Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help needed with Win32:Sirefef-PL Rootkit!


  • This topic is locked This topic is locked
22 replies to this topic

#1 Kornley

Kornley

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 27 July 2012 - 05:01 PM

So, I have a stubborn Win32:Sirefef-PL and I don't know how to remove it. Does this rootkit have something to do with my non-working Security Essentials? I was able to create DDS logs but I can't finish the scan on GMER because always at some point appears a blue screen... I tried 4 times.

Here is the DDS log:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by illi at 21:26:20 on 2012-07-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1033.18.2047.471 [GMT 3:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\illi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Cobian Backup 11\Cobian.exe
C:\Program Files\Cobian Backup 11\cbInterface.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Messenger Plus! Community SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Messenger Plus! Community Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [AdobeBridge]
uRun: [Spotify Web Helper] "c:\users\illi\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [MessengerPlusForSkypeUninstall] "c:\users\illi\appdata\local\temp\MsgPlusUninstall.exe" /Cleanup
mRunOnce: [MessengerPlusLiveUninstall] "c:\users\illi\appdata\local\temp\MsgPlusUninstall.exe" /Cleanup
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: V&ie Microsoft Exceliin - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} - hxxp://www.sony.fi/bravia/RegistrationAgent.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1048F73C-A40C-4ABF-BC70-D713FBA4046E} : DhcpNameServer = 193.229.0.40 192.168.0.1
TCP: Interfaces\{9DE1F1BD-4E2B-4FD7-95B3-B198E0975164} : DhcpNameServer = 192.168.1.10
TCP: Interfaces\{E754842A-4207-408B-84AF-F66F88768A0D} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\illi\appdata\roaming\mozilla\firefox\profiles\bb6zq60n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
FF - component: c:\program files\nokia\nokia suite\connectors\bookmarks connector\firefoxextension_3.6\components\FirefoxExtension.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - component: c:\users\illi\appdata\roaming\mozilla\firefox\profiles\bb6zq60n.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 171064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-24 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-24 353688]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-24 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-24 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-24 44808]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2009-8-11 893440]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\askupgrade.exe --> c:\program files\askbardis\bar\bin\ASKUpgrade.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-5 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 250056]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-7-15 101904]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\windows\temp\f-secure\anti-virus\fsblsrv.exe [2012-5-5 167936]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-24 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Päivitä-palvelu (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-5 133104]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-1 137600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-25 15872]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-25 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-29 1343400]
S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2011-5-25 12800]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-07-26 17:57:00 -------- d-----w- c:\program files\Cobian Backup 11
2012-07-26 12:26:14 -------- d-----w- c:\users\illi\appdata\local\{1B793030-AFDA-422B-A69C-45E391E93118}
2012-07-26 12:26:01 -------- d-----w- c:\users\illi\appdata\local\{914222DA-A9B5-4D19-A457-0526B7E975AE}
2012-07-25 11:45:28 -------- d-----w- c:\users\illi\appdata\local\{358C7192-77B8-407D-9A34-250B29D77CB7}
2012-07-25 11:45:14 -------- d-----w- c:\users\illi\appdata\local\{76C36F2D-939E-49B4-BD0F-00B7665DD56F}
2012-07-25 09:43:09 -------- d-----w- c:\program files\ESET
2012-07-24 23:44:40 -------- d-----w- c:\users\illi\appdata\local\{F503DF0F-7C86-4471-9D7B-DD1ABD2F6453}
2012-07-24 23:44:18 -------- d-----w- c:\users\illi\appdata\local\{FC59B6D1-EA25-4F81-ABE8-639D46556A05}
2012-07-24 12:53:43 -------- d-----w- c:\users\illi\appdata\roaming\Malwarebytes
2012-07-24 12:53:23 -------- d-----w- c:\programdata\Malwarebytes
2012-07-24 12:53:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-24 12:53:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-24 11:52:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-24 11:52:09 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-24 11:52:03 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-24 11:51:08 41224 ----a-w- c:\windows\avastSS.scr
2012-07-24 11:50:52 -------- d-----w- c:\programdata\AVAST Software
2012-07-24 11:50:52 -------- d-----w- c:\program files\AVAST Software
2012-07-24 11:43:48 -------- d-----w- c:\users\illi\appdata\local\{75FED2A1-20D0-4991-AD1E-DFA47CB0A809}
2012-07-24 11:43:37 -------- d-----w- c:\users\illi\appdata\local\{65648B83-C4D2-41A6-8A90-89F0C03DCFDE}
2012-07-23 19:47:34 -------- d-----w- c:\users\illi\appdata\local\{1055F1C3-549A-4E09-BED2-54FD801766B1}
2012-07-23 19:47:21 -------- d-----w- c:\users\illi\appdata\local\{972C75B4-AD78-4801-8A3C-E4712AF31B84}
2012-07-21 22:09:23 -------- d-----w- c:\users\illi\appdata\local\{313047F4-52CE-4C10-A66A-E9239D5ED236}
2012-07-21 22:09:09 -------- d-----w- c:\users\illi\appdata\local\{A3FD1BAE-49BD-43E6-AA9E-26A9392E0BE4}
2012-07-21 09:27:25 -------- d-----w- c:\users\illi\appdata\local\{F1388CA4-9236-4E83-8209-543E109154F9}
2012-07-21 09:27:12 -------- d-----w- c:\users\illi\appdata\local\{1AE79077-A51F-4DCB-A591-AF0782A0E1B8}
2012-07-20 11:25:55 -------- d-----w- c:\users\illi\appdata\local\{41FE9F04-9D1C-4E1A-84BF-9A8F5DE69EB7}
2012-07-20 11:25:39 -------- d-----w- c:\users\illi\appdata\local\{79F50BBF-4319-4AEF-9091-3E91364AB173}
2012-07-19 22:00:16 -------- d-----w- c:\users\illi\appdata\local\{A2CF45C1-EDA1-44F5-B1E7-CC962FBEBD43}
2012-07-19 22:00:04 -------- d-----w- c:\users\illi\appdata\local\{8078B15D-7092-468A-91B0-DE7341161B96}
2012-07-19 10:08:54 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{378b9a4f-8f26-4b92-b610-90ef2611df62}\mpengine.dll
2012-07-19 09:59:20 -------- d-----w- c:\users\illi\appdata\local\{0BA36CCD-2CFD-4937-894B-A2332133B15F}
2012-07-19 09:59:04 -------- d-----w- c:\users\illi\appdata\local\{F50F579B-7F89-491B-8045-85EC66E684C1}
2012-07-18 10:00:30 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-18 09:46:37 -------- d-----w- c:\users\illi\appdata\local\{C839DAAC-AAD7-4848-B036-8E3B6CF73AB2}
2012-07-18 09:46:25 -------- d-----w- c:\users\illi\appdata\local\{B7B77CE2-62FD-4089-A22C-74E2074E846A}
2012-07-17 09:26:59 -------- d-----w- c:\users\illi\appdata\local\{A965C797-3BDE-42C3-BF31-084E9839FDD6}
2012-07-17 09:26:45 -------- d-----w- c:\users\illi\appdata\local\{4DB47AE0-F6E9-4CD7-8978-06528F058454}
2012-07-16 20:27:47 -------- d-----w- c:\users\illi\appdata\local\{42CD3B46-3BE1-49C1-A12E-2A7313451D5A}
2012-07-16 08:26:43 -------- d-----w- c:\users\illi\appdata\local\{B949D77F-87D9-469C-A8C2-793A761EE055}
2012-07-16 08:26:25 -------- d-----w- c:\users\illi\appdata\local\{885CCC5A-73B9-4397-B1E5-90B02C4D4780}
2012-07-15 08:10:52 -------- d-----w- c:\users\illi\appdata\local\{B2C7AF02-034A-4CD4-B2DB-7A832C80D995}
2012-07-15 08:10:37 -------- d-----w- c:\users\illi\appdata\local\{1069FF1E-3739-41B9-AD62-9C617DF6B581}
2012-07-14 10:24:56 -------- d-----w- c:\users\illi\appdata\local\{9CCFB369-2B21-48A0-B05A-8DE85F49948B}
2012-07-14 10:24:43 -------- d-----w- c:\users\illi\appdata\local\{76CB332C-4E4B-40EF-85DE-18325F14E6AD}
2012-07-13 17:35:44 -------- d-----w- c:\users\illi\appdata\local\{7F54A864-FD29-4169-8B11-8BDFBF667C1C}
2012-07-13 05:35:08 -------- d-----w- c:\users\illi\appdata\local\{9E99EE16-1AF2-4E0C-B094-BCC51BC40D4C}
2012-07-13 05:34:55 -------- d-----w- c:\users\illi\appdata\local\{0D212C36-85DE-41B2-936D-7047AEDF88A3}
2012-07-12 09:55:27 -------- d-----w- c:\users\illi\appdata\local\{67E6146D-AED2-4449-A393-568E3E014D71}
2012-07-11 22:02:38 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 14:06:40 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 14:06:40 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 14:06:39 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll
2012-07-11 14:06:39 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2012-07-11 14:06:39 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2012-07-11 14:06:39 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll
2012-07-11 14:06:38 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
2012-07-11 14:02:30 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 14:02:30 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 14:02:30 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 14:02:29 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 14:02:29 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 14:02:27 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 14:02:26 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 14:02:26 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 12:19:57 -------- d-----w- c:\users\illi\appdata\local\{0A6807B9-8978-4581-8ADE-370AC72B69DB}
2012-07-11 12:19:43 -------- d-----w- c:\users\illi\appdata\local\{4687B206-A2FE-44DC-A9C3-1F7FE3729E64}
2012-07-10 12:10:13 -------- d-----w- c:\users\illi\appdata\local\{18022A92-5B1C-455C-A13A-C9C28DBB818A}
2012-07-10 12:09:56 -------- d-----w- c:\users\illi\appdata\local\{8CD1D169-D78C-4FA2-B48C-53A0A695153E}
2012-07-09 17:52:33 -------- d-----w- c:\users\illi\appdata\local\{83AC1D44-ABAD-4BC4-9F8C-786F1B86BCC0}
2012-07-09 17:52:21 -------- d-----w- c:\users\illi\appdata\local\{B6C5E614-8B0D-41E4-A6AB-094F4CE77671}
2012-07-09 05:51:38 -------- d-----w- c:\users\illi\appdata\local\{6FE74017-5983-4A06-AF13-092B5177BF68}
2012-07-09 05:51:24 -------- d-----w- c:\users\illi\appdata\local\{3CC439A7-9015-4959-87C8-ECA0DBB07613}
2012-07-08 09:12:18 -------- d-----w- c:\users\illi\appdata\local\{27C9F0C7-9562-45B1-87AB-68D6C60107A9}
2012-07-08 09:12:07 -------- d-----w- c:\users\illi\appdata\local\{73D3BA53-2B86-4954-9B88-521DF5BBB6AB}
2012-07-07 09:56:10 -------- d-----w- c:\users\illi\appdata\local\{565EE53D-F126-4BDC-874D-F02A0DC74BDB}
2012-07-07 09:56:00 -------- d-----w- c:\users\illi\appdata\local\{792D4104-44AF-457D-89F5-CF210822457C}
2012-07-06 13:40:55 -------- d-----w- c:\users\illi\appdata\local\{B89A53FB-9C5D-4AFF-A77F-9BF4DE02AE52}
2012-07-06 13:40:41 -------- d-----w- c:\users\illi\appdata\local\{8C066BBC-3088-4BE7-A856-F589CEECBECE}
2012-07-05 12:34:42 -------- d-----w- c:\users\illi\appdata\local\{BA4AD5D9-9987-4995-8539-5BEAD1744239}
2012-07-05 12:34:23 -------- d-----w- c:\users\illi\appdata\local\{FD93B0B4-C5B4-4934-901B-0D799EAC606A}
2012-07-04 14:25:04 -------- d-----w- c:\users\illi\appdata\local\{E7908DF1-B463-4AD6-84DC-26AD2FE83D4B}
2012-07-04 14:24:50 -------- d-----w- c:\users\illi\appdata\local\{57BA9BAE-0305-4E01-8B9E-7A14886D51E4}
2012-07-03 19:55:27 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fa24f521-080c-4a71-9641-a672fb92e497}\gapaengine.dll
2012-07-03 12:49:45 -------- d-----w- c:\users\illi\appdata\local\{BDD2EDB9-5A98-4DE3-B6C7-2D55D2D5A212}
2012-07-03 12:49:32 -------- d-----w- c:\users\illi\appdata\local\{E1AE4CA7-2E8E-4A55-A335-8F7313308C66}
2012-07-02 18:15:46 -------- d-----w- c:\users\illi\appdata\local\{9CDB3313-AA76-43BE-8BBA-9976AA744519}
2012-07-02 18:15:23 -------- d-----w- c:\users\illi\appdata\local\{66EA3A44-9013-4838-AC53-9F2377125731}
2012-07-01 21:10:47 -------- d-----w- c:\users\illi\appdata\local\{0542CCEB-42E6-4A07-935B-8454152C4CBC}
2012-07-01 09:00:01 -------- d-----w- c:\users\illi\appdata\local\{67546648-12A2-4FAE-96EC-1EAECADEF4C6}
2012-06-30 10:58:55 -------- d-----w- c:\users\illi\appdata\local\{C6519841-C132-4F55-BEB2-A7647023DAC6}
2012-06-30 10:58:44 -------- d-----w- c:\users\illi\appdata\local\{FB28C55B-7558-4DEE-98ED-2EED7E680082}
2012-06-29 13:26:22 -------- d-----w- c:\users\illi\appdata\local\{F56B083B-0D25-417F-99CE-68A3697E26D3}
2012-06-29 13:26:12 -------- d-----w- c:\users\illi\appdata\local\{E11916EC-583C-4025-A39B-36C25AEADA86}
2012-06-28 12:32:26 -------- d-----w- c:\users\illi\appdata\local\{1911F879-CED3-469A-8436-AB924C264D25}
2012-06-28 12:32:16 -------- d-----w- c:\users\illi\appdata\local\{42C5C815-14F8-489B-96C8-288C8E57B22F}
2012-06-27 13:58:36 -------- d-----w- c:\users\illi\appdata\local\{88495153-BD0C-4227-889C-18CCF63F1A26}
2012-06-27 13:58:23 -------- d-----w- c:\users\illi\appdata\local\{0E659842-9E49-4C84-BA02-647683D5B8CB}
.
==================== Find3M ====================
.
2012-07-19 22:23:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-19 22:23:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 12:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 04:41:44 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 21:29:53,86 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:33 AM

Posted 28 July 2012 - 12:36 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Kornley

Kornley
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 30 July 2012 - 06:59 AM

Okey, so I succesfully did a scan with Security Check and Combofix. Combofix scan took over 30 minutes and I had to restart my computer once. Also there was a problem with not being able to open some file when I launched Combofix but I restarted it and that didn't happen again. Avast! hasn't yet complained about malwares and troijans, earlier it was every 5-10 minutes. So, I think at least something has happened.

Here are the logs:

---------- Security Check log ----------



Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 11.3.300.268
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 8.0 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````







---------- Combofix log ----------


ComboFix 12-07-30.01 - illi 30.07.2012 12:37:52.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1033.18.2047.998 [GMT 3:00]
Sijainti: c:\users\illi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\14770BF9DC.sys
c:\users\illi\Desktop\Internet Explorer.lnk
c:\windows\Installer\{987621b2-7732-bea6-420a-de5b964c92a5}\@
c:\windows\Installer\{987621b2-7732-bea6-420a-de5b964c92a5}\L\00000004.@
c:\windows\Installer\{987621b2-7732-bea6-420a-de5b964c92a5}\U\000000cb.@
c:\windows\system32\SET7A3.tmp
c:\windows\system32\SET7F94.tmp
c:\windows\system32\SETB12.tmp
c:\windows\system32\SETBBF.tmp
c:\windows\system32\SETCEB.tmp
c:\windows\system32\SETD5A.tmp
c:\windows\system32\SETE55.tmp
c:\windows\system32\SETEEAA.tmp
c:\windows\system32\SETEFF4.tmp
c:\windows\system32\SETF26A.tmp
c:\windows\system32\SETF5DB.tmp
c:\windows\system32\SETF6E6.tmp
c:\windows\system32\system
c:\windows\WinRAR
c:\windows\WinRAR\uninstall.exe
.
c:\windows\system32\Services.exe . . . on saastunut!!
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-06-28 to 2012-07-30 )))))))))))))))))
.
.
2012-07-30 11:04 . 2012-07-30 11:04 -------- d-----w- c:\users\oiva\AppData\Local\temp
2012-07-30 11:03 . 2012-07-30 11:03 -------- d-----w- c:\users\hvk\AppData\Local\temp
2012-07-30 11:03 . 2012-07-30 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-30 11:03 . 2012-07-30 11:03 -------- d-----w- c:\users\outi\AppData\Local\temp
2012-07-28 06:41 . 2012-07-28 07:10 -------- d-----w- c:\users\TEMP
2012-07-26 17:57 . 2012-07-26 17:57 -------- d-----w- c:\program files\Cobian Backup 11
2012-07-25 09:43 . 2012-07-25 09:43 -------- d-----w- c:\program files\ESET
2012-07-24 12:53 . 2012-07-24 12:53 -------- d-----w- c:\users\illi\AppData\Roaming\Malwarebytes
2012-07-24 12:53 . 2012-07-24 12:53 -------- d-----w- c:\programdata\Malwarebytes
2012-07-24 12:53 . 2012-07-24 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-24 12:53 . 2012-07-03 10:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-24 11:52 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-24 11:52 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-24 11:52 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-24 11:52 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-24 11:52 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-24 11:52 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-24 11:51 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-24 11:51 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-24 11:50 . 2012-07-24 11:50 -------- d-----w- c:\programdata\AVAST Software
2012-07-24 11:50 . 2012-07-24 11:50 -------- d-----w- c:\program files\AVAST Software
2012-07-19 10:08 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{378B9A4F-8F26-4B92-B610-90EF2611DF62}\mpengine.dll
2012-07-18 10:00 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 22:02 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 14:06 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 14:06 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 14:06 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 14:06 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 14:06 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 14:06 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 14:06 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 14:02 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 14:02 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 14:02 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 14:02 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 14:02 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 14:02 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 14:02 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 14:02 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-03 19:55 . 2012-02-10 10:30 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA24F521-080C-4A71-9641-A672FB92E497}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 22:35 . 2012-04-19 12:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-26 22:35 . 2011-05-17 12:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 20:03 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 20:03 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 20:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 20:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 20:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 20:03 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 20:02 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:19 . 2012-06-21 20:02 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 12:12 . 2012-06-21 20:02 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-24 20:11 . 2011-03-28 15:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-05 07:17 . 2011-11-11 19:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\illi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\illi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\illi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Spotify Web Helper"="c:\users\illi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-30 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 MpKsl7ebced6c;MpKsl7ebced6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBD50D93-D2F4-4BD9-8D42-3AAD64639E2A}\MpKsl7ebced6c.sys [x]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
R3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [x]
R3 fsbl;F-Secure BlackLight Engine Driver;c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\fsbldrv.sys [x]
R3 gupdatem;Google Päivitä-palvelu (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Muut muistissa olevat ajurit/palvelut ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 22:35]
.
2012-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3959451765-40698998-2904350576-1005Core.job
- c:\users\oiva\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-05 11:32]
.
2012-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3959451765-40698998-2904350576-1005UA.job
- c:\users\oiva\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-05 11:32]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-05 14:49]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-05 14:49]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.10
DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} - hxxp://www.sony.fi/bravia/RegistrationAgent.cab
FF - ProfilePath - c:\users\illi\AppData\Roaming\Mozilla\Firefox\Profiles\bb6zq60n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
URLSearchHooks-{d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - (no file)
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKCU-Run-AdobeBridge - (no file)
SafeBoot-MsMpSvc
AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe
.
.
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Prosesseihin ladatut DLLt ---------------------
.
- - - - - - - > 'Explorer.exe'(1272)
c:\users\illi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Muut prosessit ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Valmistumisajankohta: 2012-07-30 14:20:47 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2012-07-30 11:20
.
Ennen ajoa: 52 443 549 696 bytes free
Ajon jälkeen: 55 526 977 536 bytes free
.
- - End Of File - - 78920F1A0BEF422224C9E0E29BDAE99B

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:33 AM

Posted 30 July 2012 - 11:26 AM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Kornley

Kornley
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 30 July 2012 - 06:27 PM

Hey,

here are the logs:


---------- FRST.txt ----------


Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 31-07-2012 01:57:11
Running from H:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-01] (Adobe Systems Incorporated)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKLM\...\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe [x]
HKU\illi\...\Run: [Spotify Web Helper] "C:\Users\illi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-06-30] ()
HKU\illi\...\Policies\system: [LogonHoursAction] 2
HKU\illi\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\oiva\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\oiva\...\Run: [Facebook Update] "C:\Users\oiva\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-06-05] (Facebook Inc.)
HKU\oiva\...\Policies\system: [LogonHoursAction] 2
HKU\oiva\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\outi\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.10

================================ Services (Whitelisted) ==================

2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-01-31] (Skype Technologies)
2 ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [x]
3 F-Secure BlackLight Sensor; C:\Windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [493312 2010-06-21] (ITETech )
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57656 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software)
3 athrusb; C:\Windows\System32\DRIVERS\athrusb.sys [893440 2007-11-22] (Atheros Communications, Inc.)
3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-07-15] (ATI Technologies, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2011-11-01] (Nokia)
2 Secdrv; \??\C:\Windows\system32\drivers\SECDRV.SYS [163644 2011-08-05] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [50176 2006-03-24] (Protection Technology (StarForce))
0 sptd; C:\Windows\System32\Drivers\sptd.sys [715248 2009-09-10] (Duplex Secure Ltd.)
1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-08-20] ()
3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2010-03-04] (RapidSolution Software AG)
3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2004-02-03] (Texas Instruments Incorporated)
0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [90472 2009-05-21] (PACE Anti-Piracy, Inc.)
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [15872 2009-07-13] (Microsoft Corporation)
3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
3 catchme; \??\C:\Users\illi\AppData\Local\Temp\catchme.sys [x]
3 fsbl; \??\C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\fsbldrv.sys [x]
1 MpKsl7ebced6c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EBD50D93-D2F4-4BD9-8D42-3AAD64639E2A}\MpKsl7ebced6c.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-30 14:47 - 2012-07-30 14:47 - 00000000 ____D C:\Users\illi\Desktop\juu
2012-07-30 14:45 - 2012-07-30 14:45 - 00892822 ____A (Farbar) C:\Users\illi\Downloads\FRST (1).exe
2012-07-30 14:44 - 2012-07-30 14:45 - 00892822 ____A (Farbar) C:\Users\illi\Desktop\FRST.exe
2012-07-30 13:58 - 2012-07-30 13:58 - 00001290 ____A C:\Users\illi\Desktop\kyiffutis.txt
2012-07-30 03:20 - 2012-07-30 03:20 - 00016772 ____A C:\ComboFix.txt
2012-07-30 01:32 - 2012-07-30 03:20 - 00000000 ____D C:\ComboFix
2012-07-30 01:32 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-30 01:32 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-30 01:32 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-30 01:32 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-30 01:32 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-30 01:32 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-30 01:32 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-30 01:32 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-30 01:12 - 2012-07-30 01:12 - 00000000 ____D C:\Users\illi\AppData\Local\{DFB57CC9-1068-4D9E-B558-A331018CFA78}
2012-07-30 01:12 - 2012-07-30 01:12 - 00000000 ____D C:\Users\illi\AppData\Local\{74404D30-A6A9-495D-AC04-EE7CE64C0AFE}
2012-07-29 12:56 - 2012-07-30 03:20 - 00000000 ____D C:\Qoobox
2012-07-29 12:56 - 2012-07-30 03:17 - 00000000 ____D C:\Windows\erdnt
2012-07-29 12:51 - 2012-07-30 01:15 - 04722436 ____R (Swearware) C:\Users\illi\Desktop\ComboFix.exe
2012-07-28 06:19 - 2012-07-28 06:19 - 00001288 ____A C:\Users\illi\Desktop\checkup.txt
2012-07-28 06:11 - 2012-07-28 06:11 - 00000000 ____D C:\Users\illi\Desktop\dings
2012-07-28 06:10 - 2012-07-28 06:10 - 00881494 ____A C:\Users\illi\Desktop\SecurityCheck.exe
2012-07-28 05:38 - 2012-07-28 05:38 - 00000000 ____D C:\Users\illi\AppData\Local\{F5C8567A-5975-4D98-9F3D-E699992C6119}
2012-07-28 05:38 - 2012-07-28 05:38 - 00000000 ____D C:\Users\illi\AppData\Local\{B3F5E0E6-4E4C-4040-B9B0-84A6E46F5F8C}
2012-07-27 13:08 - 2012-07-27 13:08 - 00000000 ____D C:\Users\illi\AppData\Local\{DD621815-AAF4-410A-8295-497B135A4F5E}
2012-07-27 13:08 - 2012-07-27 13:08 - 00000000 ____D C:\Users\illi\AppData\Local\{65BF4B49-5457-4916-B167-B21EAF116CFB}
2012-07-26 21:15 - 2012-07-26 21:15 - 00000000 ____D C:\Users\illi\AppData\Local\{D8991AD0-EE92-4095-AD36-7BCA2F0FE415}
2012-07-26 21:15 - 2012-07-26 21:15 - 00000000 ____D C:\Users\illi\AppData\Local\{400DF4EB-E657-4C44-8C47-9B9C1D55B183}
2012-07-26 10:34 - 2012-07-26 10:34 - 00294216 ____A C:\Users\illi\Downloads\gmer.zip
2012-07-26 10:34 - 2012-07-26 10:34 - 00294216 ____A C:\Users\illi\Downloads\gmer (1).zip
2012-07-26 10:34 - 2011-07-16 11:21 - 00302592 ____A C:\Users\illi\Desktop\gmer.exe
2012-07-26 10:31 - 2012-07-26 10:31 - 00014012 ____A C:\Users\illi\Desktop\Attach.txt
2012-07-26 10:18 - 2012-07-26 10:18 - 00607260 ____R (Swearware) C:\Users\illi\Desktop\dds.scr
2012-07-26 09:57 - 2012-07-26 09:57 - 00000000 ____D C:\Program Files\Cobian Backup 11
2012-07-26 04:26 - 2012-07-26 04:26 - 00000000 ____D C:\Users\illi\AppData\Local\{914222DA-A9B5-4D19-A457-0526B7E975AE}
2012-07-26 04:26 - 2012-07-26 04:26 - 00000000 ____D C:\Users\illi\AppData\Local\{1B793030-AFDA-422B-A69C-45E391E93118}
2012-07-25 14:50 - 2012-07-25 21:10 - 00000512 ____A C:\Users\illi\Desktop\MBR.dat
2012-07-25 14:31 - 2012-07-26 09:47 - 00000000 ____D C:\Users\illi\Desktop\däsktöp
2012-07-25 03:45 - 2012-07-25 03:45 - 00000000 ____D C:\Users\illi\AppData\Local\{76C36F2D-939E-49B4-BD0F-00B7665DD56F}
2012-07-25 03:45 - 2012-07-25 03:45 - 00000000 ____D C:\Users\illi\AppData\Local\{358C7192-77B8-407D-9A34-250B29D77CB7}
2012-07-25 01:43 - 2012-07-25 01:43 - 00000000 ____D C:\Program Files\ESET
2012-07-24 15:44 - 2012-07-24 15:44 - 00000000 ____D C:\Users\illi\AppData\Local\{FC59B6D1-EA25-4F81-ABE8-639D46556A05}
2012-07-24 15:44 - 2012-07-24 15:44 - 00000000 ____D C:\Users\illi\AppData\Local\{F503DF0F-7C86-4471-9D7B-DD1ABD2F6453}
2012-07-24 14:58 - 2012-07-24 14:58 - 00003030 ____A C:\Users\illi\Desktop\eset lista.txt
2012-07-24 08:59 - 2012-07-24 08:59 - 00001027 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-24 08:48 - 2012-07-24 08:48 - 00093184 ____A C:\Users\illi\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-24 06:47 - 2012-07-24 08:02 - 00000000 ____D C:\Users\illi\Desktop\tärge
2012-07-24 05:30 - 2012-07-24 05:30 - 00000036 ____A C:\Users\illi\AppData\Local\housecall.guid.cache
2012-07-24 04:53 - 2012-07-24 08:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-24 04:53 - 2012-07-24 04:53 - 00000000 ____D C:\Users\illi\AppData\Roaming\Malwarebytes
2012-07-24 04:53 - 2012-07-24 04:53 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-24 04:53 - 2012-07-03 02:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-24 03:52 - 2012-07-24 03:52 - 00002035 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-07-24 03:52 - 2012-07-03 08:21 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-24 03:52 - 2012-07-03 08:21 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-24 03:52 - 2012-07-03 08:21 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-24 03:52 - 2012-07-03 08:21 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-24 03:52 - 2012-07-03 08:21 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-24 03:52 - 2012-07-03 08:21 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-24 03:51 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-24 03:51 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-24 03:50 - 2012-07-24 03:50 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-07-24 03:50 - 2012-07-24 03:50 - 00000000 ____D C:\Program Files\AVAST Software
2012-07-24 03:43 - 2012-07-24 03:43 - 00000000 ____D C:\Users\illi\AppData\Local\{75FED2A1-20D0-4991-AD1E-DFA47CB0A809}
2012-07-24 03:43 - 2012-07-24 03:43 - 00000000 ____D C:\Users\illi\AppData\Local\{65648B83-C4D2-41A6-8A90-89F0C03DCFDE}
2012-07-23 11:47 - 2012-07-23 11:47 - 00000000 ____D C:\Users\illi\AppData\Local\{972C75B4-AD78-4801-8A3C-E4712AF31B84}
2012-07-23 11:47 - 2012-07-23 11:47 - 00000000 ____D C:\Users\illi\AppData\Local\{1055F1C3-549A-4E09-BED2-54FD801766B1}
2012-07-21 14:09 - 2012-07-21 14:09 - 00000000 ____D C:\Users\illi\AppData\Local\{A3FD1BAE-49BD-43E6-AA9E-26A9392E0BE4}
2012-07-21 14:09 - 2012-07-21 14:09 - 00000000 ____D C:\Users\illi\AppData\Local\{313047F4-52CE-4C10-A66A-E9239D5ED236}
2012-07-21 01:27 - 2012-07-21 01:27 - 00000000 ____D C:\Users\illi\AppData\Local\{F1388CA4-9236-4E83-8209-543E109154F9}
2012-07-21 01:27 - 2012-07-21 01:27 - 00000000 ____D C:\Users\illi\AppData\Local\{1AE79077-A51F-4DCB-A591-AF0782A0E1B8}
2012-07-20 03:25 - 2012-07-20 03:26 - 00000000 ____D C:\Users\illi\AppData\Local\{41FE9F04-9D1C-4E1A-84BF-9A8F5DE69EB7}
2012-07-20 03:25 - 2012-07-20 03:25 - 00000000 ____D C:\Users\illi\AppData\Local\{79F50BBF-4319-4AEF-9091-3E91364AB173}
2012-07-19 14:00 - 2012-07-19 14:00 - 00000000 ____D C:\Users\illi\AppData\Local\{A2CF45C1-EDA1-44F5-B1E7-CC962FBEBD43}
2012-07-19 14:00 - 2012-07-19 14:00 - 00000000 ____D C:\Users\illi\AppData\Local\{8078B15D-7092-468A-91B0-DE7341161B96}
2012-07-19 01:59 - 2012-07-19 01:59 - 00000000 ____D C:\Users\illi\AppData\Local\{F50F579B-7F89-491B-8045-85EC66E684C1}
2012-07-19 01:59 - 2012-07-19 01:59 - 00000000 ____D C:\Users\illi\AppData\Local\{0BA36CCD-2CFD-4937-894B-A2332133B15F}
2012-07-18 01:46 - 2012-07-18 01:46 - 00000000 ____D C:\Users\illi\AppData\Local\{C839DAAC-AAD7-4848-B036-8E3B6CF73AB2}
2012-07-18 01:46 - 2012-07-18 01:46 - 00000000 ____D C:\Users\illi\AppData\Local\{B7B77CE2-62FD-4089-A22C-74E2074E846A}
2012-07-17 01:26 - 2012-07-17 01:27 - 00000000 ____D C:\Users\illi\AppData\Local\{A965C797-3BDE-42C3-BF31-084E9839FDD6}
2012-07-17 01:26 - 2012-07-17 01:26 - 00000000 ____D C:\Users\illi\AppData\Local\{4DB47AE0-F6E9-4CD7-8978-06528F058454}
2012-07-16 12:27 - 2012-07-16 12:27 - 00000000 ____D C:\Users\illi\AppData\Local\{42CD3B46-3BE1-49C1-A12E-2A7313451D5A}
2012-07-16 00:26 - 2012-07-16 12:27 - 00000000 ____D C:\Users\illi\AppData\Local\{885CCC5A-73B9-4397-B1E5-90B02C4D4780}
2012-07-16 00:26 - 2012-07-16 00:26 - 00000000 ____D C:\Users\illi\AppData\Local\{B949D77F-87D9-469C-A8C2-793A761EE055}
2012-07-15 00:10 - 2012-07-15 00:11 - 00000000 ____D C:\Users\illi\AppData\Local\{B2C7AF02-034A-4CD4-B2DB-7A832C80D995}
2012-07-15 00:10 - 2012-07-15 00:10 - 00000000 ____D C:\Users\illi\AppData\Local\{1069FF1E-3739-41B9-AD62-9C617DF6B581}
2012-07-14 02:24 - 2012-07-14 02:25 - 00000000 ____D C:\Users\illi\AppData\Local\{9CCFB369-2B21-48A0-B05A-8DE85F49948B}
2012-07-14 02:24 - 2012-07-14 02:24 - 00000000 ____D C:\Users\illi\AppData\Local\{76CB332C-4E4B-40EF-85DE-18325F14E6AD}
2012-07-13 09:35 - 2012-07-13 09:35 - 00000000 ____D C:\Users\illi\AppData\Local\{7F54A864-FD29-4169-8B11-8BDFBF667C1C}
2012-07-12 21:35 - 2012-07-12 21:35 - 00000000 ____D C:\Users\illi\AppData\Local\{9E99EE16-1AF2-4E0C-B094-BCC51BC40D4C}
2012-07-12 21:34 - 2012-07-13 09:35 - 00000000 ____D C:\Users\illi\AppData\Local\{0D212C36-85DE-41B2-936D-7047AEDF88A3}
2012-07-12 01:55 - 2012-07-12 01:55 - 00000000 ____D C:\Users\illi\AppData\Local\{67E6146D-AED2-4449-A393-568E3E014D71}
2012-07-11 14:11 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 14:11 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 14:11 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 14:11 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 14:11 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 14:11 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 14:11 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 14:11 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 14:11 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 14:11 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 14:11 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 14:11 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 14:11 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 14:11 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 14:02 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 06:06 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 06:02 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 06:02 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 06:02 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 06:02 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 06:02 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 06:02 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 06:02 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 06:02 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 06:00 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 04:19 - 2012-07-11 04:20 - 00000000 ____D C:\Users\illi\AppData\Local\{0A6807B9-8978-4581-8ADE-370AC72B69DB}
2012-07-11 04:19 - 2012-07-11 04:19 - 00000000 ____D C:\Users\illi\AppData\Local\{4687B206-A2FE-44DC-A9C3-1F7FE3729E64}
2012-07-10 04:10 - 2012-07-10 04:10 - 00000000 ____D C:\Users\illi\AppData\Local\{18022A92-5B1C-455C-A13A-C9C28DBB818A}
2012-07-10 04:09 - 2012-07-10 04:10 - 00000000 ____D C:\Users\illi\AppData\Local\{8CD1D169-D78C-4FA2-B48C-53A0A695153E}
2012-07-09 09:52 - 2012-07-09 09:52 - 00000000 ____D C:\Users\illi\AppData\Local\{B6C5E614-8B0D-41E4-A6AB-094F4CE77671}
2012-07-09 09:52 - 2012-07-09 09:52 - 00000000 ____D C:\Users\illi\AppData\Local\{83AC1D44-ABAD-4BC4-9F8C-786F1B86BCC0}
2012-07-08 22:19 - 2012-07-09 03:24 - 00000000 ____D C:\Users\illi\Desktop\musa2ta
2012-07-08 21:51 - 2012-07-08 21:51 - 00000000 ____D C:\Users\illi\AppData\Local\{6FE74017-5983-4A06-AF13-092B5177BF68}
2012-07-08 21:51 - 2012-07-08 21:51 - 00000000 ____D C:\Users\illi\AppData\Local\{3CC439A7-9015-4959-87C8-ECA0DBB07613}
2012-07-08 01:36 - 2012-07-09 09:56 - 00000000 ____D C:\Users\illi\Desktop\Musiikki
2012-07-08 01:12 - 2012-07-08 01:12 - 00000000 ____D C:\Users\illi\AppData\Local\{73D3BA53-2B86-4954-9B88-521DF5BBB6AB}
2012-07-08 01:12 - 2012-07-08 01:12 - 00000000 ____D C:\Users\illi\AppData\Local\{27C9F0C7-9562-45B1-87AB-68D6C60107A9}
2012-07-07 01:56 - 2012-07-07 01:56 - 00000000 ____D C:\Users\illi\AppData\Local\{792D4104-44AF-457D-89F5-CF210822457C}
2012-07-07 01:56 - 2012-07-07 01:56 - 00000000 ____D C:\Users\illi\AppData\Local\{565EE53D-F126-4BDC-874D-F02A0DC74BDB}
2012-07-06 05:40 - 2012-07-06 05:41 - 00000000 ____D C:\Users\illi\AppData\Local\{B89A53FB-9C5D-4AFF-A77F-9BF4DE02AE52}
2012-07-06 05:40 - 2012-07-06 05:40 - 00000000 ____D C:\Users\illi\AppData\Local\{8C066BBC-3088-4BE7-A856-F589CEECBECE}
2012-07-05 04:34 - 2012-07-05 04:34 - 00000000 ____D C:\Users\illi\AppData\Local\{FD93B0B4-C5B4-4934-901B-0D799EAC606A}
2012-07-05 04:34 - 2012-07-05 04:34 - 00000000 ____D C:\Users\illi\AppData\Local\{BA4AD5D9-9987-4995-8539-5BEAD1744239}
2012-07-04 06:25 - 2012-07-04 06:25 - 00000000 ____D C:\Users\illi\AppData\Local\{E7908DF1-B463-4AD6-84DC-26AD2FE83D4B}
2012-07-04 06:24 - 2012-07-04 06:25 - 00000000 ____D C:\Users\illi\AppData\Local\{57BA9BAE-0305-4E01-8B9E-7A14886D51E4}
2012-07-03 04:49 - 2012-07-03 04:49 - 00000000 ____D C:\Users\illi\AppData\Local\{E1AE4CA7-2E8E-4A55-A335-8F7313308C66}
2012-07-03 04:49 - 2012-07-03 04:49 - 00000000 ____D C:\Users\illi\AppData\Local\{BDD2EDB9-5A98-4DE3-B6C7-2D55D2D5A212}
2012-07-02 10:15 - 2012-07-02 10:15 - 00000000 ____D C:\Users\illi\AppData\Local\{9CDB3313-AA76-43BE-8BBA-9976AA744519}
2012-07-02 10:15 - 2012-07-02 10:15 - 00000000 ____D C:\Users\illi\AppData\Local\{66EA3A44-9013-4838-AC53-9F2377125731}
2012-07-01 13:10 - 2012-07-01 13:10 - 00000000 ____D C:\Users\illi\AppData\Local\{0542CCEB-42E6-4A07-935B-8454152C4CBC}
2012-07-01 01:00 - 2012-07-01 13:10 - 00000000 ____D C:\Users\illi\AppData\Local\{67546648-12A2-4FAE-96EC-1EAECADEF4C6}


============ 3 Months Modified Files ========================

2012-07-30 14:51 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-30 14:51 - 2009-07-13 20:39 - 00200296 ____A C:\Windows\setupact.log
2012-07-30 14:49 - 2009-08-11 20:23 - 01303893 ____A C:\Windows\WindowsUpdate.log
2012-07-30 14:46 - 2011-01-19 11:52 - 00693424 ____A C:\Windows\System32\perfh010.dat
2012-07-30 14:46 - 2011-01-19 11:52 - 00404052 ____A C:\Windows\System32\perfh012.dat
2012-07-30 14:46 - 2011-01-19 11:52 - 00382186 ____A C:\Windows\System32\prfh0404.dat
2012-07-30 14:46 - 2011-01-19 11:52 - 00366084 ____A C:\Windows\System32\prfh0804.dat
2012-07-30 14:46 - 2011-01-19 11:52 - 00129600 ____A C:\Windows\System32\perfc010.dat
2012-07-30 14:46 - 2011-01-19 11:52 - 00107132 ____A C:\Windows\System32\perfc012.dat
2012-07-30 14:46 - 2011-01-19 11:52 - 00106704 ____A C:\Windows\System32\prfc0804.dat
2012-07-30 14:46 - 2011-01-19 11:52 - 00101790 ____A C:\Windows\System32\prfc0404.dat
2012-07-30 14:46 - 2011-01-19 07:02 - 00452902 ____A C:\Windows\System32\perfh014.dat
2012-07-30 14:46 - 2011-01-19 07:02 - 00079552 ____A C:\Windows\System32\perfc014.dat
2012-07-30 14:46 - 2009-08-11 11:06 - 06417008 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-30 14:45 - 2012-07-30 14:45 - 00892822 ____A (Farbar) C:\Users\illi\Downloads\FRST (1).exe
2012-07-30 14:45 - 2012-07-30 14:44 - 00892822 ____A (Farbar) C:\Users\illi\Desktop\FRST.exe
2012-07-30 14:32 - 2012-04-19 04:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-30 13:58 - 2012-07-30 13:58 - 00001290 ____A C:\Users\illi\Desktop\kyiffutis.txt
2012-07-30 13:58 - 2009-09-05 06:49 - 00000992 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-30 12:37 - 2012-06-05 03:32 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3959451765-40698998-2904350576-1005UA.job
2012-07-30 06:58 - 2009-09-05 06:49 - 00000988 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-30 03:37 - 2012-06-05 03:32 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3959451765-40698998-2904350576-1005Core.job
2012-07-30 03:20 - 2012-07-30 03:20 - 00016772 ____A C:\ComboFix.txt
2012-07-30 03:17 - 2009-07-13 20:34 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-30 03:17 - 2009-07-13 20:34 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-30 03:09 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-07-30 03:07 - 2009-08-13 23:20 - 00104074 ____A C:\Windows\PFRO.log
2012-07-30 01:15 - 2012-07-29 12:51 - 04722436 ____R (Swearware) C:\Users\illi\Desktop\ComboFix.exe
2012-07-28 06:19 - 2012-07-28 06:19 - 00001288 ____A C:\Users\illi\Desktop\checkup.txt
2012-07-28 06:10 - 2012-07-28 06:10 - 00881494 ____A C:\Users\illi\Desktop\SecurityCheck.exe
2012-07-26 14:35 - 2012-04-19 04:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-26 14:35 - 2011-05-17 04:50 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-26 10:34 - 2012-07-26 10:34 - 00294216 ____A C:\Users\illi\Downloads\gmer.zip
2012-07-26 10:34 - 2012-07-26 10:34 - 00294216 ____A C:\Users\illi\Downloads\gmer (1).zip
2012-07-26 10:31 - 2012-07-26 10:31 - 00014012 ____A C:\Users\illi\Desktop\Attach.txt
2012-07-26 10:18 - 2012-07-26 10:18 - 00607260 ____R (Swearware) C:\Users\illi\Desktop\dds.scr
2012-07-26 09:05 - 2011-01-06 10:37 - 00111188 ____A C:\Windows\DPINST.LOG
2012-07-25 21:10 - 2012-07-25 14:50 - 00000512 ____A C:\Users\illi\Desktop\MBR.dat
2012-07-24 14:58 - 2012-07-24 14:58 - 00003030 ____A C:\Users\illi\Desktop\eset lista.txt
2012-07-24 08:59 - 2012-07-24 08:59 - 00001027 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-24 08:48 - 2012-07-24 08:48 - 00093184 ____A C:\Users\illi\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-24 05:30 - 2012-07-24 05:30 - 00000036 ____A C:\Users\illi\AppData\Local\housecall.guid.cache
2012-07-24 03:52 - 2012-07-24 03:52 - 00002035 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-07-24 03:52 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt
2012-07-12 09:12 - 2011-10-01 04:23 - 00002246 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-12 01:53 - 2009-07-13 20:33 - 03918752 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 14:02 - 2009-09-09 10:10 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 08:21 - 2012-07-24 03:52 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 08:21 - 2012-07-24 03:52 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 08:21 - 2012-07-24 03:52 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 08:21 - 2012-07-24 03:52 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 08:21 - 2012-07-24 03:52 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 08:21 - 2012-07-24 03:52 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 08:21 - 2012-07-24 03:51 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 08:21 - 2012-07-24 03:51 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-03 02:46 - 2012-07-24 04:53 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-25 15:19 - 2012-06-25 15:19 - 00019870 ____H C:\Users\illi\Desktop\~WRL0005.tmp
2012-06-21 13:39 - 2012-06-21 13:39 - 00001797 ____A C:\Users\illi\Desktop\Spotify.lnk
2012-06-11 18:40 - 2012-07-11 14:02 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 20:41 - 2012-07-11 06:00 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:05 - 2012-07-11 06:02 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-11 06:02 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-11 06:06 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 07:13 - 2012-06-05 07:12 - 00001944 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-06-02 14:19 - 2012-06-21 12:03 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 12:03 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 12:03 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 12:02 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 12:02 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 12:03 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 12:02 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 04:19 - 2012-06-21 12:02 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 04:12 - 2012-06-21 12:02 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-11 14:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 14:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 14:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 14:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 14:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 14:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-11 14:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 14:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 14:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 14:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 14:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-11 14:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 14:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 14:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 20:45 - 2012-07-11 06:02 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-11 06:02 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-11 06:02 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-11 06:02 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-11 06:02 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-26 08:27 - 2010-01-22 08:11 - 00093184 ____A C:\Users\oiva\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-24 11:00 - 2012-05-24 11:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2012-05-23 08:31 - 2009-07-13 20:53 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-20 09:44 - 2012-05-20 09:44 - 00900015 ____A C:\Windows\System32\TmpA24981516
2012-05-20 09:35 - 2010-12-03 13:30 - 00000009 ____A C:\Windows\ULEAD32.INI
2012-05-18 01:39 - 2012-05-18 01:39 - 00000788 ____A C:\Windows\daasunin.LOG
2012-05-18 01:39 - 2012-05-18 01:38 - 00206002 ____A C:\Windows\FSUNINST.log
2012-05-18 01:39 - 2012-05-18 01:38 - 00020267 ____A C:\Windows\uninstaller.log
2012-05-18 01:39 - 2012-05-05 03:18 - 25999633 ____A C:\Windows\FSISU.log
2012-05-18 01:39 - 2012-05-05 03:18 - 00304625 ____A C:\Windows\FSDEPH.log
2012-05-18 01:39 - 2012-05-05 03:18 - 00030256 ____A C:\Windows\fsavunin.log
2012-05-18 01:39 - 2012-05-05 03:18 - 00008255 ____A C:\Windows\FSGKIAIN.log
2012-05-18 01:39 - 2012-05-05 03:18 - 00003606 ____A C:\Windows\FSLDIN.LOG
2012-05-18 01:39 - 2012-05-05 03:18 - 00001365 ____A C:\Windows\FSGUIINS.LOG
2012-05-18 01:39 - 2012-05-05 03:18 - 00000675 ____A C:\Windows\fstnbins.LOG
2012-05-18 01:38 - 2012-05-18 01:38 - 00001317 ____A C:\Windows\FSGEMINST.LOG
2012-05-18 01:38 - 2012-05-18 01:38 - 00000070 ____A C:\Windows\fsavunin_2.log
2012-05-18 01:38 - 2012-05-05 03:22 - 00000615 ____A C:\Windows\FSAVES_inst.log
2012-05-18 01:38 - 2012-05-05 03:18 - 00031460 ____A C:\Windows\fwesinst.log
2012-05-18 01:38 - 2012-05-05 03:18 - 00001143 ____A C:\Windows\fsgadget.log
2012-05-13 14:27 - 2010-01-07 10:32 - 00000873 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-13 02:10 - 2010-11-01 05:12 - 00001230 _RASH C:\Users\oiva\ntuser.pol
2012-05-11 09:19 - 2010-10-30 06:07 - 00000632 _RASH C:\Users\illi\ntuser.pol
2012-05-08 03:52 - 2012-05-08 03:52 - 00004550 ____A C:\Users\oiva\Desktop\mw3 360 aimbot.rar.torrent
2012-05-08 03:52 - 2012-05-08 03:52 - 00000991 ____A C:\Users\oiva\Desktop\www.btmon.com-MW3-Aimbot-Xbox-360-USB-rar.torrent
2012-05-05 10:12 - 2012-05-05 10:11 - 00000017 ____A C:\Users\illi\i.txt
2012-05-05 10:10 - 2012-05-05 10:10 - 00002017 ____A C:\Users\illi\t.txt
2012-05-05 03:22 - 2012-05-05 03:22 - 00000804 ____A C:\Windows\fstsutil.log
2012-05-05 03:22 - 2012-05-05 03:22 - 00000645 ____A C:\Windows\fsav_db_setup.log
2012-05-05 03:22 - 2012-05-05 03:18 - 00975971 ____A C:\Windows\FSSFM.log
2012-05-05 03:22 - 2012-05-05 03:18 - 00752070 ____A C:\Windows\FSSETUP.log
2012-05-05 03:22 - 2012-05-05 03:18 - 00134202 ____A C:\Windows\RunSetup.log
2012-05-05 03:22 - 2012-05-05 03:18 - 00127233 ____A C:\Windows\FSPROD.log
2012-05-05 03:22 - 2012-05-05 03:18 - 00021739 ____A C:\Windows\fsmainst.log
2012-05-05 03:22 - 2012-05-05 03:18 - 00010513 ____A C:\Windows\FSAVCSIN.LOG
2012-05-05 03:22 - 2012-05-05 03:18 - 00003606 ____A C:\Windows\FSGemini.LOG
2012-05-05 03:21 - 2012-05-05 03:18 - 00064514 ____A C:\Windows\FSAVINST.LOG
2012-05-05 03:20 - 2012-05-05 03:18 - 00002367 ____A C:\Windows\DAASINST.LOG
2012-05-05 03:19 - 2012-05-05 03:19 - 00019553 ____A C:\Windows\prodsett_copy.ini
2012-05-05 03:18 - 2012-05-05 03:18 - 00019422 ____A C:\Windows\fspplugin.log
2012-05-05 03:16 - 2012-05-05 03:16 - 00000277 ____A C:\Windows\CSCOZARM.LOG
2012-05-05 03:16 - 2012-05-05 03:16 - 00000229 ____A C:\Windows\FSAUASUB.LOG
2012-05-05 03:16 - 2012-05-05 03:15 - 01709772 ____A C:\Windows\fssgpex.LOG
2012-05-05 03:16 - 2012-05-05 03:15 - 00002365 ____A C:\Windows\FSPRODRM.LOG


ZeroAccess:
C:\Windows\Installer\{987621b2-7732-bea6-420a-de5b964c92a5}
C:\Windows\Installer\{987621b2-7732-bea6-420a-de5b964c92a5}\L
C:\Windows\Installer\{987621b2-7732-bea6-420a-de5b964c92a5}\U

ZeroAccess:
C:\Users\illi\AppData\Local\{987621b2-7732-bea6-420a-de5b964c92a5}
C:\Users\illi\AppData\Local\{987621b2-7732-bea6-420a-de5b964c92a5}\@
C:\Users\illi\AppData\Local\{987621b2-7732-bea6-420a-de5b964c92a5}\L
C:\Users\illi\AppData\Local\{987621b2-7732-bea6-420a-de5b964c92a5}\U

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 2047.43 MB
Available physical RAM: 1628.77 MB
Total Pagefile: 2047.43 MB
Available Pagefile: 1637.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.3 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:298.09 GB) (Free:50.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
6 Drive h: (KINGSTON) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 1905 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 298 GB Healthy

==================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1905 MB 0 B

==================================================================================

Disk: 5
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

==========================================================

Last Boot: 2012-07-30 03:38

======================= End Of Log ==========================



---------- Search.txt ----------

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-31 02:00:50
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:33 AM

Posted 30 July 2012 - 10:15 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\WINDOWS\assembly\GAC\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\Installer\{987621b2-7732-bea6-420a-de5b964c92a5}
C:\Users\illi\AppData\Local\{987621b2-7732-bea6-420a-de5b964c92a5}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Kornley

Kornley
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 31 July 2012 - 05:01 PM

Here's the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-01 00:55:48 Run:1
Running from H:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
C:\WINDOWS\assembly\GAC\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Windows\Installer\{987621b2-7732-bea6-420a-de5b964c92a5} moved successfully.
C:\Users\illi\AppData\Local\{987621b2-7732-bea6-420a-de5b964c92a5} moved successfully.

==== End of Fixlog ====

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:33 AM

Posted 01 August 2012 - 06:43 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Kornley

Kornley
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 01 August 2012 - 12:03 PM

There were no problems at all. Combofix updated itself and restart wasn't necessary. Avast! hasn't still said anything about trojans or malwares but I still can't launch Microsoft Security Essentials. "Couldn't start the security Essentials service. The specified service does not exist as an installed service." Error code: 0x80070424. My computer gets pretty slow occasionally but that might not have anything to do with malwares or any other bad stuff. Also, when I log into my user account, the startup takes much longer than before. The screen is black for a while and I can only see the mouse pointer.

Anyway, here's the Combofix log:


ComboFix 12-07-31.03 - illi 01.08.2012 19:31:28.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1033.18.2047.822 [GMT 3:00]
Sijainti: c:\users\illi\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\illi\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-07-01 to 2012-08-01 )))))))))))))))))
.
.
2012-08-01 16:48 . 2012-08-01 16:48 -------- d-----w- c:\users\outi\AppData\Local\temp
2012-08-01 16:48 . 2012-08-01 16:48 -------- d-----w- c:\users\oiva\AppData\Local\temp
2012-08-01 16:48 . 2012-08-01 16:48 -------- d-----w- c:\users\hvk\AppData\Local\temp
2012-08-01 16:48 . 2012-08-01 16:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 09:56 . 2012-07-31 09:57 -------- d-----w- C:\FRST
2012-07-28 06:41 . 2012-07-28 07:10 -------- d-----w- c:\users\TEMP
2012-07-26 17:57 . 2012-07-26 17:57 -------- d-----w- c:\program files\Cobian Backup 11
2012-07-25 09:43 . 2012-07-25 09:43 -------- d-----w- c:\program files\ESET
2012-07-24 12:53 . 2012-07-24 12:53 -------- d-----w- c:\users\illi\AppData\Roaming\Malwarebytes
2012-07-24 12:53 . 2012-07-24 12:53 -------- d-----w- c:\programdata\Malwarebytes
2012-07-24 12:53 . 2012-07-24 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-24 12:53 . 2012-07-03 10:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-24 11:52 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-24 11:52 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-24 11:52 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-24 11:52 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-24 11:52 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-24 11:52 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-24 11:51 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-24 11:51 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-24 11:50 . 2012-07-24 11:50 -------- d-----w- c:\programdata\AVAST Software
2012-07-24 11:50 . 2012-07-24 11:50 -------- d-----w- c:\program files\AVAST Software
2012-07-19 10:08 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{378B9A4F-8F26-4B92-B610-90EF2611DF62}\mpengine.dll
2012-07-18 10:00 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 22:02 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 14:06 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 14:06 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 14:06 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 14:06 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 14:06 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 14:06 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 14:06 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 14:02 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 14:02 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 14:02 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 14:02 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 14:02 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 14:02 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 14:02 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 14:02 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-03 19:55 . 2012-02-10 10:30 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA24F521-080C-4A71-9641-A672FB92E497}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 22:35 . 2012-04-19 12:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-26 22:35 . 2011-05-17 12:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 20:03 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 20:03 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 20:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 20:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 20:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 20:03 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 20:02 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:19 . 2012-06-21 20:02 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 12:12 . 2012-06-21 20:02 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-24 20:11 . 2011-03-28 15:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-05 07:17 . 2011-11-11 19:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\illi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\illi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\illi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Spotify Web Helper"="c:\users\illi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-01 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 MpKsl7ebced6c;MpKsl7ebced6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBD50D93-D2F4-4BD9-8D42-3AAD64639E2A}\MpKsl7ebced6c.sys [x]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
R3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [x]
R3 fsbl;F-Secure BlackLight Engine Driver;c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\fsbldrv.sys [x]
R3 gupdatem;Google Päivitä-palvelu (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 22:35]
.
2012-08-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3959451765-40698998-2904350576-1005Core.job
- c:\users\oiva\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-05 11:32]
.
2012-08-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3959451765-40698998-2904350576-1005UA.job
- c:\users\oiva\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-05 11:32]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-05 14:49]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-05 14:49]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.10
DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} - hxxp://www.sony.fi/bravia/RegistrationAgent.cab
FF - ProfilePath - c:\users\illi\AppData\Roaming\Mozilla\Firefox\Profiles\bb6zq60n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
.
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Prosesseihin ladatut DLLt ---------------------
.
- - - - - - - > 'Explorer.exe'(4148)
c:\users\illi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Valmistumisajankohta: 2012-08-01 19:51:57
ComboFix-quarantined-files.txt 2012-08-01 16:51
ComboFix2.txt 2012-08-01 12:49
ComboFix3.txt 2012-07-30 11:20
.
Ennen ajoa: 54 172 041 216 bytes free
Ajon jälkeen: 54 116 257 792 bytes free
.
- - End Of File - - 17DE85CB7DB2415A578B71DBE9E0D758

Edited by Kornley, 02 August 2012 - 06:23 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:33 AM

Posted 02 August 2012 - 08:40 PM

Greetings

I want you to uninstall MSE and reinstall it and let me know if it comes back online



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Kornley

Kornley
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 03 August 2012 - 07:59 AM

Yeap, MSE works fine now. Though the computer freezed after installing it, had to restart. Startups still take very long time after logging in. Sometimes it loads the desktop and all but doesn't launch anything I click for few minutes. I wonder if it's caused by some other malwares. Anything I can do about it?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:33 AM

Posted 03 August 2012 - 12:25 PM

Greetings Kornley

I see what looks like two antivirus running Avast and MSE, since we have MSE working I want you to uninstall Avast

Then I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Edited by gringo_pr, 03 August 2012 - 12:27 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Kornley

Kornley
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 03 August 2012 - 06:12 PM

Everything went ok and after uninstalling Avast! the startups have been normal!

Logs:

---------- TDSS Killer log ----------


00:00:30.0600 3328 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
00:00:30.0897 3328 ============================================================
00:00:30.0897 3328 Current date / time: 2012/08/04 00:00:30.0897
00:00:30.0897 3328 SystemInfo:
00:00:30.0897 3328
00:00:30.0898 3328 OS Version: 6.1.7601 ServicePack: 1.0
00:00:30.0898 3328 Product type: Workstation
00:00:30.0898 3328 ComputerName: GORDA
00:00:30.0898 3328 UserName: illi
00:00:30.0898 3328 Windows directory: C:\Windows
00:00:30.0898 3328 System windows directory: C:\Windows
00:00:30.0898 3328 Processor architecture: Intel x86
00:00:30.0898 3328 Number of processors: 2
00:00:30.0898 3328 Page size: 0x1000
00:00:30.0898 3328 Boot type: Normal boot
00:00:30.0898 3328 ============================================================
00:00:32.0977 3328 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:00:33.0003 3328 ============================================================
00:00:33.0003 3328 \Device\Harddisk0\DR0:
00:00:33.0004 3328 MBR partitions:
00:00:33.0004 3328 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
00:00:33.0004 3328 ============================================================
00:00:33.0044 3328 C: <-> \Device\Harddisk0\DR0\Partition0
00:00:33.0045 3328 ============================================================
00:00:33.0045 3328 Initialize success
00:00:33.0045 3328 ============================================================
00:00:45.0128 0748 ============================================================
00:00:45.0128 0748 Scan started
00:00:45.0128 0748 Mode: Manual;
00:00:45.0128 0748 ============================================================
00:00:46.0103 0748 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
00:00:46.0115 0748 1394ohci - ok
00:00:46.0309 0748 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
00:00:46.0311 0748 ACDaemon - ok
00:00:46.0365 0748 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
00:00:46.0369 0748 ACPI - ok
00:00:46.0412 0748 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
00:00:46.0413 0748 AcpiPmi - ok
00:00:46.0517 0748 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:00:46.0520 0748 AdobeFlashPlayerUpdateSvc - ok
00:00:46.0592 0748 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
00:00:46.0605 0748 adp94xx - ok
00:00:46.0633 0748 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
00:00:46.0648 0748 adpahci - ok
00:00:46.0663 0748 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
00:00:46.0676 0748 adpu320 - ok
00:00:46.0715 0748 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
00:00:46.0716 0748 AeLookupSvc - ok
00:00:46.0788 0748 AF15BDA (7c1ecdedc0571763a36dd46c3638a87b) C:\Windows\system32\DRIVERS\AF15BDA.sys
00:00:46.0798 0748 AF15BDA - ok
00:00:46.0859 0748 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
00:00:46.0875 0748 AFD - ok
00:00:46.0916 0748 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
00:00:46.0918 0748 agp440 - ok
00:00:46.0947 0748 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
00:00:46.0949 0748 aic78xx - ok
00:00:47.0001 0748 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
00:00:47.0003 0748 ALG - ok
00:00:47.0026 0748 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
00:00:47.0028 0748 aliide - ok
00:00:47.0093 0748 AMD External Events Utility (ebccbcbf1df132e4775e5d6e6dea3ed0) C:\Windows\system32\atiesrxx.exe
00:00:47.0104 0748 AMD External Events Utility - ok
00:00:47.0140 0748 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
00:00:47.0142 0748 amdagp - ok
00:00:47.0178 0748 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
00:00:47.0180 0748 amdide - ok
00:00:47.0207 0748 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
00:00:47.0208 0748 AmdK8 - ok
00:00:47.0648 0748 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
00:00:47.0792 0748 amdkmdag - ok
00:00:48.0003 0748 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
00:00:48.0011 0748 amdkmdap - ok
00:00:48.0041 0748 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
00:00:48.0043 0748 AmdPPM - ok
00:00:48.0082 0748 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
00:00:48.0084 0748 amdsata - ok
00:00:48.0112 0748 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
00:00:48.0115 0748 amdsbs - ok
00:00:48.0132 0748 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
00:00:48.0134 0748 amdxata - ok
00:00:48.0179 0748 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
00:00:48.0181 0748 AppID - ok
00:00:48.0244 0748 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
00:00:48.0246 0748 AppIDSvc - ok
00:00:48.0314 0748 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
00:00:48.0315 0748 Appinfo - ok
00:00:48.0436 0748 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:00:48.0439 0748 Apple Mobile Device - ok
00:00:48.0484 0748 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
00:00:48.0496 0748 AppMgmt - ok
00:00:48.0545 0748 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
00:00:48.0547 0748 arc - ok
00:00:48.0568 0748 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
00:00:48.0570 0748 arcsas - ok
00:00:48.0602 0748 ASKUpgrade - ok
00:00:48.0623 0748 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:00:48.0624 0748 AsyncMac - ok
00:00:48.0662 0748 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
00:00:48.0663 0748 atapi - ok
00:00:48.0746 0748 athrusb (569059302103fbf6774a2ea9c3454910) C:\Windows\system32\DRIVERS\athrusb.sys
00:00:48.0767 0748 athrusb - ok
00:00:48.0831 0748 AtiHDAudioService (7b4342936a3885cfe18e5d1df6d55bc5) C:\Windows\system32\drivers\AtihdW73.sys
00:00:48.0901 0748 AtiHDAudioService - ok
00:00:49.0325 0748 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
00:00:49.0378 0748 atikmdag - ok
00:00:49.0553 0748 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
00:00:49.0564 0748 AudioEndpointBuilder - ok
00:00:49.0573 0748 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
00:00:49.0577 0748 Audiosrv - ok
00:00:49.0621 0748 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
00:00:49.0623 0748 AxInstSV - ok
00:00:49.0721 0748 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
00:00:49.0734 0748 b06bdrv - ok
00:00:49.0792 0748 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:00:49.0801 0748 b57nd60x - ok
00:00:49.0855 0748 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
00:00:49.0857 0748 BDESVC - ok
00:00:49.0865 0748 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:00:49.0866 0748 Beep - ok
00:00:49.0951 0748 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
00:00:49.0961 0748 BFE - ok
00:00:49.0984 0748 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
00:00:49.0987 0748 blbdrive - ok
00:00:50.0090 0748 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
00:00:50.0105 0748 Bonjour Service - ok
00:00:50.0145 0748 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
00:00:50.0147 0748 bowser - ok
00:00:50.0159 0748 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:00:50.0161 0748 BrFiltLo - ok
00:00:50.0178 0748 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:00:50.0179 0748 BrFiltUp - ok
00:00:50.0221 0748 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
00:00:50.0223 0748 BridgeMP - ok
00:00:50.0257 0748 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
00:00:50.0259 0748 Browser - ok
00:00:50.0289 0748 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:00:50.0297 0748 Brserid - ok
00:00:50.0313 0748 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:00:50.0315 0748 BrSerWdm - ok
00:00:50.0328 0748 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:00:50.0329 0748 BrUsbMdm - ok
00:00:50.0339 0748 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:00:50.0341 0748 BrUsbSer - ok
00:00:50.0356 0748 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
00:00:50.0358 0748 BTHMODEM - ok
00:00:50.0400 0748 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
00:00:50.0403 0748 bthserv - ok
00:00:50.0545 0748 catchme - ok
00:00:50.0592 0748 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:00:50.0594 0748 cdfs - ok
00:00:50.0648 0748 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
00:00:50.0651 0748 cdrom - ok
00:00:50.0697 0748 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
00:00:50.0700 0748 CertPropSvc - ok
00:00:50.0714 0748 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
00:00:50.0716 0748 circlass - ok
00:00:50.0741 0748 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:00:50.0749 0748 CLFS - ok
00:00:50.0837 0748 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:00:50.0911 0748 clr_optimization_v2.0.50727_32 - ok
00:00:51.0062 0748 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:00:51.0065 0748 clr_optimization_v4.0.30319_32 - ok
00:00:51.0101 0748 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
00:00:51.0103 0748 CmBatt - ok
00:00:51.0139 0748 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
00:00:51.0141 0748 cmdide - ok
00:00:51.0188 0748 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
00:00:51.0202 0748 CNG - ok
00:00:51.0212 0748 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
00:00:51.0214 0748 Compbatt - ok
00:00:51.0249 0748 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
00:00:51.0251 0748 CompositeBus - ok
00:00:51.0266 0748 COMSysApp - ok
00:00:51.0283 0748 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
00:00:51.0285 0748 crcdisk - ok
00:00:51.0338 0748 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
00:00:51.0342 0748 CryptSvc - ok
00:00:51.0398 0748 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
00:00:51.0412 0748 CSC - ok
00:00:51.0470 0748 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
00:00:51.0488 0748 CscService - ok
00:00:51.0515 0748 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
00:00:51.0523 0748 DcomLaunch - ok
00:00:51.0573 0748 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
00:00:51.0583 0748 defragsvc - ok
00:00:51.0664 0748 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
00:00:51.0666 0748 DfsC - ok
00:00:51.0724 0748 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
00:00:51.0732 0748 Dhcp - ok
00:00:51.0775 0748 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:00:51.0777 0748 discache - ok
00:00:51.0803 0748 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
00:00:51.0805 0748 Disk - ok
00:00:51.0847 0748 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
00:00:51.0860 0748 Dnscache - ok
00:00:51.0902 0748 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
00:00:51.0912 0748 dot3svc - ok
00:00:51.0952 0748 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
00:00:51.0964 0748 DPS - ok
00:00:52.0008 0748 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:00:52.0010 0748 drmkaud - ok
00:00:52.0085 0748 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
00:00:52.0104 0748 DXGKrnl - ok
00:00:52.0155 0748 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
00:00:52.0158 0748 EapHost - ok
00:00:52.0355 0748 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
00:00:52.0413 0748 ebdrv - ok
00:00:52.0555 0748 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
00:00:52.0558 0748 EFS - ok
00:00:52.0643 0748 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
00:00:52.0706 0748 ehRecvr - ok
00:00:52.0745 0748 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
00:00:52.0780 0748 ehSched - ok
00:00:52.0882 0748 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
00:00:52.0894 0748 elxstor - ok
00:00:52.0927 0748 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
00:00:52.0929 0748 ErrDev - ok
00:00:52.0988 0748 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
00:00:53.0013 0748 EventSystem - ok
00:00:53.0038 0748 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:00:53.0051 0748 exfat - ok
00:00:53.0097 0748 F-Secure BlackLight Sensor - ok
00:00:53.0122 0748 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:00:53.0134 0748 fastfat - ok
00:00:53.0205 0748 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
00:00:53.0223 0748 Fax - ok
00:00:53.0240 0748 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
00:00:53.0242 0748 fdc - ok
00:00:53.0259 0748 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
00:00:53.0260 0748 fdPHost - ok
00:00:53.0273 0748 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
00:00:53.0276 0748 FDResPub - ok
00:00:53.0286 0748 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:00:53.0288 0748 FileInfo - ok
00:00:53.0304 0748 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:00:53.0305 0748 Filetrace - ok
00:00:53.0416 0748 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:00:53.0429 0748 FLEXnet Licensing Service - ok
00:00:53.0445 0748 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
00:00:53.0446 0748 flpydisk - ok
00:00:53.0484 0748 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:00:53.0493 0748 FltMgr - ok
00:00:53.0571 0748 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
00:00:53.0588 0748 FontCache - ok
00:00:53.0709 0748 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:00:53.0755 0748 FontCache3.0.0.0 - ok
00:00:53.0806 0748 fsbl - ok
00:00:53.0848 0748 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:00:53.0850 0748 FsDepends - ok
00:00:53.0903 0748 fssfltr (b0082808a6856a252f7cdd939892ce50) C:\Windows\system32\DRIVERS\fssfltr.sys
00:00:53.0905 0748 fssfltr - ok
00:00:54.0079 0748 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
00:00:54.0110 0748 fsssvc - ok
00:00:54.0285 0748 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
00:00:54.0286 0748 Fs_Rec - ok
00:00:54.0337 0748 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
00:00:54.0347 0748 fvevol - ok
00:00:54.0398 0748 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:00:54.0400 0748 gagp30kx - ok
00:00:54.0444 0748 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:00:54.0445 0748 GEARAspiWDM - ok
00:00:54.0503 0748 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
00:00:54.0519 0748 gpsvc - ok
00:00:54.0649 0748 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
00:00:54.0652 0748 gupdate - ok
00:00:54.0672 0748 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
00:00:54.0674 0748 gupdatem - ok
00:00:54.0718 0748 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:00:54.0722 0748 gusvc - ok
00:00:54.0759 0748 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:00:54.0761 0748 hcw85cir - ok
00:00:54.0829 0748 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
00:00:54.0835 0748 HdAudAddService - ok
00:00:54.0884 0748 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
00:00:54.0886 0748 HDAudBus - ok
00:00:54.0904 0748 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
00:00:54.0905 0748 HidBatt - ok
00:00:54.0924 0748 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
00:00:54.0927 0748 HidBth - ok
00:00:54.0951 0748 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
00:00:54.0953 0748 HidIr - ok
00:00:54.0999 0748 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
00:00:55.0002 0748 hidserv - ok
00:00:55.0050 0748 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
00:00:55.0051 0748 HidUsb - ok
00:00:55.0084 0748 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
00:00:55.0088 0748 hkmsvc - ok
00:00:55.0127 0748 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
00:00:55.0138 0748 HomeGroupListener - ok
00:00:55.0193 0748 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
00:00:55.0204 0748 HomeGroupProvider - ok
00:00:55.0246 0748 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
00:00:55.0248 0748 HpSAMD - ok
00:00:55.0318 0748 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
00:00:55.0361 0748 HTTP - ok
00:00:55.0411 0748 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
00:00:55.0413 0748 hwpolicy - ok
00:00:55.0470 0748 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
00:00:55.0472 0748 i8042prt - ok
00:00:55.0523 0748 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
00:00:55.0538 0748 iaStorV - ok
00:00:55.0700 0748 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:00:55.0866 0748 idsvc - ok
00:00:56.0002 0748 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
00:00:56.0004 0748 iirsp - ok
00:00:56.0083 0748 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
00:00:56.0098 0748 IKEEXT - ok
00:00:56.0133 0748 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
00:00:56.0135 0748 intelide - ok
00:00:56.0166 0748 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
00:00:56.0168 0748 intelppm - ok
00:00:56.0210 0748 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
00:00:56.0214 0748 IPBusEnum - ok
00:00:56.0227 0748 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:00:56.0230 0748 IpFilterDriver - ok
00:00:56.0302 0748 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
00:00:56.0313 0748 iphlpsvc - ok
00:00:56.0351 0748 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
00:00:56.0353 0748 IPMIDRV - ok
00:00:56.0375 0748 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:00:56.0378 0748 IPNAT - ok
00:00:56.0405 0748 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:00:56.0406 0748 IRENUM - ok
00:00:56.0439 0748 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
00:00:56.0441 0748 isapnp - ok
00:00:56.0484 0748 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
00:00:56.0526 0748 iScsiPrt - ok
00:00:56.0548 0748 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
00:00:56.0550 0748 kbdclass - ok
00:00:56.0596 0748 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
00:00:56.0598 0748 kbdhid - ok
00:00:56.0638 0748 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:00:56.0640 0748 KeyIso - ok
00:00:56.0671 0748 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
00:00:56.0673 0748 KSecDD - ok
00:00:56.0712 0748 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
00:00:56.0715 0748 KSecPkg - ok
00:00:56.0766 0748 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
00:00:56.0781 0748 KtmRm - ok
00:00:56.0833 0748 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
00:00:56.0845 0748 LanmanServer - ok
00:00:56.0878 0748 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
00:00:56.0892 0748 LanmanWorkstation - ok
00:00:56.0942 0748 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:00:56.0944 0748 lltdio - ok
00:00:56.0989 0748 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
00:00:57.0000 0748 lltdsvc - ok
00:00:57.0025 0748 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
00:00:57.0028 0748 lmhosts - ok
00:00:57.0065 0748 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:00:57.0068 0748 LSI_FC - ok
00:00:57.0088 0748 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:00:57.0091 0748 LSI_SAS - ok
00:00:57.0107 0748 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:00:57.0109 0748 LSI_SAS2 - ok
00:00:57.0130 0748 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:00:57.0133 0748 LSI_SCSI - ok
00:00:57.0157 0748 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:00:57.0160 0748 luafv - ok
00:00:57.0203 0748 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
00:00:57.0206 0748 mcdbus - ok
00:00:57.0242 0748 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
00:00:57.0245 0748 Mcx2Svc - ok
00:00:57.0255 0748 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
00:00:57.0257 0748 megasas - ok
00:00:57.0281 0748 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
00:00:57.0290 0748 MegaSR - ok
00:00:57.0324 0748 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:00:57.0327 0748 MMCSS - ok
00:00:57.0338 0748 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:00:57.0340 0748 Modem - ok
00:00:57.0362 0748 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:00:57.0363 0748 monitor - ok
00:00:57.0406 0748 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
00:00:57.0408 0748 mouclass - ok
00:00:57.0423 0748 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
00:00:57.0425 0748 mouhid - ok
00:00:57.0466 0748 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
00:00:57.0468 0748 mountmgr - ok
00:00:57.0522 0748 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
00:00:57.0533 0748 MpFilter - ok
00:00:57.0572 0748 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
00:00:57.0576 0748 mpio - ok
00:00:57.0806 0748 MpKsl6993e1d6 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF14527A-EF7D-4003-960D-387E82C79661}\MpKsl6993e1d6.sys
00:00:57.0806 0748 MpKsl6993e1d6 - ok
00:00:57.0999 0748 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:00:58.0001 0748 mpsdrv - ok
00:00:58.0071 0748 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
00:00:58.0087 0748 MpsSvc - ok
00:00:58.0126 0748 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
00:00:58.0128 0748 MRxDAV - ok
00:00:58.0188 0748 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:00:58.0191 0748 mrxsmb - ok
00:00:58.0218 0748 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:00:58.0228 0748 mrxsmb10 - ok
00:00:58.0241 0748 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:00:58.0244 0748 mrxsmb20 - ok
00:00:58.0289 0748 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
00:00:58.0291 0748 msahci - ok
00:00:58.0333 0748 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
00:00:58.0336 0748 msdsm - ok
00:00:58.0378 0748 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
00:00:58.0391 0748 MSDTC - ok
00:00:58.0434 0748 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:00:58.0436 0748 Msfs - ok
00:00:58.0450 0748 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:00:58.0452 0748 mshidkmdf - ok
00:00:58.0486 0748 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
00:00:58.0488 0748 msisadrv - ok
00:00:58.0543 0748 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
00:00:58.0556 0748 MSiSCSI - ok
00:00:58.0561 0748 msiserver - ok
00:00:58.0586 0748 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:00:58.0587 0748 MSKSSRV - ok
00:00:58.0697 0748 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:00:58.0698 0748 MsMpSvc - ok
00:00:58.0712 0748 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:00:58.0714 0748 MSPCLOCK - ok
00:00:58.0720 0748 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:00:58.0721 0748 MSPQM - ok
00:00:58.0740 0748 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:00:58.0752 0748 MsRPC - ok
00:00:58.0790 0748 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
00:00:58.0791 0748 mssmbios - ok
00:00:58.0801 0748 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:00:58.0803 0748 MSTEE - ok
00:00:58.0818 0748 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
00:00:58.0819 0748 MTConfig - ok
00:00:58.0833 0748 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:00:58.0835 0748 Mup - ok
00:00:58.0883 0748 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
00:00:58.0899 0748 napagent - ok
00:00:58.0932 0748 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:00:58.0942 0748 NativeWifiP - ok
00:00:59.0003 0748 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
00:00:59.0013 0748 NDIS - ok
00:00:59.0041 0748 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:00:59.0043 0748 NdisCap - ok
00:00:59.0064 0748 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:00:59.0066 0748 NdisTapi - ok
00:00:59.0114 0748 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
00:00:59.0116 0748 Ndisuio - ok
00:00:59.0157 0748 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
00:00:59.0160 0748 NdisWan - ok
00:00:59.0217 0748 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
00:00:59.0219 0748 NDProxy - ok
00:00:59.0233 0748 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:00:59.0234 0748 NetBIOS - ok
00:00:59.0278 0748 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
00:00:59.0289 0748 NetBT - ok
00:00:59.0327 0748 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:00:59.0329 0748 Netlogon - ok
00:00:59.0391 0748 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
00:00:59.0399 0748 Netman - ok
00:00:59.0423 0748 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
00:00:59.0438 0748 netprofm - ok
00:00:59.0555 0748 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:00:59.0587 0748 NetTcpPortSharing - ok
00:00:59.0653 0748 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
00:00:59.0655 0748 nfrd960 - ok
00:00:59.0699 0748 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:00:59.0701 0748 NisDrv - ok
00:00:59.0792 0748 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
00:00:59.0803 0748 NisSrv - ok
00:00:59.0854 0748 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
00:00:59.0863 0748 NlaSvc - ok
00:00:59.0894 0748 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys
00:00:59.0895 0748 nmwcd - ok
00:00:59.0924 0748 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys
00:00:59.0926 0748 nmwcdc - ok
00:00:59.0977 0748 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\Windows\system32\drivers\nmwcdnsu.sys
00:00:59.0981 0748 nmwcdnsu - ok
00:00:59.0998 0748 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:01:00.0000 0748 Npfs - ok
00:01:00.0037 0748 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
00:01:00.0040 0748 nsi - ok
00:01:00.0084 0748 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:01:00.0085 0748 nsiproxy - ok
00:01:00.0195 0748 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
00:01:00.0225 0748 Ntfs - ok
00:01:00.0374 0748 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:01:00.0375 0748 Null - ok
00:01:00.0417 0748 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
00:01:00.0420 0748 nvraid - ok
00:01:00.0463 0748 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
00:01:00.0474 0748 nvstor - ok
00:01:00.0492 0748 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
00:01:00.0495 0748 nv_agp - ok
00:01:00.0616 0748 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:01:00.0644 0748 odserv - ok
00:01:00.0679 0748 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
00:01:00.0682 0748 ohci1394 - ok
00:01:00.0741 0748 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:01:00.0754 0748 ose - ok
00:01:00.0802 0748 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:01:00.0811 0748 p2pimsvc - ok
00:01:00.0865 0748 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
00:01:00.0881 0748 p2psvc - ok
00:01:00.0958 0748 PanService (01907300eb52206b06facb9608f369a9) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
00:01:02.0090 0748 PanService - ok
00:01:02.0169 0748 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
00:01:02.0172 0748 Parport - ok
00:01:02.0212 0748 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
00:01:02.0214 0748 partmgr - ok
00:01:02.0228 0748 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
00:01:02.0230 0748 Parvdm - ok
00:01:02.0278 0748 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
00:01:02.0290 0748 PcaSvc - ok
00:01:02.0351 0748 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
00:01:02.0353 0748 pccsmcfd - ok
00:01:02.0396 0748 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
00:01:02.0408 0748 pci - ok
00:01:02.0445 0748 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
00:01:02.0446 0748 pciide - ok
00:01:02.0468 0748 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
00:01:02.0479 0748 pcmcia - ok
00:01:02.0499 0748 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:01:02.0501 0748 pcw - ok
00:01:02.0545 0748 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:01:02.0555 0748 PEAUTH - ok
00:01:02.0651 0748 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
00:01:02.0674 0748 PeerDistSvc - ok
00:01:02.0798 0748 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
00:01:02.0829 0748 pla - ok
00:01:02.0986 0748 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
00:01:03.0010 0748 PlugPlay - ok
00:01:03.0089 0748 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
00:01:03.0093 0748 PNRPAutoReg - ok
00:01:03.0118 0748 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:01:03.0122 0748 PNRPsvc - ok
00:01:03.0202 0748 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
00:01:03.0205 0748 Point32 - ok
00:01:03.0242 0748 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
00:01:03.0248 0748 PolicyAgent - ok
00:01:03.0283 0748 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
00:01:03.0296 0748 Power - ok
00:01:03.0339 0748 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:01:03.0342 0748 PptpMiniport - ok
00:01:03.0377 0748 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
00:01:03.0379 0748 Processor - ok
00:01:03.0437 0748 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
00:01:03.0448 0748 ProfSvc - ok
00:01:03.0492 0748 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:01:03.0495 0748 ProtectedStorage - ok
00:01:03.0538 0748 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:01:03.0541 0748 Psched - ok
00:01:03.0632 0748 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
00:01:03.0659 0748 ql2300 - ok
00:01:03.0839 0748 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
00:01:03.0842 0748 ql40xx - ok
00:01:03.0890 0748 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
00:01:03.0900 0748 QWAVE - ok
00:01:03.0914 0748 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:01:03.0916 0748 QWAVEdrv - ok
00:01:04.0002 0748 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
00:01:04.0013 0748 RapiMgr - ok
00:01:04.0030 0748 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:01:04.0032 0748 RasAcd - ok
00:01:04.0077 0748 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:01:04.0079 0748 RasAgileVpn - ok
00:01:04.0096 0748 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
00:01:04.0101 0748 RasAuto - ok
00:01:04.0113 0748 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:01:04.0115 0748 Rasl2tp - ok
00:01:04.0174 0748 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
00:01:04.0190 0748 RasMan - ok
00:01:04.0207 0748 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:01:04.0210 0748 RasPppoe - ok
00:01:04.0237 0748 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:01:04.0239 0748 RasSstp - ok
00:01:04.0289 0748 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
00:01:04.0297 0748 rdbss - ok
00:01:04.0312 0748 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
00:01:04.0314 0748 rdpbus - ok
00:01:04.0352 0748 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:01:04.0354 0748 RDPCDD - ok
00:01:04.0377 0748 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
00:01:04.0390 0748 RDPDR - ok
00:01:04.0411 0748 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:01:04.0413 0748 RDPENCDD - ok
00:01:04.0424 0748 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:01:04.0426 0748 RDPREFMP - ok
00:01:04.0487 0748 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
00:01:04.0515 0748 RdpVideoMiniport - ok
00:01:04.0603 0748 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
00:01:04.0615 0748 RDPWD - ok
00:01:04.0671 0748 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
00:01:04.0684 0748 rdyboost - ok
00:01:04.0722 0748 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
00:01:04.0725 0748 RemoteAccess - ok
00:01:04.0768 0748 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
00:01:04.0781 0748 RemoteRegistry - ok
00:01:04.0807 0748 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
00:01:04.0811 0748 RpcEptMapper - ok
00:01:04.0851 0748 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
00:01:04.0853 0748 RpcLocator - ok
00:01:04.0909 0748 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
00:01:04.0915 0748 RpcSs - ok
00:01:04.0959 0748 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:01:04.0962 0748 rspndr - ok
00:01:05.0009 0748 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
00:01:05.0034 0748 RTL8167 - ok
00:01:05.0093 0748 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
00:01:05.0094 0748 s3cap - ok
00:01:05.0136 0748 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:01:05.0138 0748 SamSs - ok
00:01:05.0191 0748 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
00:01:05.0194 0748 sbp2port - ok
00:01:05.0234 0748 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
00:01:05.0247 0748 SCardSvr - ok
00:01:05.0282 0748 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
00:01:05.0284 0748 scfilter - ok
00:01:05.0361 0748 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
00:01:05.0379 0748 Schedule - ok
00:01:05.0420 0748 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
00:01:05.0421 0748 SCPolicySvc - ok
00:01:05.0464 0748 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
00:01:05.0477 0748 SDRSVC - ok
00:01:05.0539 0748 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\Windows\system32\drivers\SECDRV.SYS
00:01:05.0551 0748 Secdrv - ok
00:01:05.0584 0748 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
00:01:05.0588 0748 seclogon - ok
00:01:05.0616 0748 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
00:01:05.0620 0748 SENS - ok
00:01:05.0652 0748 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
00:01:05.0656 0748 SensrSvc - ok
00:01:05.0703 0748 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
00:01:05.0704 0748 Serenum - ok
00:01:05.0719 0748 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
00:01:05.0722 0748 Serial - ok
00:01:05.0761 0748 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
00:01:05.0762 0748 sermouse - ok
00:01:05.0915 0748 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
00:01:05.0927 0748 ServiceLayer - ok
00:01:05.0981 0748 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
00:01:05.0994 0748 SessionEnv - ok
00:01:06.0040 0748 sfdrv01 (9e7dee11fd5a4355941a45f13c0ed59a) C:\Windows\system32\drivers\sfdrv01.sys
00:01:06.0042 0748 sfdrv01 - ok
00:01:06.0079 0748 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
00:01:06.0081 0748 sffdisk - ok
00:01:06.0093 0748 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
00:01:06.0094 0748 sffp_mmc - ok
00:01:06.0108 0748 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
00:01:06.0109 0748 sffp_sd - ok
00:01:06.0150 0748 sfhlp02 (ecefb59d2206d281e6d317af0ea0d8bd) C:\Windows\system32\drivers\sfhlp02.sys
00:01:06.0151 0748 sfhlp02 - ok
00:01:06.0191 0748 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
00:01:06.0193 0748 sfloppy - ok
00:01:06.0242 0748 sfsync04 (05e3038180cd846b0bca0e915163606a) C:\Windows\system32\drivers\sfsync04.sys
00:01:06.0295 0748 sfsync04 - ok
00:01:06.0373 0748 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
00:01:06.0389 0748 SharedAccess - ok
00:01:06.0441 0748 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
00:01:06.0455 0748 ShellHWDetection - ok
00:01:06.0496 0748 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
00:01:06.0498 0748 sisagp - ok
00:01:06.0530 0748 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:01:06.0533 0748 SiSRaid2 - ok
00:01:06.0554 0748 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
00:01:06.0558 0748 SiSRaid4 - ok
00:01:06.0686 0748 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files\Skype\Updater\Updater.exe
00:01:06.0697 0748 SkypeUpdate - ok
00:01:06.0721 0748 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:01:06.0724 0748 Smb - ok
00:01:06.0778 0748 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
00:01:06.0782 0748 SNMPTRAP - ok
00:01:06.0796 0748 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
00:01:06.0798 0748 spldr - ok
00:01:06.0858 0748 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
00:01:06.0873 0748 Spooler - ok
00:01:07.0070 0748 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
00:01:07.0136 0748 sppsvc - ok
00:01:07.0281 0748 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
00:01:07.0286 0748 sppuinotify - ok
00:01:07.0410 0748 sptd (0c1dad75274cb6e31f053ce3e08bf9c3) C:\Windows\system32\Drivers\sptd.sys
00:01:07.0431 0748 sptd - ok
00:01:07.0487 0748 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
00:01:07.0494 0748 srv - ok
00:01:07.0517 0748 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
00:01:07.0524 0748 srv2 - ok
00:01:07.0541 0748 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
00:01:07.0544 0748 srvnet - ok
00:01:07.0591 0748 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
00:01:07.0603 0748 SSDPSRV - ok
00:01:07.0618 0748 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
00:01:07.0623 0748 SstpSvc - ok
00:01:07.0667 0748 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
00:01:07.0669 0748 StarOpen - ok
00:01:07.0759 0748 Steam Client Service - ok
00:01:07.0799 0748 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
00:01:07.0801 0748 stexstor - ok
00:01:07.0858 0748 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
00:01:07.0878 0748 StiSvc - ok
00:01:07.0917 0748 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
00:01:07.0919 0748 storflt - ok
00:01:07.0969 0748 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
00:01:07.0971 0748 storvsc - ok
00:01:08.0012 0748 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
00:01:08.0013 0748 swenum - ok
00:01:08.0150 0748 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:01:08.0160 0748 SwitchBoard - ok
00:01:08.0209 0748 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
00:01:08.0224 0748 swprv - ok
00:01:08.0239 0748 Synth3dVsc - ok
00:01:08.0340 0748 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
00:01:08.0367 0748 SysMain - ok
00:01:08.0401 0748 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
00:01:08.0406 0748 TabletInputService - ok
00:01:08.0460 0748 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
00:01:08.0470 0748 TapiSrv - ok
00:01:08.0556 0748 tbhsd (77bd6143c6dce0a1bf7b5571bed860dc) C:\Windows\system32\drivers\tbhsd.sys
00:01:08.0559 0748 tbhsd - ok
00:01:08.0597 0748 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
00:01:08.0602 0748 TBS - ok
00:01:08.0704 0748 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
00:01:08.0733 0748 Tcpip - ok
00:01:08.0940 0748 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
00:01:08.0949 0748 TCPIP6 - ok
00:01:09.0031 0748 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
00:01:09.0032 0748 tcpipreg - ok
00:01:09.0073 0748 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
00:01:09.0075 0748 TDPIPE - ok
00:01:09.0113 0748 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
00:01:09.0116 0748 TDTCP - ok
00:01:09.0166 0748 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
00:01:09.0169 0748 tdx - ok
00:01:09.0207 0748 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
00:01:09.0209 0748 TermDD - ok
00:01:09.0276 0748 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
00:01:09.0303 0748 TermService - ok
00:01:09.0342 0748 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
00:01:09.0346 0748 Themes - ok
00:01:09.0382 0748 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:01:09.0385 0748 THREADORDER - ok
00:01:09.0445 0748 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\Windows\system32\drivers\tiehdusb.sys
00:01:09.0448 0748 TIEHDUSB - ok
00:01:09.0499 0748 TPkd (5815ae5ef8519066f19e575d67f6f191) C:\Windows\system32\drivers\TPkd.sys
00:01:09.0502 0748 TPkd - ok
00:01:09.0520 0748 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
00:01:09.0535 0748 TrkWks - ok
00:01:09.0608 0748 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
00:01:09.0618 0748 TrustedInstaller - ok
00:01:09.0663 0748 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:01:09.0665 0748 tssecsrv - ok
00:01:09.0705 0748 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
00:01:09.0708 0748 TsUsbFlt - ok
00:01:09.0713 0748 tsusbhub - ok
00:01:09.0764 0748 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
00:01:09.0766 0748 tunnel - ok
00:01:09.0805 0748 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
00:01:09.0808 0748 uagp35 - ok
00:01:09.0859 0748 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
00:01:09.0868 0748 udfs - ok
00:01:09.0917 0748 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
00:01:09.0921 0748 UI0Detect - ok
00:01:09.0967 0748 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
00:01:09.0969 0748 uliagpkx - ok
00:01:10.0007 0748 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
00:01:10.0009 0748 umbus - ok
00:01:10.0025 0748 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
00:01:10.0026 0748 UmPass - ok
00:01:10.0078 0748 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
00:01:10.0090 0748 UmRdpService - ok
00:01:10.0119 0748 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
00:01:10.0135 0748 upnphost - ok
00:01:10.0168 0748 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
00:01:10.0170 0748 upperdev - ok
00:01:10.0203 0748 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
00:01:10.0240 0748 USBAAPL - ok
00:01:10.0282 0748 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
00:01:10.0284 0748 usbccgp - ok
00:01:10.0330 0748 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
00:01:10.0333 0748 usbcir - ok
00:01:10.0374 0748 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
00:01:10.0376 0748 usbehci - ok
00:01:10.0412 0748 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
00:01:10.0420 0748 usbhub - ok
00:01:10.0431 0748 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
00:01:10.0433 0748 usbohci - ok
00:01:10.0483 0748 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
00:01:10.0485 0748 usbprint - ok
00:01:10.0520 0748 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
00:01:10.0522 0748 usbscan - ok
00:01:10.0574 0748 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
00:01:10.0576 0748 usbser - ok
00:01:10.0608 0748 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
00:01:10.0610 0748 UsbserFilt - ok
00:01:10.0625 0748 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:01:10.0628 0748 USBSTOR - ok
00:01:10.0643 0748 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
00:01:10.0645 0748 usbuhci - ok
00:01:10.0676 0748 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
00:01:10.0689 0748 usbvideo - ok
00:01:10.0730 0748 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
00:01:10.0732 0748 usb_rndisx - ok
00:01:10.0767 0748 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
00:01:10.0771 0748 UxSms - ok
00:01:10.0812 0748 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:01:10.0814 0748 VaultSvc - ok
00:01:10.0843 0748 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
00:01:10.0845 0748 vdrvroot - ok
00:01:10.0894 0748 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
00:01:10.0913 0748 vds - ok
00:01:10.0964 0748 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
00:01:10.0966 0748 vga - ok
00:01:11.0007 0748 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
00:01:11.0009 0748 VgaSave - ok
00:01:11.0025 0748 VGPU - ok
00:01:11.0080 0748 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
00:01:11.0092 0748 vhdmp - ok
00:01:11.0116 0748 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
00:01:11.0119 0748 viaagp - ok
00:01:11.0130 0748 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
00:01:11.0133 0748 ViaC7 - ok
00:01:11.0147 0748 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
00:01:11.0149 0748 viaide - ok
00:01:11.0188 0748 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
00:01:11.0200 0748 vmbus - ok
00:01:11.0241 0748 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
00:01:11.0243 0748 VMBusHID - ok
00:01:11.0281 0748 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
00:01:11.0283 0748 volmgr - ok
00:01:11.0310 0748 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
00:01:11.0317 0748 volmgrx - ok
00:01:11.0361 0748 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
00:01:11.0370 0748 volsnap - ok
00:01:11.0407 0748 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
00:01:11.0411 0748 vpcbus - ok
00:01:11.0451 0748 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
00:01:11.0453 0748 vpcnfltr - ok
00:01:11.0470 0748 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
00:01:11.0473 0748 vpcusb - ok
00:01:11.0494 0748 vpcuxd (c35c2c888aff276e95ad3db3b7a8d003) C:\Windows\system32\drivers\vpcuxd.sys
00:01:11.0496 0748 vpcuxd - ok
00:01:11.0551 0748 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
00:01:11.0556 0748 vpcvmm - ok
00:01:11.0618 0748 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
00:01:11.0630 0748 vsmraid - ok
00:01:11.0725 0748 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
00:01:11.0754 0748 VSS - ok
00:01:11.0769 0748 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
00:01:11.0770 0748 vwifibus - ok
00:01:11.0826 0748 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
00:01:11.0842 0748 W32Time - ok
00:01:11.0864 0748 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
00:01:11.0866 0748 WacomPen - ok
00:01:11.0917 0748 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:01:11.0919 0748 WANARP - ok
00:01:11.0923 0748 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:01:11.0925 0748 Wanarpv6 - ok
00:01:12.0072 0748 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
00:01:12.0723 0748 WatAdminSvc - ok
00:01:12.0924 0748 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
00:01:12.0957 0748 wbengine - ok
00:01:13.0000 0748 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
00:01:13.0012 0748 WbioSrvc - ok
00:01:13.0113 0748 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
00:01:13.0136 0748 WcesComm - ok
00:01:13.0184 0748 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
00:01:13.0200 0748 wcncsvc - ok
00:01:13.0212 0748 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
00:01:13.0216 0748 WcsPlugInService - ok
00:01:13.0298 0748 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
00:01:13.0300 0748 Wd - ok
00:01:13.0331 0748 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:01:13.0342 0748 Wdf01000 - ok
00:01:13.0360 0748 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:01:13.0365 0748 WdiServiceHost - ok
00:01:13.0369 0748 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:01:13.0373 0748 WdiSystemHost - ok
00:01:13.0425 0748 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
00:01:13.0435 0748 WebClient - ok
00:01:13.0452 0748 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
00:01:13.0464 0748 Wecsvc - ok
00:01:13.0483 0748 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
00:01:13.0488 0748 wercplsupport - ok
00:01:13.0513 0748 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
00:01:13.0518 0748 WerSvc - ok
00:01:13.0540 0748 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
00:01:13.0542 0748 WfpLwf - ok
00:01:13.0556 0748 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
00:01:13.0558 0748 WIMMount - ok
00:01:13.0711 0748 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
00:01:13.0724 0748 WinDefend - ok
00:01:13.0732 0748 WinHttpAutoProxySvc - ok
00:01:13.0817 0748 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
00:01:13.0857 0748 Winmgmt - ok
00:01:13.0960 0748 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
00:01:13.0994 0748 WinRM - ok
00:01:14.0092 0748 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
00:01:14.0094 0748 WinUsb - ok
00:01:14.0175 0748 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
00:01:14.0199 0748 Wlansvc - ok
00:01:14.0312 0748 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:01:14.0316 0748 wlcrasvc - ok
00:01:14.0487 0748 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:01:14.0521 0748 wlidsvc - ok
00:01:14.0698 0748 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
00:01:14.0700 0748 WmiAcpi - ok
00:01:14.0776 0748 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
00:01:14.0858 0748 wmiApSrv - ok
00:01:14.0999 0748 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:01:15.0023 0748 WMPNetworkSvc - ok
00:01:15.0168 0748 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
00:01:15.0173 0748 WPCSvc - ok
00:01:15.0214 0748 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
00:01:15.0228 0748 WPDBusEnum - ok
00:01:15.0306 0748 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
00:01:15.0307 0748 ws2ifsl - ok
00:01:15.0351 0748 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
00:01:15.0356 0748 wscsvc - ok
00:01:15.0361 0748 WSearch - ok
00:01:15.0503 0748 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
00:01:15.0539 0748 wuauserv - ok
00:01:15.0711 0748 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
00:01:15.0714 0748 WudfPf - ok
00:01:15.0762 0748 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:01:15.0766 0748 WUDFRd - ok
00:01:15.0818 0748 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
00:01:15.0824 0748 wudfsvc - ok
00:01:15.0871 0748 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
00:01:15.0882 0748 WwanSvc - ok
00:01:15.0932 0748 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:01:16.0111 0748 \Device\Harddisk0\DR0 - ok
00:01:16.0116 0748 Boot (0x1200) (0d264cd0bb3e9eefdae278c163e3b9a2) \Device\Harddisk0\DR0\Partition0
00:01:16.0117 0748 \Device\Harddisk0\DR0\Partition0 - ok
00:01:16.0119 0748 ============================================================
00:01:16.0119 0748 Scan finished
00:01:16.0119 0748 ============================================================
00:01:16.0134 1932 Detected object count: 0
00:01:16.0134 1932 Actual detected object count: 0







---------- aswMBR log ----------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-04 00:07:32
-----------------------------
00:07:32.257 OS Version: Windows 6.1.7601 Service Pack 1
00:07:32.257 Number of processors: 2 586 0x6B01
00:07:32.259 ComputerName: GORDA UserName: illi
00:07:34.052 Initialize success
00:08:59.986 AVAST engine defs: 12080300
00:12:25.322 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:12:25.325 Disk 0 Vendor: WDC_WD3200AAJS-00VWA0 12.01B02 Size: 305245MB BusType: 3
00:12:25.349 Disk 0 MBR read successfully
00:12:25.353 Disk 0 MBR scan
00:12:25.360 Disk 0 Windows 7 default MBR code
00:12:25.370 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
00:12:25.421 Disk 0 scanning sectors +625139712
00:12:25.524 Disk 0 scanning C:\Windows\system32\drivers
00:12:53.004 Service scanning
00:13:11.436 Service MpKsl6993e1d6 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF14527A-EF7D-4003-960D-387E82C79661}\MpKsl6993e1d6.sys **LOCKED** 32
00:13:41.311 Modules scanning
00:13:52.954 Disk 0 trace - called modules:
00:13:52.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
00:13:53.345 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86453030]
00:13:53.352 3 CLASSPNP.SYS[895c459e] -> nt!IofCallDriver -> [0x85666938]
00:13:53.359 5 ACPI.sys[83d523d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x856b0610]
00:13:54.583 AVAST engine scan C:\Windows
00:14:05.147 AVAST engine scan C:\Windows\system32
00:22:14.673 AVAST engine scan C:\Windows\system32\drivers
00:23:42.541 AVAST engine scan C:\Users\illi
01:00:42.506 AVAST engine scan C:\ProgramData
01:06:38.097 Scan finished successfully
01:45:12.224 Disk 0 MBR has been saved successfully to "C:\Users\illi\Desktop\MBR.dat"
01:45:12.333 The log file has been saved successfully to "C:\Users\illi\Desktop\aswilogi.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:33 AM

Posted 03 August 2012 - 06:22 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Java™ 6 Update 31
Java™ 6 Update 7
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Kornley

Kornley
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 03 August 2012 - 08:35 PM

Ok, so I think my computer is doing A LOT better now. Everything is way faster than before and there are no signs of any malwares. No problems with anything and CCleaner seems very useful.

Here are the requested logs:

---------- MBAM log ----------


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.03.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
illi :: GORDA [administrator]

4.8.2012 3:25:08
mbam-log-2012-08-04 (03-25-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261047
Time elapsed: 9 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\illi\Downloads\SoftonicDownloader_for_kmplayer.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.

(end)






---------- Hijackthis log ----------


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:06:07, on 4.8.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\illi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Users\illi\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Messenger Plus! Community SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Messenger Plus! Community Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\illi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} (WalkmanRegistrar Object) - http://www.sony.fi/bravia/RegistrationAgent.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing)
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\Windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Päivitä-palvelu (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8347 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users