Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox has stopped working


  • Please log in to reply
15 replies to this topic

#1 hisuka2001

hisuka2001

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 31 July 2012 - 10:45 PM

Good day,

My laptop was working fine yesterday early morning. When I was just surfing the net numerous tabs suddenly opened at the same time. I am using firefox as my default browser, thinking that somehow maybe I had click my mouse but it happened again. I ran my antivirus program avast and a full system scan of malwarebytes, however, the system crashed. I reboot the laptop and again run malwarebytes, a full system scan, which found many malwares which were removed hopefully upon reboot. I run avast which did not find any problem.

Now whenever I open an application usually firefox or microsoft word there would be a delay which was not there before. And after a few minutes, the application will crash telling me that there's an error and needs to be close. The delay is usually greater when I'm using the microsoft word or other applications like notepad, etc. And everytime I do quick scan using malwarebytes an infected file is always seen: "trojan:ransom registry value HKCU\software\microsoft\windowsNT\currentversion\windowslload value:windowslload". The infected file always show up after a quick scan of malwarebytes even if previously scanned I selected the file to be remove after reboot.

Any help would be much appreciated.

Thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:33 AM

Posted 01 August 2012 - 06:06 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 hisuka2001

hisuka2001
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 02 August 2012 - 03:05 AM

I'm posting the logfiles of TDSSkiller and aswMBR. The file for eset online scanner is still being processed.

11:40:28.0589 1876 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:40:29.0665 1876 ============================================================
11:40:29.0665 1876 Current date / time: 2012/08/02 11:40:29.0665
11:40:29.0665 1876 SystemInfo:
11:40:29.0665 1876
11:40:29.0665 1876 OS Version: 6.1.7600 ServicePack: 0.0
11:40:29.0665 1876 Product type: Workstation
11:40:29.0666 1876 ComputerName: LEAHRAGRAMON-PC
11:40:29.0666 1876 UserName: Leah R. Agramon
11:40:29.0666 1876 Windows directory: C:\Windows
11:40:29.0666 1876 System windows directory: C:\Windows
11:40:29.0666 1876 Processor architecture: Intel x86
11:40:29.0666 1876 Number of processors: 4
11:40:29.0666 1876 Page size: 0x1000
11:40:29.0666 1876 Boot type: Normal boot
11:40:29.0666 1876 ============================================================
11:40:31.0128 1876 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:40:31.0135 1876 ============================================================
11:40:31.0135 1876 \Device\Harddisk0\DR0:
11:40:31.0136 1876 MBR partitions:
11:40:31.0136 1876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:40:31.0136 1876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1E816000
11:40:31.0136 1876 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E848800, BlocksNum 0x1BB3C800
11:40:31.0137 1876 ============================================================
11:40:31.0154 1876 C: <-> \Device\Harddisk0\DR0\Partition1
11:40:31.0189 1876 D: <-> \Device\Harddisk0\DR0\Partition2
11:40:31.0190 1876 ============================================================
11:40:31.0190 1876 Initialize success
11:40:31.0190 1876 ============================================================
11:41:00.0904 0876 ============================================================
11:41:00.0904 0876 Scan started
11:41:00.0904 0876 Mode: Manual; TDLFS;
11:41:00.0904 0876 ============================================================
11:41:02.0680 0876 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
11:41:02.0685 0876 1394ohci - ok
11:41:02.0747 0876 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
11:41:02.0754 0876 ACPI - ok
11:41:02.0795 0876 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
11:41:02.0797 0876 AcpiPmi - ok
11:41:02.0922 0876 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:41:02.0926 0876 AdobeARMservice - ok
11:41:03.0035 0876 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:41:03.0045 0876 adp94xx - ok
11:41:03.0107 0876 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:41:03.0113 0876 adpahci - ok
11:41:03.0157 0876 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:41:03.0161 0876 adpu320 - ok
11:41:03.0198 0876 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
11:41:03.0203 0876 AeLookupSvc - ok
11:41:03.0263 0876 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
11:41:03.0270 0876 AFD - ok
11:41:03.0294 0876 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
11:41:03.0296 0876 agp440 - ok
11:41:03.0327 0876 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:41:03.0330 0876 aic78xx - ok
11:41:03.0369 0876 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
11:41:03.0372 0876 ALG - ok
11:41:03.0405 0876 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
11:41:03.0406 0876 aliide - ok
11:41:03.0444 0876 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
11:41:03.0446 0876 amdagp - ok
11:41:03.0473 0876 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
11:41:03.0475 0876 amdide - ok
11:41:03.0510 0876 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:41:03.0512 0876 AmdK8 - ok
11:41:03.0526 0876 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:41:03.0528 0876 AmdPPM - ok
11:41:03.0565 0876 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
11:41:03.0567 0876 amdsata - ok
11:41:03.0600 0876 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:41:03.0604 0876 amdsbs - ok
11:41:03.0636 0876 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
11:41:03.0637 0876 amdxata - ok
11:41:03.0753 0876 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:41:03.0757 0876 AntiVirSchedulerService - ok
11:41:03.0810 0876 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:41:03.0815 0876 AntiVirService - ok
11:41:03.0872 0876 ApfiltrService - ok
11:41:03.0913 0876 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
11:41:03.0916 0876 AppID - ok
11:41:03.0978 0876 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
11:41:03.0987 0876 AppIDSvc - ok
11:41:04.0013 0876 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
11:41:04.0016 0876 Appinfo - ok
11:41:04.0085 0876 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:41:04.0090 0876 Apple Mobile Device - ok
11:41:04.0143 0876 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
11:41:04.0149 0876 AppMgmt - ok
11:41:04.0194 0876 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:41:04.0197 0876 arc - ok
11:41:04.0228 0876 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:41:04.0231 0876 arcsas - ok
11:41:04.0254 0876 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:41:04.0256 0876 AsyncMac - ok
11:41:04.0273 0876 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
11:41:04.0275 0876 atapi - ok
11:41:04.0384 0876 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
11:41:04.0403 0876 athr - ok
11:41:04.0471 0876 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
11:41:04.0483 0876 AudioEndpointBuilder - ok
11:41:04.0500 0876 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
11:41:04.0508 0876 Audiosrv - ok
11:41:04.0564 0876 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
11:41:04.0566 0876 avgntflt - ok
11:41:04.0601 0876 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
11:41:04.0604 0876 avipbb - ok
11:41:04.0634 0876 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
11:41:04.0638 0876 AxInstSV - ok
11:41:04.0705 0876 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:41:04.0715 0876 b06bdrv - ok
11:41:04.0768 0876 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:41:04.0773 0876 b57nd60x - ok
11:41:04.0823 0876 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
11:41:04.0828 0876 BDESVC - ok
11:41:04.0849 0876 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:41:04.0851 0876 Beep - ok
11:41:04.0917 0876 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
11:41:04.0930 0876 BFE - ok
11:41:05.0009 0876 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
11:41:05.0028 0876 BITS - ok
11:41:05.0052 0876 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:41:05.0054 0876 blbdrive - ok
11:41:05.0169 0876 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:41:05.0178 0876 Bonjour Service - ok
11:41:05.0225 0876 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
11:41:05.0230 0876 bowser - ok
11:41:05.0255 0876 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:41:05.0257 0876 BrFiltLo - ok
11:41:05.0274 0876 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:41:05.0276 0876 BrFiltUp - ok
11:41:05.0319 0876 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
11:41:05.0323 0876 Browser - ok
11:41:05.0368 0876 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:41:05.0374 0876 Brserid - ok
11:41:05.0390 0876 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:41:05.0393 0876 BrSerWdm - ok
11:41:05.0418 0876 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:41:05.0419 0876 BrUsbMdm - ok
11:41:05.0434 0876 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:41:05.0435 0876 BrUsbSer - ok
11:41:05.0464 0876 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:41:05.0466 0876 BTHMODEM - ok
11:41:05.0504 0876 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
11:41:05.0507 0876 bthserv - ok
11:41:05.0539 0876 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:41:05.0542 0876 cdfs - ok
11:41:05.0584 0876 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
11:41:05.0587 0876 cdrom - ok
11:41:05.0628 0876 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
11:41:05.0631 0876 CertPropSvc - ok
11:41:05.0667 0876 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:41:05.0669 0876 circlass - ok
11:41:05.0712 0876 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:41:05.0720 0876 CLFS - ok
11:41:06.0051 0876 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:41:06.0058 0876 clr_optimization_v2.0.50727_32 - ok
11:41:06.0083 0876 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:41:06.0085 0876 CmBatt - ok
11:41:06.0121 0876 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
11:41:06.0122 0876 cmdide - ok
11:41:06.0178 0876 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
11:41:06.0189 0876 CNG - ok
11:41:06.0246 0876 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:41:06.0248 0876 Compbatt - ok
11:41:06.0291 0876 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:41:06.0293 0876 CompositeBus - ok
11:41:06.0326 0876 COMSysApp - ok
11:41:06.0360 0876 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:41:06.0364 0876 crcdisk - ok
11:41:06.0421 0876 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
11:41:06.0435 0876 CryptSvc - ok
11:41:06.0491 0876 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
11:41:06.0502 0876 CSC - ok
11:41:06.0576 0876 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
11:41:06.0589 0876 CscService - ok
11:41:06.0663 0876 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
11:41:06.0677 0876 DcomLaunch - ok
11:41:06.0710 0876 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
11:41:06.0719 0876 defragsvc - ok
11:41:06.0789 0876 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
11:41:06.0792 0876 DfsC - ok
11:41:06.0858 0876 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
11:41:06.0868 0876 Dhcp - ok
11:41:06.0885 0876 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:41:06.0887 0876 discache - ok
11:41:06.0917 0876 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:41:06.0920 0876 Disk - ok
11:41:06.0948 0876 Dnscache (d0722e963d3c6145446874241401b209) C:\Windows\System32\dnsrslvr.dll
11:41:06.0956 0876 Dnscache - ok
11:41:07.0003 0876 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
11:41:07.0012 0876 dot3svc - ok
11:41:07.0033 0876 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
11:41:07.0040 0876 DPS - ok
11:41:07.0094 0876 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:41:07.0095 0876 drmkaud - ok
11:41:07.0161 0876 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
11:41:07.0175 0876 DXGKrnl - ok
11:41:07.0213 0876 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
11:41:07.0222 0876 EapHost - ok
11:41:07.0455 0876 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:41:07.0504 0876 ebdrv - ok
11:41:07.0615 0876 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
11:41:07.0623 0876 EFS - ok
11:41:07.0711 0876 ehRecvr (3a74a6e33685662b125a3269b1f2114f) C:\Windows\ehome\ehRecvr.exe
11:41:07.0730 0876 ehRecvr - ok
11:41:07.0767 0876 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
11:41:07.0772 0876 ehSched - ok
11:41:07.0864 0876 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:41:07.0872 0876 elxstor - ok
11:41:07.0900 0876 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
11:41:07.0902 0876 ErrDev - ok
11:41:08.0000 0876 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
11:41:08.0009 0876 EventSystem - ok
11:41:08.0096 0876 ewusbnet (95bcb4321962028799eb2ea53319bb0c) C:\Windows\system32\DRIVERS\ewusbnet.sys
11:41:08.0102 0876 ewusbnet - ok
11:41:08.0155 0876 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
11:41:08.0159 0876 ew_hwusbdev - ok
11:41:08.0206 0876 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:41:08.0211 0876 exfat - ok
11:41:08.0247 0876 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:41:08.0253 0876 fastfat - ok
11:41:08.0364 0876 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
11:41:08.0385 0876 Fax - ok
11:41:08.0409 0876 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:41:08.0412 0876 fdc - ok
11:41:08.0449 0876 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
11:41:08.0454 0876 fdPHost - ok
11:41:08.0471 0876 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
11:41:08.0476 0876 FDResPub - ok
11:41:08.0505 0876 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:41:08.0509 0876 FileInfo - ok
11:41:08.0544 0876 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:41:08.0546 0876 Filetrace - ok
11:41:08.0685 0876 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:41:08.0703 0876 FLEXnet Licensing Service - ok
11:41:08.0731 0876 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:41:08.0734 0876 flpydisk - ok
11:41:08.0776 0876 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:41:08.0781 0876 FltMgr - ok
11:41:08.0876 0876 FontCache (b6512a85815fdc3d560c3705f5bdb93d) C:\Windows\system32\FntCache.dll
11:41:08.0898 0876 FontCache - ok
11:41:08.0967 0876 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:41:08.0971 0876 FontCache3.0.0.0 - ok
11:41:09.0014 0876 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:41:09.0016 0876 FsDepends - ok
11:41:09.0053 0876 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
11:41:09.0055 0876 Fs_Rec - ok
11:41:09.0108 0876 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
11:41:09.0113 0876 fvevol - ok
11:41:09.0150 0876 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:41:09.0152 0876 gagp30kx - ok
11:41:09.0191 0876 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:41:09.0193 0876 GEARAspiWDM - ok
11:41:09.0335 0876 Globe Tattoo Broadband. RunOuc (38106c7bd34eae89d2769ac0ba2e846b) C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe
11:41:09.0341 0876 Globe Tattoo Broadband. RunOuc - ok
11:41:09.0432 0876 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
11:41:09.0448 0876 gpsvc - ok
11:41:09.0482 0876 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:41:09.0484 0876 hcw85cir - ok
11:41:09.0563 0876 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
11:41:09.0569 0876 HdAudAddService - ok
11:41:09.0615 0876 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:41:09.0618 0876 HDAudBus - ok
11:41:09.0647 0876 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:41:09.0649 0876 HidBatt - ok
11:41:09.0669 0876 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:41:09.0671 0876 HidBth - ok
11:41:09.0711 0876 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:41:09.0713 0876 HidIr - ok
11:41:09.0749 0876 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
11:41:09.0760 0876 hidserv - ok
11:41:09.0796 0876 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
11:41:09.0797 0876 HidUsb - ok
11:41:09.0824 0876 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
11:41:09.0833 0876 hkmsvc - ok
11:41:09.0872 0876 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
11:41:09.0883 0876 HomeGroupListener - ok
11:41:09.0924 0876 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
11:41:09.0936 0876 HomeGroupProvider - ok
11:41:09.0964 0876 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:41:09.0966 0876 HpSAMD - ok
11:41:10.0039 0876 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
11:41:10.0052 0876 HTTP - ok
11:41:10.0105 0876 huawei_enumerator (bed3a9f86a637cc6c2c5296cd82423d8) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
11:41:10.0108 0876 huawei_enumerator - ok
11:41:10.0179 0876 hwdatacard (a89423d0132c8ab69ba621b6ce191714) C:\Windows\system32\DRIVERS\ewusbmdm.sys
11:41:10.0183 0876 hwdatacard - ok
11:41:10.0247 0876 HWDeviceService.exe - ok
11:41:10.0277 0876 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
11:41:10.0280 0876 hwpolicy - ok
11:41:10.0311 0876 hwusbdev - ok
11:41:10.0365 0876 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
11:41:10.0367 0876 i8042prt - ok
11:41:10.0421 0876 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
11:41:10.0428 0876 iaStorV - ok
11:41:10.0567 0876 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:41:10.0595 0876 idsvc - ok
11:41:10.0983 0876 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:41:11.0081 0876 igfx - ok
11:41:11.0198 0876 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:41:11.0201 0876 iirsp - ok
11:41:11.0294 0876 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
11:41:11.0314 0876 IKEEXT - ok
11:41:11.0355 0876 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
11:41:11.0358 0876 intelide - ok
11:41:11.0394 0876 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:41:11.0396 0876 intelppm - ok
11:41:11.0429 0876 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
11:41:11.0437 0876 IPBusEnum - ok
11:41:11.0477 0876 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:41:11.0483 0876 IpFilterDriver - ok
11:41:11.0559 0876 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
11:41:11.0577 0876 iphlpsvc - ok
11:41:11.0624 0876 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:41:11.0628 0876 IPMIDRV - ok
11:41:11.0653 0876 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:41:11.0658 0876 IPNAT - ok
11:41:11.0791 0876 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
11:41:11.0816 0876 iPod Service - ok
11:41:11.0879 0876 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:41:11.0883 0876 IRENUM - ok
11:41:11.0911 0876 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
11:41:11.0914 0876 isapnp - ok
11:41:11.0960 0876 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
11:41:11.0966 0876 iScsiPrt - ok
11:41:11.0998 0876 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:41:12.0002 0876 kbdclass - ok
11:41:12.0034 0876 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
11:41:12.0037 0876 kbdhid - ok
11:41:12.0072 0876 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
11:41:12.0083 0876 KeyIso - ok
11:41:12.0128 0876 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
11:41:12.0133 0876 KSecDD - ok
11:41:12.0171 0876 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
11:41:12.0176 0876 KSecPkg - ok
11:41:12.0229 0876 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
11:41:12.0248 0876 KtmRm - ok
11:41:12.0303 0876 L1C (1a91eaad2d73758140b3b7b6ad736573) C:\Windows\system32\DRIVERS\L1C62x86.sys
11:41:12.0306 0876 L1C - ok
11:41:12.0376 0876 LanmanServer (bca92cb047a4326925ecef759dbaa233) C:\Windows\system32\srvsvc.dll
11:41:12.0391 0876 LanmanServer - ok
11:41:12.0426 0876 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
11:41:12.0442 0876 LanmanWorkstation - ok
11:41:12.0495 0876 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:41:12.0500 0876 lltdio - ok
11:41:12.0555 0876 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
11:41:12.0572 0876 lltdsvc - ok
11:41:12.0601 0876 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
11:41:12.0609 0876 lmhosts - ok
11:41:12.0660 0876 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:41:12.0663 0876 LSI_FC - ok
11:41:12.0690 0876 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:41:12.0694 0876 LSI_SAS - ok
11:41:12.0719 0876 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:41:12.0721 0876 LSI_SAS2 - ok
11:41:12.0757 0876 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:41:12.0761 0876 LSI_SCSI - ok
11:41:12.0793 0876 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:41:12.0801 0876 luafv - ok
11:41:12.0900 0876 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
11:41:12.0903 0876 MBAMSwissArmy - ok
11:41:12.0940 0876 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
11:41:12.0950 0876 Mcx2Svc - ok
11:41:12.0990 0876 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:41:12.0993 0876 megasas - ok
11:41:13.0044 0876 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:41:13.0051 0876 MegaSR - ok
11:41:13.0086 0876 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:41:13.0096 0876 MMCSS - ok
11:41:13.0122 0876 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:41:13.0125 0876 Modem - ok
11:41:13.0183 0876 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:41:13.0185 0876 monitor - ok
11:41:13.0230 0876 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
11:41:13.0233 0876 mouclass - ok
11:41:13.0273 0876 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:41:13.0275 0876 mouhid - ok
11:41:13.0304 0876 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
11:41:13.0308 0876 mountmgr - ok
11:41:13.0419 0876 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:41:13.0429 0876 MozillaMaintenance - ok
11:41:13.0474 0876 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
11:41:13.0479 0876 mpio - ok
11:41:13.0522 0876 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:41:13.0527 0876 mpsdrv - ok
11:41:13.0606 0876 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
11:41:13.0632 0876 MpsSvc - ok
11:41:13.0683 0876 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
11:41:13.0688 0876 MRxDAV - ok
11:41:13.0752 0876 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:41:13.0758 0876 mrxsmb - ok
11:41:13.0800 0876 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:41:13.0807 0876 mrxsmb10 - ok
11:41:13.0842 0876 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:41:13.0846 0876 mrxsmb20 - ok
11:41:13.0873 0876 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
11:41:13.0875 0876 msahci - ok
11:41:13.0899 0876 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
11:41:13.0903 0876 msdsm - ok
11:41:13.0947 0876 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
11:41:13.0959 0876 MSDTC - ok
11:41:13.0984 0876 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:41:13.0987 0876 Msfs - ok
11:41:14.0015 0876 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:41:14.0018 0876 mshidkmdf - ok
11:41:14.0042 0876 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
11:41:14.0044 0876 msisadrv - ok
11:41:14.0095 0876 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
11:41:14.0107 0876 MSiSCSI - ok
11:41:14.0120 0876 msiserver - ok
11:41:14.0158 0876 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:41:14.0161 0876 MSKSSRV - ok
11:41:14.0181 0876 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:41:14.0184 0876 MSPCLOCK - ok
11:41:14.0217 0876 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:41:14.0220 0876 MSPQM - ok
11:41:14.0250 0876 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:41:14.0255 0876 MsRPC - ok
11:41:14.0279 0876 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
11:41:14.0282 0876 mssmbios - ok
11:41:14.0304 0876 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:41:14.0307 0876 MSTEE - ok
11:41:14.0325 0876 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:41:14.0327 0876 MTConfig - ok
11:41:14.0348 0876 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:41:14.0351 0876 Mup - ok
11:41:14.0409 0876 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
11:41:14.0426 0876 napagent - ok
11:41:14.0495 0876 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:41:14.0502 0876 NativeWifiP - ok
11:41:14.0579 0876 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
11:41:14.0595 0876 NDIS - ok
11:41:14.0617 0876 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:41:14.0621 0876 NdisCap - ok
11:41:14.0655 0876 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:41:14.0658 0876 NdisTapi - ok
11:41:14.0687 0876 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
11:41:14.0691 0876 Ndisuio - ok
11:41:14.0720 0876 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
11:41:14.0725 0876 NdisWan - ok
11:41:14.0758 0876 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
11:41:14.0761 0876 NDProxy - ok
11:41:14.0790 0876 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:41:14.0793 0876 NetBIOS - ok
11:41:14.0825 0876 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
11:41:14.0831 0876 NetBT - ok
11:41:14.0861 0876 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
11:41:14.0869 0876 Netlogon - ok
11:41:14.0913 0876 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
11:41:14.0928 0876 Netman - ok
11:41:14.0973 0876 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
11:41:14.0990 0876 netprofm - ok
11:41:15.0073 0876 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:41:15.0080 0876 NetTcpPortSharing - ok
11:41:15.0121 0876 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:41:15.0124 0876 nfrd960 - ok
11:41:15.0167 0876 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
11:41:15.0182 0876 NlaSvc - ok
11:41:15.0206 0876 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:41:15.0209 0876 Npfs - ok
11:41:15.0224 0876 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
11:41:15.0234 0876 nsi - ok
11:41:15.0249 0876 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:41:15.0252 0876 nsiproxy - ok
11:41:15.0359 0876 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
11:41:15.0383 0876 Ntfs - ok
11:41:15.0417 0876 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:41:15.0420 0876 Null - ok
11:41:15.0453 0876 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
11:41:15.0457 0876 nvraid - ok
11:41:15.0489 0876 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
11:41:15.0493 0876 nvstor - ok
11:41:15.0627 0876 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
11:41:15.0631 0876 nv_agp - ok
11:41:15.0891 0876 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:41:15.0904 0876 odserv - ok
11:41:15.0927 0876 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
11:41:15.0929 0876 ohci1394 - ok
11:41:15.0974 0876 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:41:15.0979 0876 ose - ok
11:41:16.0023 0876 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:41:16.0034 0876 p2pimsvc - ok
11:41:16.0227 0876 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
11:41:16.0243 0876 p2psvc - ok
11:41:16.0280 0876 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:41:16.0284 0876 Parport - ok
11:41:16.0310 0876 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
11:41:16.0314 0876 partmgr - ok
11:41:16.0335 0876 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:41:16.0337 0876 Parvdm - ok
11:41:16.0365 0876 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
11:41:16.0377 0876 PcaSvc - ok
11:41:16.0414 0876 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
11:41:16.0418 0876 pci - ok
11:41:16.0436 0876 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
11:41:16.0438 0876 pciide - ok
11:41:16.0468 0876 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:41:16.0473 0876 pcmcia - ok
11:41:16.0494 0876 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:41:16.0498 0876 pcw - ok
11:41:16.0561 0876 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:41:16.0574 0876 PEAUTH - ok
11:41:16.0729 0876 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
11:41:16.0765 0876 PeerDistSvc - ok
11:41:16.0912 0876 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
11:41:16.0941 0876 pla - ok
11:41:17.0054 0876 PlugPlay (2cc2008f1296968fba162ed9f9afe328) C:\Windows\system32\umpnpmgr.dll
11:41:17.0068 0876 PlugPlay - ok
11:41:17.0099 0876 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
11:41:17.0108 0876 PNRPAutoReg - ok
11:41:17.0154 0876 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:41:17.0167 0876 PNRPsvc - ok
11:41:17.0219 0876 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
11:41:17.0231 0876 PolicyAgent - ok
11:41:17.0259 0876 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
11:41:17.0270 0876 Power - ok
11:41:17.0321 0876 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:41:17.0326 0876 PptpMiniport - ok
11:41:17.0349 0876 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:41:17.0352 0876 Processor - ok
11:41:17.0409 0876 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
11:41:17.0422 0876 ProfSvc - ok
11:41:17.0461 0876 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
11:41:17.0469 0876 ProtectedStorage - ok
11:41:17.0516 0876 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:41:17.0520 0876 Psched - ok
11:41:17.0579 0876 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
11:41:17.0581 0876 PxHelp20 - ok
11:41:17.0708 0876 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:41:17.0735 0876 ql2300 - ok
11:41:17.0863 0876 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:41:17.0867 0876 ql40xx - ok
11:41:17.0917 0876 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
11:41:17.0931 0876 QWAVE - ok
11:41:17.0970 0876 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:41:17.0974 0876 QWAVEdrv - ok
11:41:18.0003 0876 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:41:18.0006 0876 RasAcd - ok
11:41:18.0060 0876 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:41:18.0063 0876 RasAgileVpn - ok
11:41:18.0108 0876 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
11:41:18.0122 0876 RasAuto - ok
11:41:18.0151 0876 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:41:18.0155 0876 Rasl2tp - ok
11:41:18.0203 0876 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
11:41:18.0218 0876 RasMan - ok
11:41:18.0246 0876 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:41:18.0250 0876 RasPppoe - ok
11:41:18.0271 0876 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:41:18.0275 0876 RasSstp - ok
11:41:18.0307 0876 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
11:41:18.0314 0876 rdbss - ok
11:41:18.0339 0876 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:41:18.0342 0876 rdpbus - ok
11:41:18.0364 0876 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:41:18.0367 0876 RDPCDD - ok
11:41:18.0405 0876 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
11:41:18.0410 0876 RDPDR - ok
11:41:18.0429 0876 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:41:18.0432 0876 RDPENCDD - ok
11:41:18.0457 0876 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:41:18.0460 0876 RDPREFMP - ok
11:41:18.0492 0876 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
11:41:18.0498 0876 RDPWD - ok
11:41:18.0546 0876 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
11:41:18.0552 0876 rdyboost - ok
11:41:18.0581 0876 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
11:41:18.0591 0876 RemoteAccess - ok
11:41:18.0627 0876 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
11:41:18.0650 0876 RemoteRegistry - ok
11:41:18.0692 0876 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
11:41:18.0704 0876 RpcEptMapper - ok
11:41:18.0720 0876 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
11:41:18.0729 0876 RpcLocator - ok
11:41:18.0782 0876 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
11:41:18.0799 0876 RpcSs - ok
11:41:18.0847 0876 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:41:18.0851 0876 rspndr - ok
11:41:18.0870 0876 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
11:41:18.0873 0876 s3cap - ok
11:41:18.0905 0876 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
11:41:18.0913 0876 SamSs - ok
11:41:18.0942 0876 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
11:41:18.0946 0876 sbp2port - ok
11:41:18.0988 0876 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
11:41:19.0001 0876 SCardSvr - ok
11:41:19.0027 0876 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
11:41:19.0030 0876 scfilter - ok
11:41:19.0105 0876 Schedule (3e8b0c453e25613a1f59762a5c42aa75) C:\Windows\system32\schedsvc.dll
11:41:19.0129 0876 Schedule - ok
11:41:19.0174 0876 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
11:41:19.0178 0876 SCPolicySvc - ok
11:41:19.0209 0876 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
11:41:19.0222 0876 SDRSVC - ok
11:41:19.0263 0876 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:41:19.0265 0876 secdrv - ok
11:41:19.0297 0876 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
11:41:19.0308 0876 seclogon - ok
11:41:19.0328 0876 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
11:41:19.0340 0876 SENS - ok
11:41:19.0358 0876 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
11:41:19.0370 0876 SensrSvc - ok
11:41:19.0398 0876 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:41:19.0400 0876 Serenum - ok
11:41:19.0416 0876 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:41:19.0420 0876 Serial - ok
11:41:19.0449 0876 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:41:19.0451 0876 sermouse - ok
11:41:19.0490 0876 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
11:41:19.0503 0876 SessionEnv - ok
11:41:19.0527 0876 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
11:41:19.0530 0876 sffdisk - ok
11:41:19.0568 0876 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:41:19.0570 0876 sffp_mmc - ok
11:41:19.0599 0876 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:41:19.0601 0876 sffp_sd - ok
11:41:19.0614 0876 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:41:19.0616 0876 sfloppy - ok
11:41:19.0661 0876 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
11:41:19.0674 0876 SharedAccess - ok
11:41:19.0739 0876 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
11:41:19.0757 0876 ShellHWDetection - ok
11:41:19.0792 0876 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
11:41:19.0795 0876 sisagp - ok
11:41:19.0843 0876 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:41:19.0846 0876 SiSRaid2 - ok
11:41:19.0871 0876 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:41:19.0875 0876 SiSRaid4 - ok
11:41:19.0899 0876 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:41:19.0903 0876 Smb - ok
11:41:19.0946 0876 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
11:41:19.0958 0876 SNMPTRAP - ok
11:41:19.0988 0876 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:41:19.0991 0876 spldr - ok
11:41:20.0033 0876 Spooler (49b6dd6ab3715b7a67965f17194e98a9) C:\Windows\System32\spoolsv.exe
11:41:20.0049 0876 Spooler - ok
11:41:20.0286 0876 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
11:41:20.0352 0876 sppsvc - ok
11:41:20.0456 0876 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
11:41:20.0468 0876 sppuinotify - ok
11:41:20.0525 0876 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
11:41:20.0533 0876 srv - ok
11:41:20.0578 0876 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
11:41:20.0586 0876 srv2 - ok
11:41:20.0613 0876 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
11:41:20.0618 0876 srvnet - ok
11:41:20.0651 0876 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
11:41:20.0666 0876 SSDPSRV - ok
11:41:20.0706 0876 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
11:41:20.0710 0876 ssmdrv - ok
11:41:20.0745 0876 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
11:41:20.0758 0876 SstpSvc - ok
11:41:20.0777 0876 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:41:20.0780 0876 stexstor - ok
11:41:20.0835 0876 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
11:41:20.0858 0876 StiSvc - ok
11:41:20.0927 0876 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:41:20.0932 0876 stllssvr - ok
11:41:20.0970 0876 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
11:41:20.0973 0876 storflt - ok
11:41:21.0000 0876 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
11:41:21.0012 0876 StorSvc - ok
11:41:21.0052 0876 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
11:41:21.0055 0876 storvsc - ok
11:41:21.0076 0876 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
11:41:21.0079 0876 swenum - ok
11:41:21.0119 0876 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
11:41:21.0137 0876 swprv - ok
11:41:21.0255 0876 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
11:41:21.0288 0876 SysMain - ok
11:41:21.0319 0876 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
11:41:21.0332 0876 TabletInputService - ok
11:41:21.0379 0876 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
11:41:21.0396 0876 TapiSrv - ok
11:41:21.0424 0876 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
11:41:21.0437 0876 TBS - ok
11:41:21.0595 0876 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
11:41:21.0619 0876 Tcpip - ok
11:41:21.0673 0876 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
11:41:21.0698 0876 TCPIP6 - ok
11:41:21.0742 0876 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
11:41:21.0745 0876 tcpipreg - ok
11:41:21.0771 0876 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
11:41:21.0774 0876 TDPIPE - ok
11:41:21.0790 0876 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
11:41:21.0793 0876 TDTCP - ok
11:41:21.0824 0876 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
11:41:21.0828 0876 tdx - ok
11:41:21.0854 0876 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
11:41:21.0857 0876 TermDD - ok
11:41:21.0935 0876 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
11:41:21.0961 0876 TermService - ok
11:41:21.0984 0876 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
11:41:21.0996 0876 Themes - ok
11:41:22.0029 0876 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:41:22.0038 0876 THREADORDER - ok
11:41:22.0079 0876 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
11:41:22.0092 0876 TrkWks - ok
11:41:22.0149 0876 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
11:41:22.0157 0876 TrustedInstaller - ok
11:41:22.0188 0876 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:41:22.0192 0876 tssecsrv - ok
11:41:22.0370 0876 TuneUp.UtilitiesSvc (86cd728fb5f6a409112662e1596d987b) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
11:41:22.0414 0876 TuneUp.UtilitiesSvc - ok
11:41:22.0446 0876 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
11:41:22.0449 0876 TuneUpUtilitiesDrv - ok
11:41:22.0571 0876 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
11:41:22.0576 0876 tunnel - ok
11:41:22.0599 0876 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:41:22.0602 0876 uagp35 - ok
11:41:22.0641 0876 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
11:41:22.0648 0876 udfs - ok
11:41:22.0700 0876 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
11:41:22.0714 0876 UI0Detect - ok
11:41:22.0760 0876 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:41:22.0763 0876 uliagpkx - ok
11:41:22.0886 0876 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
11:41:22.0889 0876 umbus - ok
11:41:22.0935 0876 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:41:22.0937 0876 UmPass - ok
11:41:22.0966 0876 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
11:41:22.0984 0876 UmRdpService - ok
11:41:23.0047 0876 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
11:41:23.0065 0876 upnphost - ok
11:41:23.0112 0876 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
11:41:23.0115 0876 USBAAPL - ok
11:41:23.0162 0876 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
11:41:23.0165 0876 usbccgp - ok
11:41:23.0208 0876 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
11:41:23.0212 0876 usbcir - ok
11:41:23.0242 0876 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
11:41:23.0245 0876 usbehci - ok
11:41:23.0289 0876 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
11:41:23.0295 0876 usbhub - ok
11:41:23.0309 0876 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
11:41:23.0311 0876 usbohci - ok
11:41:23.0335 0876 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:41:23.0337 0876 usbprint - ok
11:41:23.0361 0876 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:41:23.0365 0876 USBSTOR - ok
11:41:23.0393 0876 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
11:41:23.0396 0876 usbuhci - ok
11:41:23.0441 0876 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
11:41:23.0446 0876 usbvideo - ok
11:41:23.0481 0876 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
11:41:23.0494 0876 UxSms - ok
11:41:23.0528 0876 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
11:41:23.0536 0876 VaultSvc - ok
11:41:23.0588 0876 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:41:23.0591 0876 vdrvroot - ok
11:41:23.0639 0876 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
11:41:23.0660 0876 vds - ok
11:41:23.0688 0876 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:41:23.0690 0876 vga - ok
11:41:23.0716 0876 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:41:23.0719 0876 VgaSave - ok
11:41:23.0750 0876 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
11:41:23.0755 0876 vhdmp - ok
11:41:23.0784 0876 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
11:41:23.0787 0876 viaagp - ok
11:41:23.0817 0876 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:41:23.0820 0876 ViaC7 - ok
11:41:23.0845 0876 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
11:41:23.0847 0876 viaide - ok
11:41:23.0889 0876 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
11:41:23.0894 0876 vmbus - ok
11:41:23.0916 0876 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
11:41:23.0919 0876 VMBusHID - ok
11:41:23.0949 0876 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
11:41:23.0952 0876 volmgr - ok
11:41:24.0005 0876 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:41:24.0013 0876 volmgrx - ok
11:41:24.0056 0876 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
11:41:24.0062 0876 volsnap - ok
11:41:24.0102 0876 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:41:24.0107 0876 vsmraid - ok
11:41:24.0215 0876 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
11:41:24.0246 0876 VSS - ok
11:41:24.0282 0876 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
11:41:24.0286 0876 vwifibus - ok
11:41:24.0310 0876 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
11:41:24.0314 0876 vwififlt - ok
11:41:24.0346 0876 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
11:41:24.0349 0876 vwifimp - ok
11:41:24.0384 0876 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
11:41:24.0401 0876 W32Time - ok
11:41:24.0432 0876 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:41:24.0435 0876 WacomPen - ok
11:41:24.0473 0876 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
11:41:24.0477 0876 WANARP - ok
11:41:24.0487 0876 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
11:41:24.0491 0876 Wanarpv6 - ok
11:41:24.0614 0876 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
11:41:24.0648 0876 wbengine - ok
11:41:24.0681 0876 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
11:41:24.0696 0876 WbioSrvc - ok
11:41:24.0740 0876 wcncsvc (d0f88aa11ee1a62bcc6d6a8a7783ca11) C:\Windows\System32\wcncsvc.dll
11:41:24.0757 0876 wcncsvc - ok
11:41:24.0786 0876 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
11:41:24.0800 0876 WcsPlugInService - ok
11:41:24.0851 0876 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:41:24.0854 0876 Wd - ok
11:41:24.0909 0876 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:41:24.0920 0876 Wdf01000 - ok
11:41:24.0950 0876 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:41:24.0965 0876 WdiServiceHost - ok
11:41:24.0980 0876 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:41:24.0997 0876 WdiSystemHost - ok
11:41:25.0046 0876 WebClient (d87c7d2c517f82a5ab7a73e203063d9e) C:\Windows\System32\webclnt.dll
11:41:25.0063 0876 WebClient - ok
11:41:25.0102 0876 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
11:41:25.0118 0876 Wecsvc - ok
11:41:25.0144 0876 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
11:41:25.0158 0876 wercplsupport - ok
11:41:25.0202 0876 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
11:41:25.0219 0876 WerSvc - ok
11:41:25.0267 0876 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:41:25.0270 0876 WfpLwf - ok
11:41:25.0302 0876 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:41:25.0306 0876 WIMMount - ok
11:41:25.0424 0876 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
11:41:25.0443 0876 WinDefend - ok
11:41:25.0459 0876 WinHttpAutoProxySvc - ok
11:41:25.0531 0876 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
11:41:25.0537 0876 Winmgmt - ok
11:41:25.0661 0876 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
11:41:25.0695 0876 WinRM - ok
11:41:25.0776 0876 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
11:41:25.0779 0876 WinUsb - ok
11:41:25.0870 0876 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
11:41:25.0898 0876 Wlansvc - ok
11:41:25.0953 0876 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:41:25.0955 0876 WmiAcpi - ok
11:41:26.0048 0876 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
11:41:26.0053 0876 wmiApSrv - ok
11:41:26.0191 0876 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:41:26.0223 0876 WMPNetworkSvc - ok
11:41:26.0259 0876 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
11:41:26.0273 0876 WPCSvc - ok
11:41:26.0301 0876 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
11:41:26.0316 0876 WPDBusEnum - ok
11:41:26.0367 0876 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:41:26.0371 0876 ws2ifsl - ok
11:41:26.0400 0876 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
11:41:26.0415 0876 wscsvc - ok
11:41:26.0430 0876 WSearch - ok
11:41:26.0590 0876 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
11:41:26.0647 0876 wuauserv - ok
11:41:26.0774 0876 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
11:41:26.0779 0876 WudfPf - ok
11:41:26.0822 0876 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:41:26.0828 0876 WUDFRd - ok
11:41:26.0869 0876 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
11:41:26.0884 0876 wudfsvc - ok
11:41:26.0920 0876 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
11:41:26.0937 0876 WwanSvc - ok
11:41:27.0022 0876 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:41:27.0416 0876 \Device\Harddisk0\DR0 - ok
11:41:27.0420 0876 Boot (0x1200) (14d4a03d78a9f6b2afcd1db30f689971) \Device\Harddisk0\DR0\Partition0
11:41:27.0425 0876 \Device\Harddisk0\DR0\Partition0 - ok
11:41:27.0469 0876 Boot (0x1200) (d3fafeea257fa1c8fb14e6cdf7c5e0ab) \Device\Harddisk0\DR0\Partition1
11:41:27.0474 0876 \Device\Harddisk0\DR0\Partition1 - ok
11:41:27.0503 0876 Boot (0x1200) (2cecfcf2981ea29e20c118eb1737b0cf) \Device\Harddisk0\DR0\Partition2
11:41:27.0506 0876 \Device\Harddisk0\DR0\Partition2 - ok
11:41:27.0512 0876 ============================================================
11:41:27.0512 0876 Scan finished
11:41:27.0512 0876 ============================================================
11:41:27.0523 0964 Detected object count: 0
11:41:27.0523 0964 Actual detected object count: 0
11:44:04.0299 0292 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-02 12:24:41
-----------------------------
12:24:41.132 OS Version: Windows 6.1.7600
12:24:41.132 Number of processors: 4 586 0x1C0A
12:24:41.132 ComputerName: LEAHRAGRAMON-PC UserName: Leah R. Agramon
12:24:57.225 Initialize success
12:25:17.428 AVAST engine defs: 12080101
12:25:27.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:25:27.693 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC60F Size: 476940MB BusType: 11
12:25:27.709 Disk 0 MBR read successfully
12:25:27.724 Disk 0 MBR scan
12:25:27.740 Disk 0 Windows 7 default MBR code
12:25:27.771 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:25:27.818 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 249900 MB offset 206848
12:25:27.865 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226937 MB offset 512002048
12:25:27.927 Disk 0 scanning sectors +976769024
12:25:28.021 Disk 0 scanning C:\Windows\system32\drivers
12:25:49.471 Service scanning
12:26:56.747 Modules scanning
12:27:09.353 Disk 0 trace - called modules:
12:27:09.946 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
12:27:09.961 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ac5208]
12:27:09.993 3 CLASSPNP.SYS[881c159e] -> nt!IofCallDriver -> [0x8496a930]
12:27:10.008 5 ACPI.sys[87e553b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84968908]
12:27:11.163 AVAST engine scan C:\Windows
12:27:15.827 AVAST engine scan C:\Windows\system32
12:34:41.296 AVAST engine scan C:\Windows\system32\drivers
12:35:06.353 AVAST engine scan C:\Users\Leah R. Agramon
12:35:42.689 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\000160b5.exe **INFECTED** Win32:VBCrypt-BCM [Trj]
12:35:43.094 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\009a3a15.exe **INFECTED** Win32:VBCrypt-BCM [Trj]
12:35:43.313 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\00aaedda.exe **INFECTED** Win32:VBCrypt-BCM [Trj]
12:35:43.562 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\00cc5ac0.exe **INFECTED** Win32:VBCrypt-BCM [Trj]
12:35:43.781 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\10B4.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
12:35:44.093 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\1F91.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
12:35:44.358 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\3E87.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
12:35:44.545 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\5D9.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
12:35:44.779 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\6375.tmp **INFECTED** Win32:Crypt-NMW [Trj]
12:35:44.998 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\6F8A.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
12:35:45.434 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\9B36.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
12:35:59.662 File: C:\Users\Leah R. Agramon\AppData\Roaming\abot **INFECTED** Win32:Malware-gen
12:36:11.954 File: C:\Users\Leah R. Agramon\AppData\Roaming\C25B8C.exe **INFECTED** Win32:VBCrypt-BCM [Trj]
12:36:19.866 File: C:\Users\Leah R. Agramon\AppData\Roaming\Oucicw.exe **INFECTED** Win32:VBCrypt-BCM [Trj]
12:52:37.424 AVAST engine scan C:\ProgramData
12:54:15.458 Scan finished successfully
12:55:39.764 Disk 0 MBR has been saved successfully to "C:\Users\Leah R. Agramon\Desktop\MBR.dat"
12:55:39.811 The log file has been saved successfully to "C:\Users\Leah R. Agramon\Desktop\aswMBR.txt"


Everytime I tried to click the links you provided narenxp, it always open a tab indicating "problem loading page, firefox can't find the server..." So, I downloaded the files from another PC and run them on the infected laptop.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:33 AM

Posted 02 August 2012 - 09:19 AM

Waiting for ESET log

#5 hisuka2001

hisuka2001
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 03 August 2012 - 12:50 AM

Eset log:

C:\Users\Leah R. Agramon\AppData\Local\Temp\000160b5.exe a variant of Win32/Injector.UCF trojan
C:\Users\Leah R. Agramon\AppData\Local\Temp\009a3a15.exe a variant of Win32/Injector.UPW trojan
C:\Users\Leah R. Agramon\AppData\Local\Temp\00aaedda.exe a variant of Win32/Injector.UPW trojan
C:\Users\Leah R. Agramon\AppData\Local\Temp\00cc5ac0.exe a variant of Win32/Injector.UCF trojan
C:\Users\Leah R. Agramon\AppData\Local\Temp\10B4.tmp a variant of Win32/Injector.UCF trojan
C:\Users\Leah R. Agramon\AppData\Local\Temp\1F91.tmp a variant of Win32/Injector.UCF trojan
C:\Users\Leah R. Agramon\AppData\Local\Temp\3E87.tmp a variant of Win32/Injector.UCF trojan
C:\Users\Leah R. Agramon\AppData\Local\Temp\5D9.tmp a variant of Win32/Injector.UPW trojan
C:\Users\Leah R. Agramon\AppData\Local\Temp\6F8A.tmp a variant of Win32/Injector.UCF trojan
C:\Users\Leah R. Agramon\AppData\Local\Temp\9B36.tmp a variant of Win32/Injector.UCF trojan
C:\Users\Leah R. Agramon\AppData\Local\Temp\deo1_sar.exe a variant of Win32/Injector.UPW trojan
C:\Users\Leah R. Agramon\AppData\Local\Temp\V.class Java/Exploit.CVE-2011-3544.BO trojan
C:\Users\Leah R. Agramon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6c777091-68d4f820 Java/Exploit.CVE-2012-0507.DI trojan
C:\Users\Leah R. Agramon\AppData\Roaming\abot Win32/AutoRun.Agent.ADC worm
C:\Users\Leah R. Agramon\AppData\Roaming\C25B8C.exe a variant of Win32/Injector.UPW trojan
C:\Users\Leah R. Agramon\AppData\Roaming\Oucicw.exe a variant of Win32/Injector.UCF trojan
Operating memory multiple threats


Edited by hisuka2001, 03 August 2012 - 12:52 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:33 AM

Posted 03 August 2012 - 01:05 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Post the log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.



Download

adware cleaner

Launch it click on Delete

post the generated log

#7 hisuka2001

hisuka2001
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 04 August 2012 - 12:39 AM

Malwarebytes logfiles. This scan was done prior to my topic being posted here in the forum. Six files were detected but I can vouched for the 5 files not being the culprit except the counterstrike admin.dll. When I installed the counterstrike program, that is when the problem started. The infected registry file "mshutz.bat" is not removed even after reboot by malwarebytes. I am also quoting a logfile from a quick scan...

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.31.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Leah R. Agramon :: LEAHRAGRAMON-PC [administrator]

8/2/2012 9:06:58 AM
mbam-log-2012-08-02 (09-06-58).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 330280
Time elapsed: 1 hour(s), 57 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\LEAHR~1.AGR\LOCALS~1\Temp\mshutqz.bat -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Leah R. Agramon\Documents\ebooks\KeyGen for Adobe Dreamweaver CS5.By.medi123 [Www.KosovaDC.com]\keygen.exe (Malware.Packer.Gen) -> No action taken.
C:\Users\Leah R. Agramon\Documents\ebooks\TuneUp\Tune Up Utilities 2012 Build 12.0.2160.13\Keygen\keygen.exe (Malware.Packer) -> No action taken.
C:\Program Files\Counter-Strike\platform\Admin\AdminServer.dll (Malware.Packer.Gen) -> No action taken.
D:\Programs\Adobe.Photoshop.CS5.Extended.v12.0.Incl.Keymaker\keygen.exe (Malware.Packer.Gen) -> No action taken.
D:\Programs\NoobKiller 3.7.0.232\NOOB.KILLER.leerz.exe (HackTool.DDoS) -> No action taken.
C:\Users\Leah R. Agramon\Documents\ebooks\TuneUp\Tune Up Utilities 2012 Build 12.0.2160.13\Keygen\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.

(end)


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.31.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Leah R. Agramon :: LEAHRAGRAMON-PC [administrator]

8/1/2012 11:29:07 AM
mbam-log-2012-08-01 (11-29-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185514
Time elapsed: 7 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\LEAHR~1.AGR\LOCALS~1\Temp\mseiiiru.scr -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


The detected file still remains after reboot and is only detected during a quick scan.

Minitoolbox logfile"

MiniToolBox by Farbar Version: 23-07-2012
Ran by Leah R. Agramon (administrator) on 03-08-2012 at 15:48:55
Microsoft Windows 7 Enterprise (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR5B95 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : LeahRAgramon-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : smartbro.net

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 1C-75-08-F7-0A-B4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : smartbro.net
Description . . . . . . . . . . . : Atheros AR5B95 Wireless Network Adapter
Physical Address. . . . . . . . . : 68-A3-C4-6F-B1-DB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::acc3:3c28:7a8d:265e%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.111(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, August 03, 2012 2:49:14 PM
Lease Expires . . . . . . . . . . : Friday, August 10, 2012 2:49:14 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 191407044
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-82-02-14-68-A3-C4-6F-B1-DB
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:8fa:1869:3f57:ff90(Preferred)
Link-local IPv6 Address . . . . . : fe80::8fa:1869:3f57:ff90%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.smartbro.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : smartbro.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2404:6800:4003:800::1005
74.125.235.36
74.125.235.35
74.125.235.46
74.125.235.38
74.125.235.34
74.125.235.40
74.125.235.33
74.125.235.39
74.125.235.41
74.125.235.37
74.125.235.32


Pinging google.com [74.125.235.38] with 32 bytes of data:
Reply from 74.125.235.38: bytes=32 time=68ms TTL=51
Reply from 74.125.235.38: bytes=32 time=68ms TTL=51

Ping statistics for 74.125.235.38:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 68ms, Maximum = 68ms, Average = 68ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=190ms TTL=43
Reply from 72.30.38.140: bytes=32 time=184ms TTL=43

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 184ms, Maximum = 190ms, Average = 187ms
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...1c 75 08 f7 0a b4 ......Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
11...68 a3 c4 6f b1 db ......Atheros AR5B95 Wireless Network Adapter
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.111 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.111 281
192.168.0.111 255.255.255.255 On-link 192.168.0.111 281
192.168.0.255 255.255.255.255 On-link 192.168.0.111 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.111 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.111 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:8fa:1869:3f57:ff90/128
On-link
11 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::8fa:1869:3f57:ff90/128
On-link
11 281 fe80::acc3:3c28:7a8d:265e/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/03/2012 02:53:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 14.0.1.4577, time stamp: 0x5000b729
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x80000003
Fault offset: 0x026b9a33
Faulting process id: 0xac4
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (08/03/2012 02:49:23 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/03/2012 02:49:23 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/03/2012 08:25:45 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/03/2012 08:25:45 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/02/2012 01:16:05 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (08/02/2012 00:33:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/02/2012 00:33:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/02/2012 00:21:22 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/02/2012 00:21:22 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (08/03/2012 02:49:51 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/03/2012 02:49:16 PM) (Source: Service Control Manager) (User: )
Description: The Globe Tattoo Broadband. OUC service failed to start due to the following error:
%%1053

Error: (08/03/2012 02:49:16 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect.

Error: (08/03/2012 01:56:44 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (08/03/2012 08:26:08 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/03/2012 08:25:35 AM) (Source: Service Control Manager) (User: )
Description: The Globe Tattoo Broadband. OUC service failed to start due to the following error:
%%1053

Error: (08/03/2012 08:25:35 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect.

Error: (08/02/2012 01:28:17 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{f1667fc2-92c2-11e0-b154-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{776DEBBA-6324-44EB-B6ED-AE8C06697840}

Error: (08/02/2012 00:21:35 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/02/2012 00:21:13 PM) (Source: Service Control Manager) (User: )
Description: The Globe Tattoo Broadband. OUC service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (06/07/2012 03:41:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18942 seconds with 60 seconds of active time. This session ended with a crash.

Error: (10/12/2011 11:47:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4304 seconds with 3000 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Adobe AIR (Version: 1.5.3.9120)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS5 (Version: 11.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.5)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe Media Player (Version: 1.8)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Adobe Setup (Version: 1.0)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.35)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.707)
Bonjour (Version: 3.0.0.10)
Camtasia Studio 7 (Version: 7.0.0)
CCleaner (Version: 3.08)
Counter-Strike 1.6 v32
DirectX 9 Runtime (Version: 1.00.0000)
DivX Setup (Version: 2.6.0.34)
ESET Online Scanner v3
Globe Broadband (Version: 11.300.05.20.158)
Globe Tattoo Broadband (Version: 21.005.11.00.158)
Google Chrome (Version: 5.0.375.125)
HiJackThis (Version: 1.0.0)
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.2117)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.1.6.0)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ 7 Update 4 (Version: 7.0.40)
Java™ SE Development Kit 6 Update 20 (Version: 1.6.0.200)
JavaFX 2.1.0 (Version: 2.1.0)
K-Lite Codec Pack 8.9.5 (Basic) (Version: 8.9.5)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Professional Plus 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 1.0.30401.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
PDF Settings (Version: 1.0)
PDFCreator (Version: 0.9.9)
QuickTime (Version: 7.69.80.9)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.8.0)
Roxio Creator Business (Version: 10.3)
Roxio Creator Business v10 (Version: 3.8.0)
Roxio Creator Copy (Version: 3.8.0)
Roxio Creator Data (Version: 3.8.0)
Roxio Creator Tools (Version: 3.8.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Skype™ 3.8 (Version: 3.8.180)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Sun Broadband Wireless (Version: 11.300.05.03.256)
Total Video Converter 3.71 100812
TuneUp Utilities 2012 (Version: 12.0.2160.13)
TuneUp Utilities Language Pack (en-US) (Version: 12.0.2160.13)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 1.1.9 (Version: 1.1.9)
WinRAR archiver
WinZip (Version: 9.0 (6028))
Xvid Video Codec (Version: 1.3.1)
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 2037.09 MB
Available physical RAM: 1406.77 MB
Total Pagefile: 4074.19 MB
Available Pagefile: 3142.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.73 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:244.04 GB) (Free:109.44 GB) NTFS
2 Drive d: (Data Files) (Fixed) (Total:221.62 GB) (Free:116.81 GB) NTFS

========================= Users: ========================================

User accounts for \\LEAHRAGRAMON-PC

Administrator Guest Leah R. Agramon


**** End of log ****


FSS logfile:

Farbar Service Scanner Version: 26-07-2012
Ran by Leah R. Agramon (administrator) on 03-08-2012 at 15:51:48
Running from "C:\Users\Leah R. Agramon\Downloads"
Microsoft Windows 7 Enterprise (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-07-14 07:53] - [2009-07-14 09:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-14 07:54] - [2009-07-14 09:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-14 07:23] - [2009-07-14 09:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-14 07:24] - [2009-07-14 09:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-14 08:15] - [2009-07-14 09:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-14 07:30] - [2009-07-14 09:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


Adware cleaner logfile

# AdwCleaner v1.800 - Logfile created 08/03/2012 at 15:52:37
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Enterprise (32 bits)
# User : Leah R. Agramon - LEAHRAGRAMON-PC
# Running from : C:\Users\Leah R. Agramon\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Leah R. Agramon\AppData\Roaming\Mozilla\Firefox\Profiles\0kexs6yj.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v5.0.375.125

File : C:\Users\Leah R. Agramon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [880 octets] - [03/08/2012 15:52:37]

########## EOF - C:\AdwCleaner[S1].txt - [1007 octets] ##########


I have another problem which I will post probably in another section of the forum but is somehow related to this infection. My previous antimalware program was avira and after the infection it always detect the mshutzq.bat but is unable to remove it so I uninstalled it and replace it with ESET Smart security. After installing ESET, I rebooted the infected netbook and BSOD happened. Using bluescreen viewer the following files were the problem; athr.sys(athr.sys+6c70e), ndis.sys(ndis.sys+36b02) and ntkrnpla.exe+467eb). I uninstalled ESET smart security on safe mode since it is probably the cause of the BSOD and I can only boot the infected netbook in safe mode. Even after uninstalling ESET smart security, the BSOD still occurs and system restore is unable to work because of the registry file infection. I also tried using startup repair to fix windows startup files but it indicated that there was no problem in the OS or startup files. I again booted the infected netbook in safe mode and replace the "athr.sys" in the directory of c:\windows\system32 and changed it to "athr.sys.old". I was able again to boot the infected netbook in normal mode but the infection still persists. I don't know if changing "athr.sys" to "athr.sys.old" will resolve the BSOD. One thing I also notice is that when I connect a USB to the infected netbook (I'm borrowing a relative's laptop also with ESET smart security as its antivirus) it always detect one infection 'variant of win32 dorkbot.d worm'.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:33 AM

Posted 04 August 2012 - 05:33 AM

Press Windows+R key and type

regedit and click ok

Browse to

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows

On right side you should find LOAD key with this value C:\Users\LEAHR~1.AGR\LOCALS~1\Temp\mseiiiru.scr ,delete it.

If you receive access denied error then

go to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows

right click on Windows key

Click on permissions

CLick on Everyone

Under permissions ,select FULL CONTROL and click ok,now you should be able to delete the LOAD key

Let me know what current issues you have

#9 hisuka2001

hisuka2001
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 05 August 2012 - 02:02 AM

Done what you have instructed deleted the file from the registry editor. After scanning from malwarebytes no infected file was detected. However, I ran aswMBR and ff logfile was noted:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 00:35:27
-----------------------------
00:35:27.863 OS Version: Windows 6.1.7600
00:35:27.863 Number of processors: 4 586 0x1C0A
00:35:27.863 ComputerName: LEAHRAGRAMON-PC UserName: Leah R. Agramon
00:35:29.079 Initialize success
00:35:52.559 AVAST engine defs: 12080101
00:35:56.412 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:35:56.428 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC60F Size: 476940MB BusType: 11
00:35:56.459 Disk 0 MBR read successfully
00:35:56.459 Disk 0 MBR scan
00:35:56.490 Disk 0 Windows 7 default MBR code
00:35:56.506 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:35:56.537 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 249900 MB offset 206848
00:35:56.568 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226937 MB offset 512002048
00:35:56.599 Disk 0 scanning sectors +976769024
00:35:56.693 Disk 0 scanning C:\Windows\system32\drivers
00:36:12.219 Service scanning
00:36:50.336 Modules scanning
00:37:02.523 Disk 0 trace - called modules:
00:37:03.084 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
00:37:03.084 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ac7030]
00:37:03.115 3 CLASSPNP.SYS[8838b59e] -> nt!IofCallDriver -> [0x8493a918]
00:37:03.131 5 ACPI.sys[87e9a3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84960908]
00:37:04.098 AVAST engine scan C:\Windows
00:37:07.406 AVAST engine scan C:\Windows\system32
00:41:54.791 AVAST engine scan C:\Windows\system32\drivers
00:42:19.852 AVAST engine scan C:\Users\Leah R. Agramon
00:42:45.675 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\000160b5.exe **INFECTED** Win32:VBCrypt-BCM [Trj]
00:42:45.847 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\009a3a15.exe **INFECTED** Win32:VBCrypt-BCM [Trj]
00:42:45.940 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\00aaedda.exe **INFECTED** Win32:VBCrypt-BCM [Trj]
00:42:46.128 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\00cc5ac0.exe **INFECTED** Win32:VBCrypt-BCM [Trj]
00:42:46.299 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\10B4.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
00:42:46.502 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\1F91.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
00:42:46.689 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\3E87.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
00:42:46.814 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\5D9.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
00:42:46.986 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\6375.tmp **INFECTED** Win32:Crypt-NMW [Trj]
00:42:47.173 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\6F8A.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
00:42:47.438 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\9B36.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]
00:42:48.639 File: C:\Users\Leah R. Agramon\AppData\Local\Temp\msqtvnuu.com **INFECTED** Win32:VBCrypt-BCM [Trj]
00:42:58.624 File: C:\Users\Leah R. Agramon\AppData\Roaming\abot **INFECTED** Win32:Malware-gen
00:43:08.158 File: C:\Users\Leah R. Agramon\AppData\Roaming\C25B8C.exe **INFECTED** Win32:VBCrypt-BCM [Trj]
00:43:14.134 File: C:\Users\Leah R. Agramon\AppData\Roaming\Oucicw.exe **INFECTED** Win32:VBCrypt-BCM [Trj]
00:46:41.585 File: C:\Users\Leah R. Agramon\Downloads\ESET Smart Security 5.2.9.1 + Fix - x86\Fix\box, mara-fix v1.6\Eset fix.exe **INFECTED** Win32:Malware-gen

00:53:48.958 AVAST engine scan C:\ProgramData
00:55:35.840 Scan finished successfully


Then I installed avast internet security trial version to prevent infecting the USB, I usually attaches it to. Then I ran eset online scanner with the ff logfile (I opt to check the clean option):

C:\Users\Leah R. Agramon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6c777091-68d4f820 Java/Exploit.CVE-2012-0507.DI trojan deleted - quarantined
C:\Users\Leah R. Agramon\AppData\Roaming\abot Win32/AutoRun.Agent.ADC worm cleaned by deleting - quarantined
C:\Users\Leah R. Agramon\AppData\Roaming\C25B8C.exe a variant of Win32/Injector.UPW trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Leah R. Agramon\AppData\Roaming\Oucicw.exe a variant of Win32/Injector.UCF trojan cleaned by deleting - quarantined
Operating memory multiple threats


Most of the infected files detected by eset online scanner were run during startup of the netbook. I noticed it when I ran the startup program through tuneup utilities. I disabled the said files/programs and deleted their connection to the startup program. Then I ran aswMBR again, the logfile as ff:

R version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 12:53:47
-----------------------------
12:53:47.607 OS Version: Windows 6.1.7600
12:53:47.607 Number of processors: 4 586 0x1C0A
12:53:47.622 ComputerName: LEAHRAGRAMON-PC UserName: Leah R. Agramon
12:53:50.929 Initialize success
12:53:51.881 AVAST engine defs: 12080401
12:53:56.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:53:56.296 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC60F Size: 476940MB BusType: 11
12:53:56.327 Disk 0 MBR read successfully
12:53:56.327 Disk 0 MBR scan
12:53:56.343 Disk 0 Windows 7 default MBR code
12:53:56.374 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:53:56.421 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 249900 MB offset 206848
12:53:56.452 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226937 MB offset 512002048
12:53:56.499 Disk 0 scanning sectors +976769024
12:53:56.608 Disk 0 scanning C:\Windows\system32\drivers
12:54:14.831 Service scanning
12:54:48.186 Modules scanning
12:54:57.736 Disk 0 trace - called modules:
12:54:57.829 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
12:54:57.845 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ade9a8]
12:54:57.876 3 CLASSPNP.SYS[823df59e] -> nt!IofCallDriver -> [0x84946930]
12:54:57.892 5 ACPI.sys[87eba3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84940908]
12:54:59.140 AVAST engine scan C:\Windows
12:55:03.009 AVAST engine scan C:\Windows\system32
12:58:49.171 AVAST engine scan C:\Windows\system32\drivers
12:59:16.473 AVAST engine scan C:\Users\Leah R. Agramon
13:00:17.286 File: C:\Users\Leah R. Agramon\AppData\Roaming\C25B8C.exe **INFECTED** Win32:VBCrypt-BCM [Trj]
13:03:43.791 File: C:\Users\Leah R. Agramon\Downloads\ESET Smart Security 5.2.9.1 + Fix - x86\Fix\box, mara-fix v1.6\Eset fix.exe **INFECTED** Win32:Malware-gen

13:09:41.300 AVAST engine scan C:\ProgramData
13:10:54.826 Scan finished successfully


Two files were infected but I'm more concerned about the 'C25b8C.exe'. I again ran the startup program and seen a program/file I suspected to be malicioius namely, a-1382315758. I cannot disable it using tuneup utility so I removed it using hijackthis. But the connection to the startup program is still there for a-1382315758. For the third time, I ran aswMBR with the ff logfile as the result;

9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 14:12:58
-----------------------------
14:12:58.615 OS Version: Windows 6.1.7600
14:12:58.615 Number of processors: 4 586 0x1C0A
14:12:58.662 ComputerName: LEAHRAGRAMON-PC UserName: Leah R. Agramon
14:13:01.049 Initialize success
14:13:01.923 AVAST engine defs: 12080401
14:13:03.233 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:13:03.233 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC60F Size: 476940MB BusType: 11
14:13:03.311 Disk 0 MBR read successfully
14:13:03.327 Disk 0 MBR scan
14:13:03.342 Disk 0 Windows 7 default MBR code
14:13:03.358 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:13:03.373 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 249900 MB offset 206848
14:13:03.420 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226937 MB offset 512002048
14:13:03.483 Disk 0 scanning sectors +976769024
14:13:03.639 Disk 0 scanning C:\Windows\system32\drivers
14:13:20.208 Service scanning
14:13:54.452 Modules scanning
14:14:19.944 Disk 0 trace - called modules:
14:14:20.537 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
14:14:20.568 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ae0030]
14:14:20.584 3 CLASSPNP.SYS[8820459e] -> nt!IofCallDriver -> [0x84942918]
14:14:20.615 5 ACPI.sys[87e323b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84980030]
14:14:21.738 AVAST engine scan C:\Windows
14:14:30.771 AVAST engine scan C:\Windows\system32
14:17:52.025 AVAST engine scan C:\Windows\system32\drivers
14:18:06.550 AVAST engine scan C:\Users\Leah R. Agramon
14:21:40.870 File: C:\Users\Leah R. Agramon\Downloads\ESET Smart Security 5.2.9.1 + Fix - x86\Fix\box, mara-fix v1.6\Eset fix.exe **INFECTED** Win32:Malware-gen
14:27:50.269 AVAST engine scan C:\ProgramData
14:29:12.057 Scan finished successfully


The infected file only detected is coming from the eset smart security fix which can be easily remove. My question now is my netbook already free from the previous infections?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:33 AM

Posted 05 August 2012 - 02:18 AM

Your log looks clean

Restart the PC,run ESET online scanner again and post the log

#11 hisuka2001

hisuka2001
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 05 August 2012 - 02:09 PM

Eset online scanner didn't detect any infected files. I forgot to save a logfile and had click quickly the finish button.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:33 AM

Posted 05 August 2012 - 02:12 PM

Any current issues?

#13 hisuka2001

hisuka2001
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 06 August 2012 - 05:36 AM

I observed and used the netbook for almost a day. Opened applications such as microsoft word and firefox, so far so good. No lagging or errors encountered. I disabled temporarily the anti-virus and attached a USB. Afterwards, reboot the netbook, restarted the anti-virus and scanned the USB. No infected files detected.

I cannot say for sure that the netbook is free from malware infections but the netbook is running much better now.

Thanks for the help narenxp.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:33 AM

Posted 06 August 2012 - 07:27 AM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#15 hisuka2001

hisuka2001
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 06 August 2012 - 11:06 PM

Done running TFC, turning system restore off and creating a new restore point. I will update the flash player and java at a later time due to slow internet connection.

Thanks again for all your help Narenxp. :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users