012-05-01 02:30 - 2012-05-01 02:29 - 05771486 ____A C:\Users\Danny\Downloads\Hero_Editor_V104.zip

ZeroAccess:
C:\Windows\Installer\{3edb9b13-80b8-cce8-9e20-42ca4f0e93e1}
C:\Windows\Installer\{3edb9b13-80b8-cce8-9e20-42ca4f0e93e1}\L
C:\Windows\Installer\{3edb9b13-80b8-cce8-9e20-42ca4f0e93e1}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Possible partition infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4087.05 MB
Available physical RAM: 3463.33 MB
Total Pagefile: 4085.2 MB
Available Pagefile: 3448.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:362.52 GB) NTFS
2 Drive d: () (Fixed) (Total:279.45 GB) (Free:21.87 GB) NTFS
3 Drive f: (FRIENDS_SERIES_3) (CDROM) (Total:6.13 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:29.71 GB) (Free:29.71 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 279 GB 9 MB
Disk 2 Online 29 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 279 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 279 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 4096 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 29 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 07:17

======================= End Of Log ==========================





Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 14:40:23
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\ERDNT\cache64\services.exe
[2012-03-30 06:57] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======


Thank you very much!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 AM

Posted 26 July 2012 - 02:09 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\ERDNT\cache64\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\Installer\{3edb9b13-80b8-cce8-9e20-42ca4f0e93e1}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kadjk

kadjk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 26 July 2012 - 03:46 PM

Hello again,

Here you go


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 19:38:39 Run:1
Running from G:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\ERDNT\cache64\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\Installer\{3edb9b13-80b8-cce8-9e20-42ca4f0e93e1} moved successfully.

==== End of Fixlog ====

Thanks!!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 AM

Posted 26 July 2012 - 03:56 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kadjk

kadjk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 26 July 2012 - 04:08 PM

Nevermind! I'm dumb xP

I'll post in a moment

Edited by kadjk, 26 July 2012 - 04:09 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 AM

Posted 26 July 2012 - 04:21 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 kadjk

kadjk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 26 July 2012 - 04:24 PM

Hey there again,

It seems to be fine now! Its definitely faster and google isn't redirecting anymore....i think? haha for now. If it happens again I'll post about it.

ComboFix 12-07-27.02 - Danny 6/2012 Thu 17:12:34.5.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.949.82.1033.18.4087.2909 [GMT -4:00]
Running from: c:\users\Danny\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 22:38 . 2012-07-26 22:38 -------- d-----w- C:\FRST
2012-07-26 21:17 . 2012-07-26 21:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-26 21:17 . 2012-07-26 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 13:35 . 2012-07-24 13:35 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-07-24 12:14 . 2012-07-24 12:14 -------- d-----w- c:\users\Danny\AppData\Local\Macromedia
2012-07-24 11:10 . 2012-07-24 12:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-24 11:05 . 2012-07-24 11:05 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-23 19:35 . 2012-07-23 19:35 -------- d-----w- c:\users\Danny\AppData\Local\Aeria Games
2012-07-23 19:34 . 2012-07-24 13:35 -------- d-----w- c:\programdata\Aeria Games
2012-07-23 19:04 . 2012-07-23 19:05 -------- d-----w- c:\users\Danny\AppData\Local\Akamai
2012-07-13 14:57 . 2012-07-13 14:57 -------- d-----w- c:\users\Danny\AppData\Local\My Games
2012-07-13 10:34 . 2012-07-13 10:34 -------- d-----w- c:\programdata\REVOLT
2012-07-10 09:06 . 2012-07-10 09:06 -------- d-----w- c:\windows\Sun
2012-06-30 17:46 . 2012-06-30 18:03 -------- d-----w- c:\users\Danny\AppData\Local\VMware
2012-06-30 17:46 . 2012-06-30 18:06 -------- d-----w- c:\users\Danny\AppData\Roaming\VMware
2012-06-30 17:42 . 2012-06-30 18:08 -------- d-----w- c:\programdata\VMware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 12:12 . 2012-01-12 03:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2012-01-12 03:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-23 12:47 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 12:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 12:47 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 12:47 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 12:47 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 12:47 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 12:47 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-23 12:47 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-23 12:47 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 10:44 . 2012-03-22 22:43 249856 ------w- c:\windows\Setup1.exe
2012-05-01 10:43 . 2012-03-22 22:43 73216 ----a-w- c:\windows\ST6UNST.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Danny\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Akamai NetSession Interface"="c:\users\Danny\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 173056]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 173056]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-13 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 10857984]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 328704]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 12:12]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\66lgzvwz.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"=hex:51,66,7a,6c,4c,1d,38,12,68,40,25,
2b,77,e4,db,02,e0,8b,7a,e8,bc,10,3a,e3
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F156768E-81EF-470C-9057-481BA8380DBA}"=hex:51,66,7a,6c,4c,1d,38,12,e0,75,45,
f5,dd,cf,62,02,ef,41,0b,5b,ad,66,49,ae
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:7f,23,39,53,a1,6a,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-07-26 17:23:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-26 21:23
.
Pre-Run: 388,916,166,656 bytes free
Post-Run: 388,814,458,880 bytes free
.
- - End Of File - - D01DB75607F4F7622B6D589F00E16EB9


Thanks thanks!!

P.S. I'm sorry its not much, but I donated a bit for your hard work. I really appreciate it! Thanks ever so much!!

Edited by kadjk, 26 July 2012 - 04:27 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 AM

Posted 26 July 2012 - 04:27 PM

Greetings

still see something in the report we need to go after


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 kadjk

kadjk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 26 July 2012 - 05:10 PM

Hello,

Here they are


17:28:42.0497 4332 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:28:42.0720 4332 ============================================================
17:28:42.0720 4332 Current date / time: 2012/07/26 17:28:42.0720
17:28:42.0720 4332 SystemInfo:
17:28:42.0720 4332
17:28:42.0720 4332 OS Version: 6.1.7601 ServicePack: 1.0
17:28:42.0720 4332 Product type: Workstation
17:28:42.0720 4332 ComputerName: DJ-PC
17:28:42.0720 4332 UserName: Danny
17:28:42.0720 4332 Windows directory: C:\Windows
17:28:42.0720 4332 System windows directory: C:\Windows
17:28:42.0720 4332 Running under WOW64
17:28:42.0720 4332 Processor architecture: Intel x64
17:28:42.0720 4332 Number of processors: 8
17:28:42.0720 4332 Page size: 0x1000
17:28:42.0721 4332 Boot type: Normal boot
17:28:42.0721 4332 ============================================================
17:28:44.0219 4332 Drive \Device\Harddisk1\DR1 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:28:44.0219 4332 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:28:44.0225 4332 Drive \Device\Harddisk2\DR2 - Size: 0x76E480000 (29.72 Gb), SectorSize: 0x200, Cylinders: 0xF28, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:28:44.0228 4332 ============================================================
17:28:44.0228 4332 \Device\Harddisk1\DR1:
17:28:44.0228 4332 MBR partitions:
17:28:44.0228 4332 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EE6E41
17:28:44.0228 4332 \Device\Harddisk0\DR0:
17:28:44.0228 4332 MBR partitions:
17:28:44.0228 4332 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:28:44.0228 4332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
17:28:44.0228 4332 \Device\Harddisk2\DR2:
17:28:44.0229 4332 MBR partitions:
17:28:44.0229 4332 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3B70400
17:28:44.0229 4332 ============================================================
17:28:44.0249 4332 C: <-> \Device\Harddisk0\DR0\Partition1
17:28:44.0269 4332 D: <-> \Device\Harddisk1\DR1\Partition0
17:28:44.0269 4332 ============================================================
17:28:44.0269 4332 Initialize success
17:28:44.0269 4332 ============================================================
17:28:46.0373 4444 ============================================================
17:28:46.0373 4444 Scan started
17:28:46.0373 4444 Mode: Manual;
17:28:46.0373 4444 ============================================================
17:28:47.0824 4444 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:28:47.0826 4444 !SASCORE - ok
17:28:47.0952 4444 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:28:47.0954 4444 1394ohci - ok
17:28:48.0008 4444 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:28:48.0011 4444 ACPI - ok
17:28:48.0033 4444 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:28:48.0033 4444 AcpiPmi - ok
17:28:48.0085 4444 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:28:48.0086 4444 AdobeARMservice - ok
17:28:48.0416 4444 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:28:48.0421 4444 AdobeFlashPlayerUpdateSvc - ok
17:28:48.0461 4444 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:28:48.0469 4444 adp94xx - ok
17:28:48.0492 4444 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:28:48.0497 4444 adpahci - ok
17:28:48.0520 4444 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:28:48.0523 4444 adpu320 - ok
17:28:48.0551 4444 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:28:48.0552 4444 AeLookupSvc - ok
17:28:48.0590 4444 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:28:48.0597 4444 AFD - ok
17:28:48.0646 4444 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:28:48.0658 4444 agp440 - ok
17:28:48.0676 4444 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:28:48.0684 4444 ALG - ok
17:28:48.0719 4444 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:28:48.0720 4444 aliide - ok
17:28:48.0747 4444 AMD External Events Utility (2aed9a422ea1574c7d7ef9359a417718) C:\Windows\system32\atiesrxx.exe
17:28:48.0750 4444 AMD External Events Utility - ok
17:28:48.0761 4444 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:28:48.0762 4444 amdide - ok
17:28:48.0793 4444 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:28:48.0795 4444 AmdK8 - ok
17:28:49.0108 4444 amdkmdag (bfa5e854959d5546d8834ca61f4ad075) C:\Windows\system32\DRIVERS\atikmdag.sys
17:28:49.0219 4444 amdkmdag - ok
17:28:49.0327 4444 amdkmdap (92d664fffcd9e742fb25254f7f458d88) C:\Windows\system32\DRIVERS\atikmpag.sys
17:28:49.0332 4444 amdkmdap - ok
17:28:49.0339 4444 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:28:49.0340 4444 AmdPPM - ok
17:28:49.0383 4444 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:28:49.0386 4444 amdsata - ok
17:28:49.0400 4444 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:28:49.0404 4444 amdsbs - ok
17:28:49.0421 4444 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:28:49.0421 4444 amdxata - ok
17:28:49.0558 4444 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:28:49.0576 4444 AppID - ok
17:28:49.0592 4444 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:28:49.0593 4444 AppIDSvc - ok
17:28:49.0630 4444 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:28:49.0632 4444 Appinfo - ok
17:28:49.0751 4444 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:28:49.0752 4444 Apple Mobile Device - ok
17:28:49.0795 4444 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:28:49.0799 4444 AppMgmt - ok
17:28:49.0836 4444 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:28:49.0838 4444 arc - ok
17:28:49.0850 4444 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:28:49.0852 4444 arcsas - ok
17:28:49.0867 4444 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:28:49.0868 4444 AsyncMac - ok
17:28:49.0911 4444 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:28:49.0911 4444 atapi - ok
17:28:49.0960 4444 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
17:28:49.0962 4444 AtiHDAudioService - ok
17:28:50.0058 4444 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:28:50.0064 4444 AudioEndpointBuilder - ok
17:28:50.0074 4444 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:28:50.0080 4444 AudioSrv - ok
17:28:50.0264 4444 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
17:28:50.0308 4444 AVGIDSAgent - ok
17:28:50.0418 4444 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:28:50.0420 4444 AVGIDSDriver - ok
17:28:50.0428 4444 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
17:28:50.0429 4444 AVGIDSFilter - ok
17:28:50.0461 4444 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
17:28:50.0462 4444 AVGIDSHA - ok
17:28:50.0490 4444 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
17:28:50.0495 4444 Avgldx64 - ok
17:28:50.0516 4444 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
17:28:50.0518 4444 Avgmfx64 - ok
17:28:50.0533 4444 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
17:28:50.0534 4444 Avgrkx64 - ok
17:28:50.0561 4444 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
17:28:50.0567 4444 Avgtdia - ok
17:28:50.0791 4444 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:28:50.0793 4444 avgwd - ok
17:28:50.0830 4444 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:28:50.0832 4444 AxInstSV - ok
17:28:50.0869 4444 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:28:50.0876 4444 b06bdrv - ok
17:28:50.0907 4444 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:28:50.0912 4444 b57nd60a - ok
17:28:50.0954 4444 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:28:50.0957 4444 BDESVC - ok
17:28:50.0972 4444 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:28:50.0973 4444 Beep - ok
17:28:51.0111 4444 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:28:51.0122 4444 BFE - ok
17:28:51.0144 4444 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:28:51.0145 4444 blbdrive - ok
17:28:51.0222 4444 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:28:51.0227 4444 Bonjour Service - ok
17:28:51.0250 4444 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:28:51.0251 4444 bowser - ok
17:28:51.0256 4444 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:28:51.0257 4444 BrFiltLo - ok
17:28:51.0264 4444 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:28:51.0265 4444 BrFiltUp - ok
17:28:51.0369 4444 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:28:51.0377 4444 BridgeMP - ok
17:28:51.0416 4444 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:28:51.0418 4444 Browser - ok
17:28:51.0439 4444 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:28:51.0444 4444 Brserid - ok
17:28:51.0450 4444 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:28:51.0452 4444 BrSerWdm - ok
17:28:51.0457 4444 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:28:51.0458 4444 BrUsbMdm - ok
17:28:51.0463 4444 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:28:51.0463 4444 BrUsbSer - ok
17:28:51.0469 4444 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:28:51.0470 4444 BTHMODEM - ok
17:28:51.0484 4444 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:28:51.0485 4444 bthserv - ok
17:28:51.0515 4444 catchme - ok
17:28:51.0535 4444 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:28:51.0537 4444 cdfs - ok
17:28:51.0563 4444 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:28:51.0566 4444 cdrom - ok
17:28:51.0610 4444 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:28:51.0612 4444 CertPropSvc - ok
17:28:51.0632 4444 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:28:51.0634 4444 circlass - ok
17:28:51.0690 4444 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:28:51.0694 4444 CLFS - ok
17:28:51.0744 4444 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:28:51.0747 4444 clr_optimization_v2.0.50727_32 - ok
17:28:51.0790 4444 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:28:51.0792 4444 clr_optimization_v2.0.50727_64 - ok
17:28:51.0957 4444 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:28:51.0959 4444 clr_optimization_v4.0.30319_32 - ok
17:28:51.0977 4444 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:28:51.0980 4444 clr_optimization_v4.0.30319_64 - ok
17:28:51.0990 4444 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:28:51.0992 4444 CmBatt - ok
17:28:52.0023 4444 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:28:52.0024 4444 cmdide - ok
17:28:52.0072 4444 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:28:52.0076 4444 CNG - ok
17:28:52.0097 4444 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:28:52.0098 4444 Compbatt - ok
17:28:52.0134 4444 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:28:52.0135 4444 CompositeBus - ok
17:28:52.0140 4444 COMSysApp - ok
17:28:52.0154 4444 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:28:52.0155 4444 crcdisk - ok
17:28:52.0298 4444 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:28:52.0301 4444 CryptSvc - ok
17:28:52.0359 4444 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:28:52.0367 4444 CSC - ok
17:28:52.0395 4444 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:28:52.0401 4444 CscService - ok
17:28:52.0441 4444 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:28:52.0448 4444 DcomLaunch - ok
17:28:52.0488 4444 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:28:52.0493 4444 defragsvc - ok
17:28:52.0678 4444 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:28:52.0681 4444 DfsC - ok
17:28:52.0710 4444 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:28:52.0713 4444 Dhcp - ok
17:28:52.0720 4444 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:28:52.0721 4444 discache - ok
17:28:52.0739 4444 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:28:52.0740 4444 Disk - ok
17:28:52.0762 4444 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:28:52.0764 4444 Dnscache - ok
17:28:52.0802 4444 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:28:52.0805 4444 dot3svc - ok
17:28:52.0846 4444 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:28:52.0847 4444 DPS - ok
17:28:52.0867 4444 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:28:52.0867 4444 drmkaud - ok
17:28:52.0895 4444 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:28:52.0911 4444 DXGKrnl - ok
17:28:52.0985 4444 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:28:52.0987 4444 EapHost - ok
17:28:53.0071 4444 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:28:53.0103 4444 ebdrv - ok
17:28:53.0214 4444 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:28:53.0215 4444 EFS - ok
17:28:53.0344 4444 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:28:53.0355 4444 ehRecvr - ok
17:28:53.0376 4444 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:28:53.0379 4444 ehSched - ok
17:28:53.0443 4444 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:28:53.0451 4444 elxstor - ok
17:28:53.0623 4444 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
17:28:53.0624 4444 EpsonBidirectionalService - ok
17:28:53.0677 4444 EpsonCustomerParticipation (757305c7ad34222f4a46d86fe0bee241) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
17:28:53.0682 4444 EpsonCustomerParticipation - ok
17:28:53.0723 4444 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:28:53.0724 4444 ErrDev - ok
17:28:53.0767 4444 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:28:53.0771 4444 EventSystem - ok
17:28:53.0794 4444 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:28:53.0797 4444 exfat - ok
17:28:53.0814 4444 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:28:53.0818 4444 fastfat - ok
17:28:54.0094 4444 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:28:54.0105 4444 Fax - ok
17:28:54.0117 4444 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:28:54.0118 4444 fdc - ok
17:28:54.0132 4444 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:28:54.0133 4444 fdPHost - ok
17:28:54.0144 4444 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:28:54.0145 4444 FDResPub - ok
17:28:54.0157 4444 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:28:54.0158 4444 FileInfo - ok
17:28:54.0172 4444 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:28:54.0173 4444 Filetrace - ok
17:28:54.0178 4444 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:28:54.0180 4444 flpydisk - ok
17:28:54.0235 4444 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:28:54.0238 4444 FltMgr - ok
17:28:54.0395 4444 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:28:54.0415 4444 FontCache - ok
17:28:54.0489 4444 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:28:54.0491 4444 FontCache3.0.0.0 - ok
17:28:54.0523 4444 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:28:54.0525 4444 FsDepends - ok
17:28:54.0551 4444 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:28:54.0551 4444 Fs_Rec - ok
17:28:54.0604 4444 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:28:54.0606 4444 fvevol - ok
17:28:54.0635 4444 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:28:54.0637 4444 gagp30kx - ok
17:28:54.0663 4444 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:28:54.0671 4444 GEARAspiWDM - ok
17:28:54.0732 4444 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:28:54.0739 4444 gpsvc - ok
17:28:54.0775 4444 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:28:54.0776 4444 hcw85cir - ok
17:28:54.0929 4444 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:28:54.0943 4444 HdAudAddService - ok
17:28:54.0975 4444 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:28:54.0977 4444 HDAudBus - ok
17:28:54.0988 4444 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:28:54.0989 4444 HidBatt - ok
17:28:55.0009 4444 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:28:55.0010 4444 HidBth - ok
17:28:55.0014 4444 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:28:55.0015 4444 HidIr - ok
17:28:55.0038 4444 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:28:55.0038 4444 hidserv - ok
17:28:55.0089 4444 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
17:28:55.0090 4444 HidUsb - ok
17:28:55.0129 4444 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:28:55.0132 4444 hkmsvc - ok
17:28:55.0170 4444 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:28:55.0175 4444 HomeGroupListener - ok
17:28:55.0260 4444 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:28:55.0265 4444 HomeGroupProvider - ok
17:28:55.0317 4444 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:28:55.0319 4444 HpSAMD - ok
17:28:55.0383 4444 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:28:55.0390 4444 HTTP - ok
17:28:55.0408 4444 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:28:55.0409 4444 hwpolicy - ok
17:28:55.0436 4444 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:28:55.0438 4444 i8042prt - ok
17:28:55.0474 4444 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:28:55.0481 4444 iaStorV - ok
17:28:55.0564 4444 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:28:55.0576 4444 idsvc - ok
17:28:55.0618 4444 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:28:55.0634 4444 iirsp - ok
17:28:55.0755 4444 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:28:55.0770 4444 IKEEXT - ok
17:28:55.0790 4444 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:28:55.0791 4444 intelide - ok
17:28:55.0810 4444 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:28:55.0811 4444 intelppm - ok
17:28:55.0824 4444 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:28:55.0826 4444 IPBusEnum - ok
17:28:55.0861 4444 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:28:55.0862 4444 IpFilterDriver - ok
17:28:55.0928 4444 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:28:55.0936 4444 iphlpsvc - ok
17:28:55.0970 4444 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:28:55.0972 4444 IPMIDRV - ok
17:28:56.0045 4444 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:28:56.0047 4444 IPNAT - ok
17:28:56.0149 4444 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
17:28:56.0162 4444 iPod Service - ok
17:28:56.0188 4444 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:28:56.0189 4444 IRENUM - ok
17:28:56.0229 4444 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:28:56.0230 4444 isapnp - ok
17:28:56.0250 4444 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:28:56.0255 4444 iScsiPrt - ok
17:28:56.0333 4444 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
17:28:56.0335 4444 ISODrive - ok
17:28:56.0432 4444 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:28:56.0439 4444 kbdclass - ok
17:28:56.0521 4444 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:28:56.0528 4444 kbdhid - ok
17:28:56.0565 4444 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:28:56.0567 4444 KeyIso - ok
17:28:56.0582 4444 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:28:56.0584 4444 KSecDD - ok
17:28:56.0603 4444 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:28:56.0605 4444 KSecPkg - ok
17:28:56.0620 4444 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:28:56.0622 4444 ksthunk - ok
17:28:56.0659 4444 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:28:56.0666 4444 KtmRm - ok
17:28:56.0683 4444 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:28:56.0687 4444 LanmanServer - ok
17:28:56.0728 4444 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:28:56.0731 4444 LanmanWorkstation - ok
17:28:56.0867 4444 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:28:56.0869 4444 lltdio - ok
17:28:56.0906 4444 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:28:56.0912 4444 lltdsvc - ok
17:28:56.0930 4444 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:28:56.0931 4444 lmhosts - ok
17:28:56.0957 4444 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:28:56.0959 4444 LSI_FC - ok
17:28:56.0977 4444 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:28:56.0979 4444 LSI_SAS - ok
17:28:56.0995 4444 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:28:56.0997 4444 LSI_SAS2 - ok
17:28:57.0026 4444 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:28:57.0029 4444 LSI_SCSI - ok
17:28:57.0047 4444 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:28:57.0048 4444 luafv - ok
17:28:57.0080 4444 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:28:57.0083 4444 Mcx2Svc - ok
17:28:57.0130 4444 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:28:57.0135 4444 megasas - ok
17:28:57.0155 4444 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:28:57.0160 4444 MegaSR - ok
17:28:57.0218 4444 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:28:57.0232 4444 Microsoft Office Groove Audit Service - ok
17:28:57.0249 4444 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:28:57.0251 4444 MMCSS - ok
17:28:57.0268 4444 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:28:57.0270 4444 Modem - ok
17:28:57.0288 4444 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:28:57.0289 4444 monitor - ok
17:28:57.0383 4444 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:28:57.0395 4444 mouclass - ok
17:28:57.0414 4444 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:28:57.0416 4444 mouhid - ok
17:28:57.0460 4444 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:28:57.0462 4444 mountmgr - ok
17:28:57.0526 4444 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:28:57.0549 4444 MozillaMaintenance - ok
17:28:57.0571 4444 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:28:57.0573 4444 mpio - ok
17:28:57.0587 4444 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:28:57.0588 4444 mpsdrv - ok
17:28:57.0751 4444 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:28:57.0763 4444 MpsSvc - ok
17:28:57.0806 4444 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:28:57.0808 4444 MRxDAV - ok
17:28:57.0836 4444 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:28:57.0838 4444 mrxsmb - ok
17:28:57.0867 4444 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:28:57.0869 4444 mrxsmb10 - ok
17:28:57.0882 4444 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:28:57.0884 4444 mrxsmb20 - ok
17:28:57.0901 4444 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:28:57.0902 4444 msahci - ok
17:28:57.0914 4444 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:28:57.0916 4444 msdsm - ok
17:28:57.0962 4444 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:28:57.0965 4444 MSDTC - ok
17:28:57.0985 4444 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:28:57.0986 4444 Msfs - ok
17:28:58.0002 4444 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:28:58.0003 4444 mshidkmdf - ok
17:28:58.0011 4444 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:28:58.0012 4444 msisadrv - ok
17:28:58.0041 4444 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:28:58.0044 4444 MSiSCSI - ok
17:28:58.0047 4444 msiserver - ok
17:28:58.0073 4444 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:28:58.0074 4444 MSKSSRV - ok
17:28:58.0080 4444 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:28:58.0081 4444 MSPCLOCK - ok
17:28:58.0087 4444 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:28:58.0088 4444 MSPQM - ok
17:28:58.0143 4444 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:28:58.0146 4444 MsRPC - ok
17:28:58.0183 4444 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:28:58.0189 4444 mssmbios - ok
17:28:58.0197 4444 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:28:58.0198 4444 MSTEE - ok
17:28:58.0211 4444 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:28:58.0213 4444 MTConfig - ok
17:28:58.0227 4444 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
17:28:58.0228 4444 MTsensor - ok
17:28:58.0250 4444 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:28:58.0251 4444 Mup - ok
17:28:58.0299 4444 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:28:58.0308 4444 napagent - ok
17:28:58.0341 4444 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:28:58.0357 4444 NativeWifiP - ok
17:28:58.0462 4444 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:28:58.0475 4444 NDIS - ok
17:28:58.0489 4444 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:28:58.0490 4444 NdisCap - ok
17:28:58.0509 4444 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:28:58.0509 4444 NdisTapi - ok
17:28:58.0562 4444 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:28:58.0564 4444 Ndisuio - ok
17:28:58.0610 4444 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:28:58.0613 4444 NdisWan - ok
17:28:58.0651 4444 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:28:58.0653 4444 NDProxy - ok
17:28:58.0693 4444 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:28:58.0694 4444 NetBIOS - ok
17:28:58.0744 4444 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:28:58.0748 4444 NetBT - ok
17:28:58.0784 4444 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:28:58.0786 4444 Netlogon - ok
17:28:58.0826 4444 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:28:58.0831 4444 Netman - ok
17:28:58.0851 4444 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:28:58.0856 4444 netprofm - ok
17:28:59.0004 4444 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:28:59.0009 4444 NetTcpPortSharing - ok
17:28:59.0029 4444 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:28:59.0030 4444 nfrd960 - ok
17:28:59.0187 4444 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:28:59.0192 4444 NlaSvc - ok
17:28:59.0205 4444 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:28:59.0207 4444 Npfs - ok
17:28:59.0218 4444 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:28:59.0220 4444 nsi - ok
17:28:59.0256 4444 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:28:59.0257 4444 nsiproxy - ok
17:28:59.0535 4444 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:28:59.0558 4444 Ntfs - ok
17:28:59.0647 4444 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:28:59.0648 4444 Null - ok
17:28:59.0692 4444 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:28:59.0695 4444 nvraid - ok
17:28:59.0758 4444 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:28:59.0761 4444 nvstor - ok
17:28:59.0774 4444 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:28:59.0776 4444 nv_agp - ok
17:28:59.0862 4444 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:28:59.0913 4444 odserv - ok
17:28:59.0935 4444 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:28:59.0936 4444 ohci1394 - ok
17:28:59.0982 4444 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:29:00.0011 4444 ose - ok
17:29:00.0046 4444 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:29:00.0050 4444 p2pimsvc - ok
17:29:00.0088 4444 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:29:00.0093 4444 p2psvc - ok
17:29:00.0109 4444 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:29:00.0111 4444 Parport - ok
17:29:00.0143 4444 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:29:00.0144 4444 partmgr - ok
17:29:00.0163 4444 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:29:00.0166 4444 PcaSvc - ok
17:29:00.0285 4444 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:29:00.0288 4444 pci - ok
17:29:00.0300 4444 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:29:00.0301 4444 pciide - ok
17:29:00.0348 4444 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:29:00.0352 4444 pcmcia - ok
17:29:00.0381 4444 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:29:00.0382 4444 pcw - ok
17:29:00.0416 4444 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:29:00.0422 4444 PEAUTH - ok
17:29:00.0478 4444 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:29:00.0494 4444 PeerDistSvc - ok
17:29:00.0609 4444 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:29:00.0612 4444 PerfHost - ok
17:29:00.0722 4444 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:29:00.0739 4444 pla - ok
17:29:00.0806 4444 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:29:00.0811 4444 PlugPlay - ok
17:29:00.0835 4444 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:29:00.0838 4444 PNRPAutoReg - ok
17:29:00.0866 4444 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:29:00.0870 4444 PNRPsvc - ok
17:29:00.0897 4444 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:29:00.0904 4444 PolicyAgent - ok
17:29:00.0932 4444 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:29:00.0935 4444 Power - ok
17:29:01.0038 4444 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:29:01.0045 4444 PptpMiniport - ok
17:29:01.0073 4444 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:29:01.0074 4444 Processor - ok
17:29:01.0098 4444 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:29:01.0102 4444 ProfSvc - ok
17:29:01.0143 4444 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:29:01.0145 4444 ProtectedStorage - ok
17:29:01.0183 4444 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:29:01.0185 4444 Psched - ok
17:29:01.0275 4444 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:29:01.0296 4444 ql2300 - ok
17:29:01.0351 4444 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:29:01.0353 4444 ql40xx - ok
17:29:01.0372 4444 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:29:01.0385 4444 QWAVE - ok
17:29:01.0403 4444 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:29:01.0404 4444 QWAVEdrv - ok
17:29:01.0414 4444 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:29:01.0415 4444 RasAcd - ok
17:29:01.0440 4444 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:29:01.0441 4444 RasAgileVpn - ok
17:29:01.0460 4444 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:29:01.0464 4444 RasAuto - ok
17:29:01.0549 4444 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:29:01.0552 4444 Rasl2tp - ok
17:29:01.0601 4444 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:29:01.0607 4444 RasMan - ok
17:29:01.0624 4444 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:29:01.0626 4444 RasPppoe - ok
17:29:01.0650 4444 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:29:01.0652 4444 RasSstp - ok
17:29:01.0697 4444 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:29:01.0702 4444 rdbss - ok
17:29:01.0710 4444 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:29:01.0711 4444 rdpbus - ok
17:29:01.0719 4444 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:29:01.0720 4444 RDPCDD - ok
17:29:01.0783 4444 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:29:01.0786 4444 RDPDR - ok
17:29:01.0809 4444 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:29:01.0810 4444 RDPENCDD - ok
17:29:01.0822 4444 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:29:01.0823 4444 RDPREFMP - ok
17:29:01.0865 4444 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:29:01.0868 4444 RDPWD - ok
17:29:01.0927 4444 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:29:01.0929 4444 rdyboost - ok
17:29:01.0960 4444 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:29:01.0963 4444 RemoteAccess - ok
17:29:02.0017 4444 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:29:02.0020 4444 RemoteRegistry - ok
17:29:02.0034 4444 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:29:02.0037 4444 RpcEptMapper - ok
17:29:02.0052 4444 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:29:02.0054 4444 RpcLocator - ok
17:29:02.0112 4444 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:29:02.0119 4444 RpcSs - ok
17:29:02.0129 4444 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:29:02.0130 4444 rspndr - ok
17:29:02.0169 4444 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:29:02.0173 4444 RTL8167 - ok
17:29:02.0211 4444 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:29:02.0212 4444 s3cap - ok
17:29:02.0286 4444 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:29:02.0287 4444 SamSs - ok
17:29:02.0339 4444 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:29:02.0340 4444 SASDIFSV - ok
17:29:02.0347 4444 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:29:02.0348 4444 SASKUTIL - ok
17:29:02.0371 4444 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:29:02.0373 4444 sbp2port - ok
17:29:02.0414 4444 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:29:02.0419 4444 SCardSvr - ok
17:29:02.0455 4444 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:29:02.0457 4444 scfilter - ok
17:29:02.0526 4444 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:29:02.0535 4444 Schedule - ok
17:29:02.0564 4444 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:29:02.0565 4444 SCPolicySvc - ok
17:29:02.0602 4444 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:29:02.0607 4444 SDRSVC - ok
17:29:02.0654 4444 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:29:02.0655 4444 secdrv - ok
17:29:02.0694 4444 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:29:02.0696 4444 seclogon - ok
17:29:02.0732 4444 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:29:02.0735 4444 SENS - ok
17:29:02.0748 4444 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:29:02.0751 4444 SensrSvc - ok
17:29:02.0770 4444 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:29:02.0771 4444 Serenum - ok
17:29:02.0796 4444 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:29:02.0798 4444 Serial - ok
17:29:02.0837 4444 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:29:02.0838 4444 sermouse - ok
17:29:02.0889 4444 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:29:02.0893 4444 SessionEnv - ok
17:29:02.0916 4444 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:29:02.0917 4444 sffdisk - ok
17:29:02.0932 4444 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:29:02.0933 4444 sffp_mmc - ok
17:29:02.0971 4444 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:29:02.0985 4444 sffp_sd - ok
17:29:03.0036 4444 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:29:03.0043 4444 sfloppy - ok
17:29:03.0610 4444 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:29:03.0624 4444 SharedAccess - ok
17:29:03.0665 4444 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:29:03.0671 4444 ShellHWDetection - ok
17:29:03.0704 4444 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:29:03.0705 4444 SiSRaid2 - ok
17:29:03.0717 4444 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:29:03.0719 4444 SiSRaid4 - ok
17:29:03.0731 4444 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:29:03.0733 4444 Smb - ok
17:29:03.0760 4444 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:29:03.0762 4444 SNMPTRAP - ok
17:29:03.0776 4444 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:29:03.0776 4444 spldr - ok
17:29:03.0809 4444 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:29:03.0818 4444 Spooler - ok
17:29:03.0941 4444 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:29:03.0972 4444 sppsvc - ok
17:29:04.0035 4444 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:29:04.0038 4444 sppuinotify - ok
17:29:04.0116 4444 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:29:04.0121 4444 srv - ok
17:29:04.0154 4444 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:29:04.0158 4444 srv2 - ok
17:29:04.0284 4444 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:29:04.0286 4444 srvnet - ok
17:29:04.0517 4444 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:29:04.0520 4444 SSDPSRV - ok
17:29:04.0549 4444 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:29:04.0552 4444 SstpSvc - ok
17:29:04.0589 4444 Steam Client Service - ok
17:29:04.0608 4444 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:29:04.0609 4444 stexstor - ok
17:29:04.0671 4444 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:29:04.0679 4444 stisvc - ok
17:29:04.0717 4444 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:29:04.0718 4444 storflt - ok
17:29:04.0744 4444 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:29:04.0747 4444 StorSvc - ok
17:29:04.0769 4444 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:29:04.0770 4444 storvsc - ok
17:29:04.0810 4444 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:29:04.0811 4444 swenum - ok
17:29:04.0839 4444 SwOffScheduler - ok
17:29:04.0844 4444 SwOffWeb - ok
17:29:04.0880 4444 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:29:04.0889 4444 swprv - ok
17:29:04.0973 4444 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:29:04.0992 4444 SysMain - ok
17:29:05.0089 4444 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:29:05.0093 4444 TabletInputService - ok
17:29:05.0113 4444 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:29:05.0117 4444 TapiSrv - ok
17:29:05.0131 4444 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:29:05.0133 4444 TBS - ok
17:29:05.0251 4444 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:29:05.0276 4444 Tcpip - ok
17:29:05.0352 4444 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:29:05.0362 4444 TCPIP6 - ok
17:29:05.0450 4444 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:29:05.0451 4444 tcpipreg - ok
17:29:05.0498 4444 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:29:05.0499 4444 TDPIPE - ok
17:29:05.0532 4444 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:29:05.0534 4444 TDTCP - ok
17:29:05.0576 4444 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:29:05.0578 4444 tdx - ok
17:29:05.0591 4444 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:29:05.0593 4444 TermDD - ok
17:29:05.0632 4444 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:29:05.0640 4444 TermService - ok
17:29:05.0692 4444 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:29:05.0695 4444 Themes - ok
17:29:05.0718 4444 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:29:05.0720 4444 THREADORDER - ok
17:29:05.0739 4444 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:29:05.0742 4444 TrkWks - ok
17:29:05.0772 4444 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:29:05.0775 4444 TrustedInstaller - ok
17:29:05.0808 4444 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:29:05.0810 4444 tssecsrv - ok
17:29:05.0855 4444 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:29:05.0857 4444 TsUsbFlt - ok
17:29:05.0901 4444 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:29:05.0903 4444 tunnel - ok
17:29:05.0918 4444 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:29:05.0919 4444 uagp35 - ok
17:29:05.0953 4444 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:29:05.0958 4444 udfs - ok
17:29:05.0977 4444 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:29:05.0981 4444 UI0Detect - ok
17:29:05.0996 4444 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:29:05.0998 4444 uliagpkx - ok
17:29:06.0026 4444 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:29:06.0027 4444 umbus - ok
17:29:06.0032 4444 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:29:06.0033 4444 UmPass - ok
17:29:06.0058 4444 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:29:06.0064 4444 UmRdpService - ok
17:29:06.0088 4444 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:29:06.0095 4444 upnphost - ok
17:29:06.0142 4444 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:29:06.0144 4444 USBAAPL64 - ok
17:29:06.0198 4444 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:29:06.0200 4444 usbccgp - ok
17:29:06.0225 4444 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:29:06.0227 4444 usbcir - ok
17:29:06.0247 4444 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:29:06.0248 4444 usbehci - ok
17:29:06.0271 4444 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:29:06.0277 4444 usbhub - ok
17:29:06.0290 4444 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:29:06.0291 4444 usbohci - ok
17:29:06.0308 4444 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:29:06.0310 4444 usbprint - ok
17:29:06.0329 4444 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:29:06.0331 4444 USBSTOR - ok
17:29:06.0349 4444 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:29:06.0351 4444 usbuhci - ok
17:29:06.0376 4444 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:29:06.0378 4444 UxSms - ok
17:29:06.0417 4444 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:29:06.0419 4444 VaultSvc - ok
17:29:06.0432 4444 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:29:06.0433 4444 vdrvroot - ok
17:29:06.0485 4444 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:29:06.0495 4444 vds - ok
17:29:06.0529 4444 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:29:06.0531 4444 vga - ok
17:29:06.0572 4444 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:29:06.0573 4444 VgaSave - ok
17:29:06.0609 4444 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:29:06.0613 4444 vhdmp - ok
17:29:06.0644 4444 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:29:06.0645 4444 viaide - ok
17:29:06.0662 4444 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:29:06.0664 4444 vmbus - ok
17:29:06.0699 4444 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:29:06.0701 4444 VMBusHID - ok
17:29:06.0712 4444 vmci - ok
17:29:06.0729 4444 VMnetAdapter - ok
17:29:06.0743 4444 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:29:06.0744 4444 volmgr - ok
17:29:06.0788 4444 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:29:06.0791 4444 volmgrx - ok
17:29:06.0821 4444 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:29:06.0825 4444 volsnap - ok
17:29:06.0850 4444 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:29:06.0853 4444 vsmraid - ok
17:29:06.0929 4444 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:29:06.0948 4444 VSS - ok
17:29:07.0040 4444 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:29:07.0041 4444 vwifibus - ok
17:29:07.0076 4444 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:29:07.0084 4444 W32Time - ok
17:29:07.0099 4444 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:29:07.0100 4444 WacomPen - ok
17:29:07.0127 4444 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:29:07.0129 4444 WANARP - ok
17:29:07.0141 4444 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:29:07.0143 4444 Wanarpv6 - ok
17:29:07.0210 4444 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:29:07.0228 4444 WatAdminSvc - ok
17:29:07.0300 4444 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:29:07.0318 4444 wbengine - ok
17:29:07.0347 4444 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:29:07.0351 4444 WbioSrvc - ok
17:29:07.0399 4444 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:29:07.0406 4444 wcncsvc - ok
17:29:07.0426 4444 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:29:07.0429 4444 WcsPlugInService - ok
17:29:07.0448 4444 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:29:07.0449 4444 Wd - ok
17:29:07.0482 4444 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:29:07.0487 4444 Wdf01000 - ok
17:29:07.0501 4444 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:29:07.0503 4444 WdiServiceHost - ok
17:29:07.0507 4444 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:29:07.0509 4444 WdiSystemHost - ok
17:29:07.0564 4444 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:29:07.0570 4444 WebClient - ok
17:29:07.0595 4444 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:29:07.0600 4444 Wecsvc - ok
17:29:07.0631 4444 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:29:07.0634 4444 wercplsupport - ok
17:29:07.0658 4444 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:29:07.0661 4444 WerSvc - ok
17:29:07.0678 4444 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:29:07.0679 4444 WfpLwf - ok
17:29:07.0688 4444 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:29:07.0690 4444 WIMMount - ok
17:29:07.0729 4444 WinDefend - ok
17:29:07.0737 4444 WinHttpAutoProxySvc - ok
17:29:07.0790 4444 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:29:07.0793 4444 Winmgmt - ok
17:29:07.0912 4444 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:29:07.0936 4444 WinRM - ok
17:29:08.0065 4444 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:29:08.0067 4444 WinUsb - ok
17:29:08.0107 4444 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:29:08.0122 4444 Wlansvc - ok
17:29:08.0147 4444 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:29:08.0148 4444 WmiAcpi - ok
17:29:08.0170 4444 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:29:08.0174 4444 wmiApSrv - ok
17:29:08.0184 4444 WMPNetworkSvc - ok
17:29:08.0198 4444 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:29:08.0201 4444 WPCSvc - ok
17:29:08.0237 4444 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:29:08.0240 4444 WPDBusEnum - ok
17:29:08.0254 4444 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:29:08.0255 4444 ws2ifsl - ok
17:29:08.0347 4444 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:29:08.0350 4444 wscsvc - ok
17:29:08.0354 4444 WSearch - ok
17:29:08.0464 4444 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:29:08.0487 4444 wuauserv - ok
17:29:08.0570 4444 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:29:08.0572 4444 WudfPf - ok
17:29:08.0595 4444 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:29:08.0597 4444 WUDFRd - ok
17:29:08.0638 4444 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:29:08.0639 4444 wudfsvc - ok
17:29:08.0659 4444 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:29:08.0662 4444 WwanSvc - ok
17:29:08.0676 4444 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:29:08.0971 4444 \Device\Harddisk1\DR1 - ok
17:29:08.0983 4444 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:29:09.0030 4444 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:29:09.0030 4444 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:29:09.0037 4444 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
17:29:09.0042 4444 \Device\Harddisk2\DR2 - ok
17:29:09.0050 4444 Boot (0x1200) (9f043a9d02b2010cac857cd158111af8) \Device\Harddisk1\DR1\Partition0
17:29:09.0052 4444 \Device\Harddisk1\DR1\Partition0 - ok
17:29:09.0056 4444 Boot (0x1200) (22778784c7917feec1ea85e335cf5f63) \Device\Harddisk0\DR0\Partition0
17:29:09.0058 4444 \Device\Harddisk0\DR0\Partition0 - ok
17:29:09.0070 4444 Boot (0x1200) (d311d841153c91982ae231cb96c91ed9) \Device\Harddisk0\DR0\Partition1
17:29:09.0071 4444 \Device\Harddisk0\DR0\Partition1 - ok
17:29:09.0075 4444 Boot (0x1200) (35b2569b5d3cecaa0f656fb6c83b12b7) \Device\Harddisk2\DR2\Partition0
17:29:09.0076 4444 \Device\Harddisk2\DR2\Partition0 - ok
17:29:09.0076 4444 ============================================================
17:29:09.0076 4444 Scan finished
17:29:09.0076 4444 ============================================================
17:29:09.0082 4772 Detected object count: 1
17:29:09.0082 4772 Actual detected object count: 1
17:29:15.0805 4772 \Device\Harddisk0\DR0\# - copied to quarantine
17:29:15.0805 4772 \Device\Harddisk0\DR0 - copied to quarantine
17:29:15.0825 4772 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:29:15.0826 4772 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:29:15.0828 4772 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:29:15.0830 4772 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:29:15.0836 4772 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:29:15.0840 4772 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:29:15.0841 4772 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:29:15.0841 4772 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:29:15.0842 4772 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:29:15.0843 4772 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:29:15.0845 4772 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:29:15.0845 4772 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:29:15.0846 4772 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:29:15.0847 4772 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:29:15.0852 4772 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:29:15.0854 4772 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:29:15.0854 4772 \Device\Harddisk0\DR0 - ok
17:29:15.0863 4772 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:29:20.0575 4860 Deinitialize success




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-26 17:32:07
-----------------------------
17:32:07.144 OS Version: Windows x64 6.1.7601 Service Pack 1
17:32:07.144 Number of processors: 8 586 0x1E05
17:32:07.145 ComputerName: DJ-PC UserName: Danny
17:32:08.305 Initialize success
17:33:00.850 AVAST engine defs: 12072602
17:37:16.461 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-6
17:37:16.467 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ100E4 Size: 953869MB BusType: 3
17:37:16.470 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-9
17:37:16.473 Disk 1 Vendor: Maxtor_6L300R0 BAH41G10 Size: 286168MB BusType: 3
17:37:16.486 Disk 0 MBR read successfully
17:37:16.490 Disk 0 MBR scan
17:37:16.496 Disk 0 Windows 7 default MBR code
17:37:16.508 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:37:16.523 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
17:37:16.543 Disk 0 scanning C:\Windows\system32\drivers
17:37:26.465 Service scanning
17:37:44.703 Modules scanning
17:37:44.714 Disk 0 trace - called modules:
17:37:44.744 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:37:44.751 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004db9790]
17:37:44.758 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004ad69b0]
17:37:44.765 5 ACPI.sys[fffff88000fa67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-6[0xfffffa8004b1b680]
17:37:45.994 AVAST engine scan C:\Windows
17:37:51.094 AVAST engine scan C:\Windows\system32
17:40:57.837 AVAST engine scan C:\Windows\system32\drivers
17:41:17.690 AVAST engine scan C:\Users\Danny
17:53:17.981 AVAST engine scan C:\ProgramData
17:55:54.034 Scan finished successfully
18:09:51.213 Disk 0 MBR has been saved successfully to "C:\Users\Danny\Desktop\MBR.dat"
18:09:51.216 The log file has been saved successfully to "C:\Users\Danny\Desktop\aswMBR.txt"


Thanks!!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 AM

Posted 26 July 2012 - 08:50 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kadjk

kadjk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 26 July 2012 - 09:29 PM

Hello,


Here it is!



ComboFix 12-07-27.02 - Danny 6/2012 Thu 22:13:09.6.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.949.82.1033.18.4087.2927 [GMT -4:00]
Running from: c:\users\Danny\Desktop\ComboFix.exe
Command switches used :: c:\users\Danny\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 02:18 . 2012-07-27 02:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-27 02:18 . 2012-07-27 02:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 13:35 . 2012-07-24 13:35 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-07-24 12:14 . 2012-07-24 12:14 -------- d-----w- c:\users\Danny\AppData\Local\Macromedia
2012-07-24 11:10 . 2012-07-26 22:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-24 11:05 . 2012-07-24 11:05 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-23 19:35 . 2012-07-23 19:35 -------- d-----w- c:\users\Danny\AppData\Local\Aeria Games
2012-07-23 19:34 . 2012-07-24 13:35 -------- d-----w- c:\programdata\Aeria Games
2012-07-23 19:04 . 2012-07-23 19:05 -------- d-----w- c:\users\Danny\AppData\Local\Akamai
2012-07-13 14:57 . 2012-07-13 14:57 -------- d-----w- c:\users\Danny\AppData\Local\My Games
2012-07-13 10:34 . 2012-07-13 10:34 -------- d-----w- c:\programdata\REVOLT
2012-07-10 09:06 . 2012-07-10 09:06 -------- d-----w- c:\windows\Sun
2012-06-30 17:46 . 2012-06-30 18:03 -------- d-----w- c:\users\Danny\AppData\Local\VMware
2012-06-30 17:46 . 2012-06-30 18:06 -------- d-----w- c:\users\Danny\AppData\Roaming\VMware
2012-06-30 17:42 . 2012-06-30 18:08 -------- d-----w- c:\programdata\VMware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 22:12 . 2012-01-12 03:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2012-01-12 03:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-23 12:47 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 12:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 12:47 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 12:47 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 12:47 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 12:47 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 12:47 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-23 12:47 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-23 12:47 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 10:44 . 2012-03-22 22:43 249856 ------w- c:\windows\Setup1.exe
2012-05-01 10:43 . 2012-03-22 22:43 73216 ----a-w- c:\windows\ST6UNST.EXE
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-26_21.19.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-12 03:17 . 2012-07-27 02:10 46228 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-27 02:10 30976 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-07-26 23:41 30976 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-12 02:58 . 2012-07-27 02:10 15064 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3150816244-4210488078-4119504859-1000_UserData.bin
+ 2012-01-12 05:48 . 2012-07-26 22:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-12 05:48 . 2012-07-24 12:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-12 05:48 . 2012-07-26 22:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-12 05:48 . 2012-07-24 12:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-24 12:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-26 22:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-26 21:18 . 2012-07-26 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-27 02:20 . 2012-07-27 02:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-26 21:18 . 2012-07-26 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-27 02:20 . 2012-07-27 02:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-26 22:12 . 2012-07-26 22:12 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
+ 2012-07-26 22:12 . 2012-07-26 22:12 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.dll
+ 2012-07-24 11:10 . 2012-07-26 22:12 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-07-24 11:10 . 2012-07-24 12:12 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2009-07-14 04:54 . 2012-07-26 21:11 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-26 22:12 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-07-26 23:45 618714 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-26 22:21 618714 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-26 22:21 107034 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-26 23:45 107034 c:\windows\system32\perfc009.dat
+ 2012-07-26 22:12 . 2012-07-26 22:12 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.exe
+ 2012-07-26 22:12 . 2012-07-26 22:12 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.dll
- 2009-07-14 05:01 . 2012-07-26 21:17 402100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-27 02:18 402100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-26 21:11 7880704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-26 22:12 7880704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-26 21:11 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-26 22:12 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-12 03:14 . 2012-07-27 02:18 19413152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3150816244-4210488078-4119504859-1000-12288.dat
- 2012-01-12 03:14 . 2012-07-26 21:17 19413152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3150816244-4210488078-4119504859-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Danny\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Akamai NetSession Interface"="c:\users\Danny\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 173056]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 173056]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-13 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 10857984]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 328704]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 22:12]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\66lgzvwz.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"=hex:51,66,7a,6c,4c,1d,38,12,68,40,25,
2b,77,e4,db,02,e0,8b,7a,e8,bc,10,3a,e3
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F156768E-81EF-470C-9057-481BA8380DBA}"=hex:51,66,7a,6c,4c,1d,38,12,e0,75,45,
f5,dd,cf,62,02,ef,41,0b,5b,ad,66,49,ae
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:7f,23,39,53,a1,6a,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-07-26 22:24:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-27 02:24
ComboFix2.txt 2012-07-26 21:23
.
Pre-Run: 388,741,763,072 bytes free
Post-Run: 388,781,268,992 bytes free
.
- - End Of File - - FAC4789329D298D5EF6A2AE2B9B9CD0C


Thanks again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users