Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove TR/ATRAPS.Gen2


  • This topic is locked This topic is locked
19 replies to this topic

#1 mattp128

mattp128

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 31 July 2012 - 11:24 PM

Hello,

Avira is finding the Atraps.gen2 trojan in several locations, and I have been unable to remove it. I followed the guide and attached are the DDS and GMER logs. The only step I could not complete was setting up the windows firewall, which informs me that Windows Firewall is not using the recommended settings. A user admin button titled "Use recommended settings" is the only option, and it gives me this pop-up:

'Windows Firewall can't change some of your settings. Error code 0x80070424'

There is no indication whether the firewall is on or off, and regardless I cannot access any settings for it.

Windows 7 Professional, 64-bit


-Thanks!

Attached Files

  • Attached File  DDS.txt   13.64KB   3 downloads
  • Attached File  ark.txt   3.06KB   0 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:03 AM

Posted 02 August 2012 - 06:26 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mattp128

mattp128
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 03 August 2012 - 03:17 AM

Security Check log:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:03 AM

Posted 03 August 2012 - 03:44 AM

let me have the combofix report when it is complete



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mattp128

mattp128
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 03 August 2012 - 10:05 AM

Here it is, I tried to post it but the site was down for maintenance last night. So far no sign of the ATRAPS at all, windows firewall is back on and I now have control of it again where i did not before. So, now no problems at the moment.

Combofix log:

ComboFix 12-07-31.05 - Matt 08/03/2012 1:26.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2957 [GMT -7:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matt\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{a2909ca9-0aff-be60-d25f-4af31269ce81}\@
c:\windows\Installer\{a2909ca9-0aff-be60-d25f-4af31269ce81}\L\00000004.@
c:\windows\Installer\{a2909ca9-0aff-be60-d25f-4af31269ce81}\L\201d3dde
c:\windows\Installer\{a2909ca9-0aff-be60-d25f-4af31269ce81}\U\00000004.@
c:\windows\Installer\{a2909ca9-0aff-be60-d25f-4af31269ce81}\U\00000008.@
c:\windows\Installer\{a2909ca9-0aff-be60-d25f-4af31269ce81}\U\000000cb.@
c:\windows\Installer\{a2909ca9-0aff-be60-d25f-4af31269ce81}\U\80000000.@
c:\windows\Installer\{a2909ca9-0aff-be60-d25f-4af31269ce81}\U\80000032.@
c:\windows\Installer\{a2909ca9-0aff-be60-d25f-4af31269ce81}\U\80000064.@
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-03 08:46 . 2012-08-03 08:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-03 08:46 . 2012-08-03 08:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 05:52 . 2012-08-03 05:52 9827016 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-26 16:57 . 2012-07-26 16:57 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2012-07-26 16:57 . 2012-07-26 16:57 -------- d-----w- c:\programdata\Malwarebytes
2012-07-26 16:57 . 2012-07-26 16:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-26 16:57 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-22 11:08 . 2012-07-22 11:08 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-20 01:34 . 2012-07-20 01:34 -------- d-----w- c:\users\Matt\AppData\Local\Macromedia
2012-07-19 06:24 . 2012-07-19 06:24 -------- d-----w- c:\users\Matt\AppData\Roaming\Unity
2012-07-19 05:49 . 2012-08-03 05:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-17 12:07 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{369EA2F5-F41C-4AD2-B8E5-F0D3AC1123A6}\mpengine.dll
2012-07-12 06:44 . 2012-07-12 06:45 -------- d-----w- c:\windows\WindowsMobile
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 05:52 . 2011-05-20 04:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 01:56 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 01:56 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 01:56 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 01:56 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 01:56 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 01:56 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 01:56 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 01:56 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 01:56 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-11-04 07:06 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-27 23:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-27 23:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="d:\programs\Itunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-11-14 1884064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart16.exe [2006-9-23 10872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-03 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-04 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-09 503352]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-07 676864]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 05:52]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 23:02]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 23:02]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1797719004-1626035569-3720017508-1000Core.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-10 05:12]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1797719004-1626035569-3720017508-1000UA.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-10 05:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-15 190536]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\jt6iwhx0.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2012-08-03 01:52:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-03 08:52
.
Pre-Run: 8,365,613,056 bytes free
Post-Run: 9,053,364,224 bytes free
.
- - End Of File - - 1392AB2C81B90B6FF793CBECEFC60781

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:03 AM

Posted 03 August 2012 - 12:19 PM

Greetings mattp128

That is a bad infection so I am going to run a couple of deeper scans before we move on.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mattp128

mattp128
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 04 August 2012 - 03:03 AM

TDSKiller Report:

01:01:15.0089 4376 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
01:01:15.0573 4376 ============================================================
01:01:15.0573 4376 Current date / time: 2012/08/04 01:01:15.0573
01:01:15.0573 4376 SystemInfo:
01:01:15.0573 4376
01:01:15.0573 4376 OS Version: 6.1.7601 ServicePack: 1.0
01:01:15.0573 4376 Product type: Workstation
01:01:15.0573 4376 ComputerName: FIZGIG
01:01:15.0573 4376 UserName: Matt
01:01:15.0573 4376 Windows directory: C:\Windows
01:01:15.0573 4376 System windows directory: C:\Windows
01:01:15.0573 4376 Running under WOW64
01:01:15.0573 4376 Processor architecture: Intel x64
01:01:15.0573 4376 Number of processors: 2
01:01:15.0573 4376 Page size: 0x1000
01:01:15.0573 4376 Boot type: Normal boot
01:01:15.0573 4376 ============================================================
01:01:18.0381 4376 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:01:18.0381 4376 ============================================================
01:01:18.0396 4376 \Device\Harddisk0\DR0:
01:01:18.0396 4376 MBR partitions:
01:01:18.0396 4376 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7530000
01:01:18.0396 4376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x7530800, BlocksNum 0x1DEFD000
01:01:18.0396 4376 ============================================================
01:01:18.0412 4376 C: <-> \Device\Harddisk0\DR0\Partition0
01:01:18.0443 4376 D: <-> \Device\Harddisk0\DR0\Partition1
01:01:18.0443 4376 ============================================================
01:01:18.0443 4376 Initialize success
01:01:18.0443 4376 ============================================================
01:01:22.0156 3512 ============================================================
01:01:22.0156 3512 Scan started
01:01:22.0156 3512 Mode: Manual;
01:01:22.0156 3512 ============================================================
01:01:24.0106 3512 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:01:24.0106 3512 1394ohci - ok
01:01:24.0231 3512 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:01:24.0246 3512 ACPI - ok
01:01:24.0277 3512 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:01:24.0293 3512 AcpiPmi - ok
01:01:24.0511 3512 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:01:24.0511 3512 AdobeFlashPlayerUpdateSvc - ok
01:01:24.0667 3512 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:01:24.0667 3512 adp94xx - ok
01:01:24.0777 3512 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:01:24.0777 3512 adpahci - ok
01:01:24.0823 3512 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:01:24.0823 3512 adpu320 - ok
01:01:24.0917 3512 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:01:24.0917 3512 AeLookupSvc - ok
01:01:25.0073 3512 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:01:25.0073 3512 AFD - ok
01:01:25.0245 3512 AffinegyService (23e7cb4641b93ce8591d1057670a4f04) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
01:01:25.0245 3512 AffinegyService - ok
01:01:25.0338 3512 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:01:25.0338 3512 agp440 - ok
01:01:25.0432 3512 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:01:25.0447 3512 ALG - ok
01:01:25.0463 3512 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:01:25.0463 3512 aliide - ok
01:01:25.0479 3512 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:01:25.0479 3512 amdide - ok
01:01:25.0572 3512 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:01:25.0572 3512 AmdK8 - ok
01:01:25.0588 3512 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:01:25.0588 3512 AmdPPM - ok
01:01:25.0650 3512 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:01:25.0666 3512 amdsata - ok
01:01:25.0713 3512 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:01:25.0728 3512 amdsbs - ok
01:01:25.0728 3512 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:01:25.0728 3512 amdxata - ok
01:01:26.0009 3512 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
01:01:26.0009 3512 AntiVirSchedulerService - ok
01:01:26.0056 3512 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
01:01:26.0056 3512 AntiVirService - ok
01:01:26.0149 3512 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:01:26.0165 3512 AppID - ok
01:01:26.0196 3512 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:01:26.0196 3512 AppIDSvc - ok
01:01:26.0337 3512 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:01:26.0337 3512 Appinfo - ok
01:01:26.0508 3512 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:01:26.0508 3512 Apple Mobile Device - ok
01:01:26.0680 3512 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
01:01:26.0695 3512 AppMgmt - ok
01:01:26.0727 3512 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:01:26.0727 3512 arc - ok
01:01:26.0742 3512 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:01:26.0742 3512 arcsas - ok
01:01:26.0820 3512 aspnet_state - ok
01:01:26.0851 3512 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:01:26.0851 3512 AsyncMac - ok
01:01:26.0883 3512 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:01:26.0883 3512 atapi - ok
01:01:27.0007 3512 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:01:27.0023 3512 AudioEndpointBuilder - ok
01:01:27.0023 3512 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:01:27.0023 3512 AudioSrv - ok
01:01:27.0179 3512 Autodesk Licensing Service (7cc8cd6f86054c563e47e7f063ce7a61) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
01:01:27.0179 3512 Autodesk Licensing Service - ok
01:01:27.0226 3512 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
01:01:27.0226 3512 avgntflt - ok
01:01:27.0273 3512 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
01:01:27.0273 3512 avipbb - ok
01:01:27.0304 3512 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
01:01:27.0304 3512 avkmgr - ok
01:01:27.0351 3512 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:01:27.0351 3512 AxInstSV - ok
01:01:27.0460 3512 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:01:27.0460 3512 b06bdrv - ok
01:01:27.0491 3512 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:01:27.0522 3512 b57nd60a - ok
01:01:27.0600 3512 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:01:27.0600 3512 BDESVC - ok
01:01:27.0678 3512 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:01:27.0678 3512 Beep - ok
01:01:27.0803 3512 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
01:01:27.0819 3512 BFE - ok
01:01:27.0881 3512 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:01:27.0881 3512 blbdrive - ok
01:01:28.0037 3512 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
01:01:28.0037 3512 Bonjour Service - ok
01:01:28.0099 3512 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:01:28.0099 3512 bowser - ok
01:01:28.0177 3512 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:01:28.0177 3512 BrFiltLo - ok
01:01:28.0209 3512 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:01:28.0209 3512 BrFiltUp - ok
01:01:28.0255 3512 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:01:28.0255 3512 BridgeMP - ok
01:01:28.0287 3512 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:01:28.0302 3512 Browser - ok
01:01:28.0318 3512 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:01:28.0333 3512 Brserid - ok
01:01:28.0349 3512 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:01:28.0349 3512 BrSerWdm - ok
01:01:28.0365 3512 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:01:28.0365 3512 BrUsbMdm - ok
01:01:28.0380 3512 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:01:28.0380 3512 BrUsbSer - ok
01:01:28.0396 3512 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:01:28.0411 3512 BTHMODEM - ok
01:01:28.0458 3512 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:01:28.0458 3512 bthserv - ok
01:01:28.0489 3512 catchme - ok
01:01:28.0521 3512 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:01:28.0521 3512 cdfs - ok
01:01:28.0567 3512 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
01:01:28.0567 3512 cdrom - ok
01:01:28.0599 3512 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:01:28.0599 3512 CertPropSvc - ok
01:01:28.0614 3512 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:01:28.0614 3512 circlass - ok
01:01:28.0677 3512 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:01:28.0677 3512 CLFS - ok
01:01:28.0708 3512 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:01:28.0723 3512 clr_optimization_v2.0.50727_32 - ok
01:01:28.0755 3512 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:01:28.0755 3512 clr_optimization_v2.0.50727_64 - ok
01:01:28.0833 3512 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:01:28.0864 3512 clr_optimization_v4.0.30319_32 - ok
01:01:28.0895 3512 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:01:28.0895 3512 clr_optimization_v4.0.30319_64 - ok
01:01:28.0911 3512 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:01:28.0911 3512 CmBatt - ok
01:01:28.0926 3512 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:01:28.0942 3512 cmdide - ok
01:01:28.0973 3512 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:01:28.0989 3512 CNG - ok
01:01:29.0004 3512 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:01:29.0004 3512 Compbatt - ok
01:01:29.0051 3512 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:01:29.0051 3512 CompositeBus - ok
01:01:29.0051 3512 COMSysApp - ok
01:01:29.0067 3512 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:01:29.0067 3512 crcdisk - ok
01:01:29.0113 3512 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
01:01:29.0129 3512 CryptSvc - ok
01:01:29.0176 3512 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
01:01:29.0191 3512 CSC - ok
01:01:29.0254 3512 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
01:01:29.0269 3512 CscService - ok
01:01:29.0301 3512 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:01:29.0316 3512 DcomLaunch - ok
01:01:29.0347 3512 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:01:29.0363 3512 defragsvc - ok
01:01:29.0410 3512 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:01:29.0410 3512 DfsC - ok
01:01:29.0441 3512 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:01:29.0441 3512 Dhcp - ok
01:01:29.0472 3512 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:01:29.0472 3512 discache - ok
01:01:29.0488 3512 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:01:29.0488 3512 Disk - ok
01:01:29.0519 3512 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:01:29.0535 3512 Dnscache - ok
01:01:29.0581 3512 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:01:29.0581 3512 dot3svc - ok
01:01:29.0613 3512 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:01:29.0628 3512 DPS - ok
01:01:29.0644 3512 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:01:29.0644 3512 drmkaud - ok
01:01:29.0722 3512 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:01:29.0722 3512 DXGKrnl - ok
01:01:29.0753 3512 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:01:29.0753 3512 EapHost - ok
01:01:29.0909 3512 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:01:29.0987 3512 ebdrv - ok
01:01:30.0049 3512 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:01:30.0049 3512 EFS - ok
01:01:30.0127 3512 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:01:30.0143 3512 ehRecvr - ok
01:01:30.0174 3512 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:01:30.0174 3512 ehSched - ok
01:01:30.0237 3512 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:01:30.0252 3512 elxstor - ok
01:01:30.0268 3512 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:01:30.0268 3512 ErrDev - ok
01:01:30.0315 3512 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:01:30.0315 3512 EventSystem - ok
01:01:30.0330 3512 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:01:30.0346 3512 exfat - ok
01:01:30.0361 3512 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:01:30.0377 3512 fastfat - ok
01:01:30.0439 3512 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:01:30.0455 3512 Fax - ok
01:01:30.0486 3512 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:01:30.0486 3512 fdc - ok
01:01:30.0502 3512 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:01:30.0502 3512 fdPHost - ok
01:01:30.0502 3512 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:01:30.0502 3512 FDResPub - ok
01:01:30.0517 3512 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:01:30.0517 3512 FileInfo - ok
01:01:30.0533 3512 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:01:30.0533 3512 Filetrace - ok
01:01:30.0549 3512 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:01:30.0549 3512 flpydisk - ok
01:01:30.0595 3512 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:01:30.0595 3512 FltMgr - ok
01:01:30.0673 3512 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:01:30.0689 3512 FontCache - ok
01:01:30.0736 3512 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:01:30.0751 3512 FontCache3.0.0.0 - ok
01:01:30.0783 3512 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:01:30.0783 3512 FsDepends - ok
01:01:30.0814 3512 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
01:01:30.0814 3512 Fs_Rec - ok
01:01:30.0861 3512 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:01:30.0876 3512 fvevol - ok
01:01:30.0892 3512 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:01:30.0892 3512 gagp30kx - ok
01:01:30.0923 3512 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:01:30.0923 3512 GEARAspiWDM - ok
01:01:30.0985 3512 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:01:31.0001 3512 gpsvc - ok
01:01:31.0063 3512 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:01:31.0063 3512 gupdate - ok
01:01:31.0095 3512 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:01:31.0095 3512 gupdatem - ok
01:01:31.0110 3512 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:01:31.0110 3512 hcw85cir - ok
01:01:31.0157 3512 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:01:31.0173 3512 HdAudAddService - ok
01:01:31.0188 3512 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:01:31.0188 3512 HDAudBus - ok
01:01:31.0204 3512 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:01:31.0204 3512 HidBatt - ok
01:01:31.0219 3512 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:01:31.0219 3512 HidBth - ok
01:01:31.0235 3512 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:01:31.0235 3512 HidIr - ok
01:01:31.0251 3512 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
01:01:31.0251 3512 hidserv - ok
01:01:31.0282 3512 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:01:31.0282 3512 HidUsb - ok
01:01:31.0313 3512 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:01:31.0313 3512 hkmsvc - ok
01:01:31.0360 3512 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:01:31.0360 3512 HomeGroupListener - ok
01:01:31.0407 3512 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:01:31.0407 3512 HomeGroupProvider - ok
01:01:31.0438 3512 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:01:31.0438 3512 HpSAMD - ok
01:01:31.0500 3512 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:01:31.0500 3512 HTTP - ok
01:01:31.0531 3512 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:01:31.0547 3512 hwpolicy - ok
01:01:31.0578 3512 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:01:31.0578 3512 i8042prt - ok
01:01:31.0609 3512 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:01:31.0625 3512 iaStorV - ok
01:01:31.0734 3512 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:01:31.0750 3512 idsvc - ok
01:01:31.0797 3512 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:01:31.0797 3512 iirsp - ok
01:01:31.0875 3512 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:01:31.0890 3512 IKEEXT - ok
01:01:31.0921 3512 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:01:31.0921 3512 intelide - ok
01:01:31.0968 3512 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:01:31.0968 3512 intelppm - ok
01:01:31.0999 3512 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:01:32.0015 3512 IPBusEnum - ok
01:01:32.0124 3512 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:01:32.0124 3512 IpFilterDriver - ok
01:01:32.0467 3512 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
01:01:32.0499 3512 iphlpsvc - ok
01:01:32.0592 3512 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:01:32.0592 3512 IPMIDRV - ok
01:01:32.0639 3512 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:01:32.0639 3512 IPNAT - ok
01:01:32.0935 3512 iPod Service (a9e53e1a9c4274eebc00d36ae5ed40de) C:\Program Files\iPod\bin\iPodService.exe
01:01:32.0951 3512 iPod Service - ok
01:01:32.0982 3512 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:01:32.0982 3512 IRENUM - ok
01:01:33.0013 3512 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:01:33.0013 3512 isapnp - ok
01:01:33.0076 3512 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:01:33.0091 3512 iScsiPrt - ok
01:01:33.0107 3512 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
01:01:33.0107 3512 kbdclass - ok
01:01:33.0138 3512 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
01:01:33.0138 3512 kbdhid - ok
01:01:33.0185 3512 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:01:33.0185 3512 KeyIso - ok
01:01:33.0372 3512 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:01:33.0419 3512 KSecDD - ok
01:01:33.0466 3512 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:01:33.0466 3512 KSecPkg - ok
01:01:33.0513 3512 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:01:33.0513 3512 ksthunk - ok
01:01:33.0575 3512 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:01:33.0575 3512 KtmRm - ok
01:01:33.0622 3512 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
01:01:33.0622 3512 LanmanServer - ok
01:01:33.0653 3512 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:01:33.0669 3512 LanmanWorkstation - ok
01:01:33.0700 3512 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:01:33.0700 3512 lltdio - ok
01:01:33.0731 3512 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:01:33.0747 3512 lltdsvc - ok
01:01:33.0762 3512 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:01:33.0762 3512 lmhosts - ok
01:01:33.0793 3512 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:01:33.0793 3512 LSI_FC - ok
01:01:33.0809 3512 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:01:33.0809 3512 LSI_SAS - ok
01:01:33.0825 3512 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:01:33.0825 3512 LSI_SAS2 - ok
01:01:33.0840 3512 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:01:33.0856 3512 LSI_SCSI - ok
01:01:33.0871 3512 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:01:33.0871 3512 luafv - ok
01:01:33.0918 3512 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:01:33.0949 3512 Mcx2Svc - ok
01:01:33.0981 3512 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:01:33.0981 3512 megasas - ok
01:01:33.0996 3512 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:01:34.0012 3512 MegaSR - ok
01:01:34.0027 3512 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:01:34.0027 3512 MMCSS - ok
01:01:34.0043 3512 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:01:34.0043 3512 Modem - ok
01:01:34.0059 3512 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:01:34.0059 3512 monitor - ok
01:01:34.0105 3512 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:01:34.0105 3512 mouclass - ok
01:01:34.0105 3512 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:01:34.0121 3512 mouhid - ok
01:01:34.0152 3512 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:01:34.0152 3512 mountmgr - ok
01:01:34.0215 3512 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:01:34.0215 3512 MozillaMaintenance - ok
01:01:34.0261 3512 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:01:34.0261 3512 mpio - ok
01:01:34.0277 3512 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:01:34.0277 3512 mpsdrv - ok
01:01:34.0355 3512 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
01:01:34.0371 3512 MpsSvc - ok
01:01:34.0402 3512 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:01:34.0417 3512 MRxDAV - ok
01:01:34.0449 3512 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:01:34.0449 3512 mrxsmb - ok
01:01:34.0511 3512 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:01:34.0511 3512 mrxsmb10 - ok
01:01:34.0527 3512 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:01:34.0527 3512 mrxsmb20 - ok
01:01:34.0558 3512 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:01:34.0558 3512 msahci - ok
01:01:34.0589 3512 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:01:34.0605 3512 msdsm - ok
01:01:34.0620 3512 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:01:34.0636 3512 MSDTC - ok
01:01:34.0651 3512 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:01:34.0651 3512 Msfs - ok
01:01:34.0667 3512 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:01:34.0667 3512 mshidkmdf - ok
01:01:34.0698 3512 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:01:34.0698 3512 msisadrv - ok
01:01:34.0729 3512 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:01:34.0745 3512 MSiSCSI - ok
01:01:34.0745 3512 msiserver - ok
01:01:34.0761 3512 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:01:34.0761 3512 MSKSSRV - ok
01:01:34.0776 3512 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:01:34.0776 3512 MSPCLOCK - ok
01:01:34.0792 3512 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:01:34.0792 3512 MSPQM - ok
01:01:34.0839 3512 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:01:34.0854 3512 MsRPC - ok
01:01:34.0885 3512 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:01:34.0885 3512 mssmbios - ok
01:01:34.0917 3512 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:01:34.0917 3512 MSTEE - ok
01:01:34.0932 3512 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:01:34.0932 3512 MTConfig - ok
01:01:34.0979 3512 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
01:01:34.0979 3512 MTsensor - ok
01:01:34.0995 3512 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:01:34.0995 3512 Mup - ok
01:01:35.0041 3512 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:01:35.0057 3512 napagent - ok
01:01:35.0088 3512 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:01:35.0104 3512 NativeWifiP - ok
01:01:35.0322 3512 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:01:35.0369 3512 NDIS - ok
01:01:35.0385 3512 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:01:35.0385 3512 NdisCap - ok
01:01:35.0400 3512 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:01:35.0400 3512 NdisTapi - ok
01:01:35.0447 3512 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:01:35.0447 3512 Ndisuio - ok
01:01:35.0478 3512 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:01:35.0478 3512 NdisWan - ok
01:01:35.0509 3512 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:01:35.0509 3512 NDProxy - ok
01:01:35.0541 3512 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:01:35.0541 3512 NetBIOS - ok
01:01:35.0587 3512 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:01:35.0603 3512 NetBT - ok
01:01:35.0697 3512 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:01:35.0728 3512 Netlogon - ok
01:01:35.0853 3512 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:01:35.0853 3512 Netman - ok
01:01:35.0977 3512 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:01:35.0977 3512 netprofm - ok
01:01:36.0040 3512 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:01:36.0040 3512 NetTcpPortSharing - ok
01:01:36.0055 3512 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:01:36.0055 3512 nfrd960 - ok
01:01:36.0118 3512 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:01:36.0133 3512 NlaSvc - ok
01:01:36.0133 3512 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:01:36.0133 3512 Npfs - ok
01:01:36.0165 3512 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:01:36.0165 3512 nsi - ok
01:01:36.0180 3512 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:01:36.0180 3512 nsiproxy - ok
01:01:37.0179 3512 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:01:37.0225 3512 Ntfs - ok
01:01:38.0895 3512 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:01:38.0895 3512 Null - ok
01:01:45.0197 3512 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:01:45.0259 3512 nvlddmkm - ok
01:01:45.0821 3512 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:01:45.0868 3512 nvraid - ok
01:01:45.0899 3512 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:01:45.0899 3512 nvstor - ok
01:01:46.0055 3512 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
01:01:46.0086 3512 nvsvc - ok
01:01:47.0209 3512 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
01:01:47.0272 3512 nvUpdatusService - ok
01:01:47.0397 3512 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:01:47.0397 3512 nv_agp - ok
01:01:47.0443 3512 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:01:47.0459 3512 ohci1394 - ok
01:01:47.0537 3512 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:01:47.0537 3512 ose - ok
01:01:47.0568 3512 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:01:47.0584 3512 p2pimsvc - ok
01:01:47.0833 3512 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:01:47.0865 3512 p2psvc - ok
01:01:47.0896 3512 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:01:47.0911 3512 Parport - ok
01:01:47.0974 3512 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
01:01:47.0974 3512 partmgr - ok
01:01:48.0005 3512 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:01:48.0021 3512 PcaSvc - ok
01:01:48.0052 3512 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:01:48.0052 3512 pci - ok
01:01:48.0083 3512 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:01:48.0083 3512 pciide - ok
01:01:48.0114 3512 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:01:48.0130 3512 pcmcia - ok
01:01:48.0145 3512 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:01:48.0145 3512 pcw - ok
01:01:48.0177 3512 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:01:48.0192 3512 PEAUTH - ok
01:01:48.0348 3512 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
01:01:48.0379 3512 PeerDistSvc - ok
01:01:48.0707 3512 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:01:48.0707 3512 PerfHost - ok
01:01:49.0783 3512 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:01:49.0830 3512 pla - ok
01:01:49.0893 3512 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:01:49.0908 3512 PlugPlay - ok
01:01:49.0924 3512 PnkBstrA - ok
01:01:49.0955 3512 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:01:49.0971 3512 PNRPAutoReg - ok
01:01:50.0002 3512 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:01:50.0002 3512 PNRPsvc - ok
01:01:50.0688 3512 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:01:50.0719 3512 PolicyAgent - ok
01:01:50.0766 3512 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:01:50.0766 3512 Power - ok
01:01:51.0328 3512 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:01:51.0343 3512 PptpMiniport - ok
01:01:51.0375 3512 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:01:51.0375 3512 Processor - ok
01:01:51.0421 3512 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
01:01:51.0437 3512 ProfSvc - ok
01:01:51.0593 3512 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:01:51.0593 3512 ProtectedStorage - ok
01:01:51.0858 3512 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:01:51.0858 3512 Psched - ok
01:01:52.0701 3512 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:01:52.0763 3512 ql2300 - ok
01:01:53.0309 3512 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:01:53.0325 3512 ql40xx - ok
01:01:53.0371 3512 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:01:53.0403 3512 QWAVE - ok
01:01:53.0418 3512 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:01:53.0418 3512 QWAVEdrv - ok
01:01:53.0527 3512 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
01:01:53.0527 3512 RapiMgr - ok
01:01:53.0543 3512 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:01:53.0543 3512 RasAcd - ok
01:01:53.0590 3512 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:01:53.0590 3512 RasAgileVpn - ok
01:01:53.0605 3512 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:01:53.0621 3512 RasAuto - ok
01:01:53.0777 3512 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:01:53.0777 3512 Rasl2tp - ok
01:01:53.0855 3512 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:01:53.0871 3512 RasMan - ok
01:01:53.0917 3512 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:01:53.0917 3512 RasPppoe - ok
01:01:53.0949 3512 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:01:53.0949 3512 RasSstp - ok
01:01:54.0042 3512 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:01:54.0042 3512 rdbss - ok
01:01:54.0089 3512 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:01:54.0089 3512 rdpbus - ok
01:01:54.0105 3512 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:01:54.0105 3512 RDPCDD - ok
01:01:54.0183 3512 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
01:01:54.0198 3512 RDPDR - ok
01:01:54.0214 3512 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:01:54.0214 3512 RDPENCDD - ok
01:01:54.0229 3512 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:01:54.0229 3512 RDPREFMP - ok
01:01:54.0276 3512 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
01:01:54.0292 3512 RDPWD - ok
01:01:54.0339 3512 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:01:54.0354 3512 rdyboost - ok
01:01:54.0401 3512 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:01:54.0401 3512 RemoteAccess - ok
01:01:54.0479 3512 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:01:54.0479 3512 RemoteRegistry - ok
01:01:54.0510 3512 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:01:54.0526 3512 RpcEptMapper - ok
01:01:54.0541 3512 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:01:54.0541 3512 RpcLocator - ok
01:01:54.0619 3512 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:01:54.0619 3512 RpcSs - ok
01:01:54.0682 3512 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:01:54.0682 3512 rspndr - ok
01:01:54.0760 3512 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
01:01:54.0760 3512 RTL8167 - ok
01:01:54.0853 3512 RTL8192su (fc00c0de6dc83de1b2b01420e2195b21) C:\Windows\system32\DRIVERS\RTL8192su.sys
01:01:54.0885 3512 RTL8192su - ok
01:01:54.0931 3512 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:01:54.0931 3512 SamSs - ok
01:01:54.0963 3512 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:01:54.0963 3512 sbp2port - ok
01:01:55.0009 3512 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:01:55.0009 3512 SCardSvr - ok
01:01:55.0041 3512 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:01:55.0041 3512 scfilter - ok
01:01:55.0743 3512 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:01:55.0774 3512 Schedule - ok
01:01:56.0039 3512 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:01:56.0055 3512 SCPolicySvc - ok
01:01:56.0632 3512 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:01:56.0663 3512 SDRSVC - ok
01:01:56.0710 3512 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:01:56.0710 3512 secdrv - ok
01:01:56.0741 3512 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:01:56.0772 3512 seclogon - ok
01:01:56.0803 3512 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
01:01:56.0803 3512 SENS - ok
01:01:56.0819 3512 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:01:56.0835 3512 SensrSvc - ok
01:01:56.0850 3512 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:01:56.0850 3512 Serenum - ok
01:01:56.0881 3512 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:01:56.0881 3512 Serial - ok
01:01:56.0944 3512 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:01:56.0944 3512 sermouse - ok
01:01:57.0006 3512 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:01:57.0006 3512 SessionEnv - ok
01:01:57.0037 3512 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:01:57.0037 3512 sffdisk - ok
01:01:57.0053 3512 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:01:57.0053 3512 sffp_mmc - ok
01:01:57.0069 3512 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:01:57.0069 3512 sffp_sd - ok
01:01:57.0100 3512 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:01:57.0100 3512 sfloppy - ok
01:01:57.0178 3512 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
01:01:57.0209 3512 SharedAccess - ok
01:01:57.0427 3512 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:01:57.0459 3512 ShellHWDetection - ok
01:01:57.0474 3512 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:01:57.0474 3512 SiSRaid2 - ok
01:01:57.0505 3512 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:01:57.0521 3512 SiSRaid4 - ok
01:01:57.0537 3512 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:01:57.0537 3512 Smb - ok
01:01:57.0599 3512 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:01:57.0599 3512 SNMPTRAP - ok
01:01:57.0646 3512 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:01:57.0661 3512 spldr - ok
01:01:57.0724 3512 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:01:57.0724 3512 Spooler - ok
01:01:58.0972 3512 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:01:59.0081 3512 sppsvc - ok
01:01:59.0705 3512 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:01:59.0721 3512 sppuinotify - ok
01:02:00.0173 3512 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys
01:02:00.0173 3512 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97
01:02:00.0173 3512 sptd ( LockedFile.Multi.Generic ) - warning
01:02:00.0173 3512 sptd - detected LockedFile.Multi.Generic (1)
01:02:00.0235 3512 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:02:00.0251 3512 srv - ok
01:02:00.0345 3512 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:02:00.0360 3512 srv2 - ok
01:02:00.0423 3512 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:02:00.0423 3512 srvnet - ok
01:02:00.0454 3512 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:02:00.0469 3512 SSDPSRV - ok
01:02:00.0485 3512 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:02:00.0501 3512 SstpSvc - ok
01:02:00.0594 3512 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
01:02:00.0610 3512 StarWindServiceAE - ok
01:02:00.0625 3512 Steam Client Service - ok
01:02:00.0735 3512 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:02:00.0735 3512 Stereo Service - ok
01:02:00.0781 3512 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:02:00.0781 3512 stexstor - ok
01:02:00.0953 3512 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:02:00.0984 3512 stisvc - ok
01:02:01.0015 3512 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
01:02:01.0015 3512 StorSvc - ok
01:02:01.0062 3512 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:02:01.0062 3512 swenum - ok
01:02:01.0125 3512 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:02:01.0156 3512 swprv - ok
01:02:01.0530 3512 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:02:01.0593 3512 SysMain - ok
01:02:01.0795 3512 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:02:01.0811 3512 TabletInputService - ok
01:02:01.0873 3512 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:02:01.0889 3512 TapiSrv - ok
01:02:01.0905 3512 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:02:01.0905 3512 TBS - ok
01:02:02.0763 3512 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
01:02:02.0825 3512 Tcpip - ok
01:02:03.0745 3512 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
01:02:03.0761 3512 TCPIP6 - ok
01:02:03.0870 3512 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:02:03.0886 3512 tcpipreg - ok
01:02:03.0917 3512 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:02:03.0917 3512 TDPIPE - ok
01:02:03.0948 3512 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
01:02:03.0948 3512 TDTCP - ok
01:02:03.0979 3512 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:02:03.0995 3512 tdx - ok
01:02:04.0026 3512 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:02:04.0042 3512 TermDD - ok
01:02:04.0229 3512 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:02:04.0260 3512 TermService - ok
01:02:04.0276 3512 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:02:04.0291 3512 Themes - ok
01:02:04.0369 3512 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:02:04.0369 3512 THREADORDER - ok
01:02:04.0479 3512 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:02:04.0479 3512 TrkWks - ok
01:02:04.0541 3512 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:02:04.0557 3512 TrustedInstaller - ok
01:02:04.0588 3512 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:02:04.0588 3512 tssecsrv - ok
01:02:04.0666 3512 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:02:04.0666 3512 TsUsbFlt - ok
01:02:04.0713 3512 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:02:04.0713 3512 tunnel - ok
01:02:04.0759 3512 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:02:04.0759 3512 uagp35 - ok
01:02:04.0822 3512 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:02:04.0822 3512 udfs - ok
01:02:04.0853 3512 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:02:04.0869 3512 UI0Detect - ok
01:02:04.0915 3512 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:02:04.0915 3512 uliagpkx - ok
01:02:04.0962 3512 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
01:02:04.0962 3512 umbus - ok
01:02:04.0978 3512 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:02:04.0978 3512 UmPass - ok
01:02:05.0040 3512 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
01:02:05.0056 3512 UmRdpService - ok
01:02:05.0118 3512 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:02:05.0118 3512 upnphost - ok
01:02:05.0165 3512 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
01:02:05.0181 3512 usbaudio - ok
01:02:05.0212 3512 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
01:02:05.0212 3512 usbccgp - ok
01:02:05.0259 3512 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:02:05.0259 3512 usbcir - ok
01:02:05.0290 3512 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
01:02:05.0305 3512 usbehci - ok
01:02:05.0337 3512 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:02:05.0337 3512 usbhub - ok
01:02:05.0352 3512 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
01:02:05.0352 3512 usbohci - ok
01:02:05.0368 3512 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:02:05.0383 3512 usbprint - ok
01:02:05.0415 3512 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
01:02:05.0415 3512 USBSTOR - ok
01:02:05.0430 3512 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
01:02:05.0430 3512 usbuhci - ok
01:02:05.0461 3512 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:02:05.0461 3512 UxSms - ok
01:02:05.0493 3512 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:02:05.0508 3512 VaultSvc - ok
01:02:05.0524 3512 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:02:05.0524 3512 vdrvroot - ok
01:02:05.0586 3512 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:02:05.0602 3512 vds - ok
01:02:05.0727 3512 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:02:05.0727 3512 vga - ok
01:02:05.0742 3512 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:02:05.0758 3512 VgaSave - ok
01:02:05.0805 3512 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:02:05.0805 3512 vhdmp - ok
01:02:05.0836 3512 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:02:05.0836 3512 viaide - ok
01:02:05.0851 3512 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:02:05.0867 3512 volmgr - ok
01:02:05.0914 3512 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:02:05.0914 3512 volmgrx - ok
01:02:05.0945 3512 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:02:05.0961 3512 volsnap - ok
01:02:05.0992 3512 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:02:06.0007 3512 vsmraid - ok
01:02:06.0132 3512 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:02:06.0179 3512 VSS - ok
01:02:06.0335 3512 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:02:06.0351 3512 vwifibus - ok
01:02:06.0382 3512 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:02:06.0382 3512 vwififlt - ok
01:02:06.0429 3512 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:02:06.0444 3512 W32Time - ok
01:02:06.0460 3512 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:02:06.0460 3512 WacomPen - ok
01:02:06.0522 3512 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:02:06.0522 3512 WANARP - ok
01:02:06.0538 3512 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:02:06.0538 3512 Wanarpv6 - ok
01:02:06.0694 3512 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
01:02:06.0709 3512 WatAdminSvc - ok
01:02:06.0819 3512 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:02:06.0865 3512 wbengine - ok
01:02:07.0146 3512 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:02:07.0177 3512 WbioSrvc - ok
01:02:07.0271 3512 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
01:02:07.0287 3512 WcesComm - ok
01:02:07.0755 3512 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:02:07.0770 3512 wcncsvc - ok
01:02:07.0801 3512 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:02:07.0801 3512 WcsPlugInService - ok
01:02:07.0864 3512 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:02:07.0864 3512 Wd - ok
01:02:07.0942 3512 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:02:07.0957 3512 Wdf01000 - ok
01:02:07.0973 3512 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:02:07.0973 3512 WdiServiceHost - ok
01:02:07.0989 3512 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:02:07.0989 3512 WdiSystemHost - ok
01:02:08.0035 3512 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:02:08.0035 3512 WebClient - ok
01:02:08.0067 3512 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:02:08.0082 3512 Wecsvc - ok
01:02:08.0098 3512 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:02:08.0113 3512 wercplsupport - ok
01:02:08.0145 3512 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:02:08.0145 3512 WerSvc - ok
01:02:08.0207 3512 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:02:08.0207 3512 WfpLwf - ok
01:02:08.0223 3512 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:02:08.0238 3512 WIMMount - ok
01:02:08.0254 3512 WinDefend - ok
01:02:08.0285 3512 WinHttpAutoProxySvc - ok
01:02:08.0347 3512 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:02:08.0363 3512 Winmgmt - ok
01:02:08.0722 3512 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:02:08.0784 3512 WinRM - ok
01:02:09.0564 3512 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
01:02:09.0564 3512 WinUSB - ok
01:02:09.0751 3512 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:02:09.0798 3512 Wlansvc - ok
01:02:09.0814 3512 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
01:02:09.0829 3512 WmBEnum - ok
01:02:09.0845 3512 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
01:02:09.0861 3512 WmFilter - ok
01:02:09.0892 3512 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:02:09.0892 3512 WmiAcpi - ok
01:02:10.0079 3512 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:02:10.0079 3512 wmiApSrv - ok
01:02:10.0110 3512 WMPNetworkSvc - ok
01:02:10.0157 3512 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
01:02:10.0157 3512 WmVirHid - ok
01:02:10.0188 3512 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
01:02:10.0188 3512 WmXlCore - ok
01:02:10.0219 3512 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:02:10.0235 3512 WPCSvc - ok
01:02:10.0266 3512 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:02:10.0282 3512 WPDBusEnum - ok
01:02:10.0297 3512 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:02:10.0297 3512 ws2ifsl - ok
01:02:10.0344 3512 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
01:02:10.0344 3512 wscsvc - ok
01:02:10.0360 3512 WSearch - ok
01:02:10.0984 3512 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
01:02:11.0062 3512 wuauserv - ok
01:02:12.0076 3512 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:02:12.0091 3512 WudfPf - ok
01:02:12.0138 3512 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:02:12.0154 3512 WUDFRd - ok
01:02:12.0201 3512 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:02:12.0201 3512 wudfsvc - ok
01:02:12.0247 3512 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:02:12.0294 3512 WwanSvc - ok
01:02:12.0325 3512 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:02:13.0807 3512 \Device\Harddisk0\DR0 - ok
01:02:13.0807 3512 Boot (0x1200) (7412752ddfbb830707ccf8ff55c8d492) \Device\Harddisk0\DR0\Partition0
01:02:13.0823 3512 \Device\Harddisk0\DR0\Partition0 - ok
01:02:13.0839 3512 Boot (0x1200) (8ecc97b20d20bfbfd60d6454455ab751) \Device\Harddisk0\DR0\Partition1
01:02:13.0854 3512 \Device\Harddisk0\DR0\Partition1 - ok
01:02:13.0854 3512 ============================================================
01:02:13.0854 3512 Scan finished
01:02:13.0854 3512 ============================================================
01:02:13.0870 3064 Detected object count: 1
01:02:13.0870 3064 Actual detected object count: 1
01:02:46.0731 3064 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:02:46.0731 3064 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#8 mattp128

mattp128
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 04 August 2012 - 03:22 AM

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-04 01:04:32
-----------------------------
01:04:32.300 OS Version: Windows x64 6.1.7601 Service Pack 1
01:04:32.300 Number of processors: 2 586 0x602
01:04:32.300 ComputerName: FIZGIG UserName: Matt
01:04:32.612 Initialize success
01:13:07.019 AVAST engine defs: 12080301
01:13:12.978 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:13:12.978 Disk 0 Vendor: WDC_WD3200AAJS-00L7A0 01.03E01 Size: 305245MB BusType: 3
01:13:12.994 Disk 0 MBR read successfully
01:13:13.010 Disk 0 MBR scan
01:13:13.010 Disk 0 Windows 7 default MBR code
01:13:13.025 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60000 MB offset 2048
01:13:13.041 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 245242 MB offset 122882048
01:13:13.072 Disk 0 scanning C:\Windows\system32\drivers
01:13:22.167 Service scanning
01:13:42.946 Modules scanning
01:13:42.962 Disk 0 trace - called modules:
01:13:42.977 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80042e62c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
01:13:42.993 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800492d060]
01:13:42.993 3 CLASSPNP.SYS[fffff88001b4843f] -> nt!IofCallDriver -> [0xfffffa8004456e40]
01:13:43.008 5 ACPI.sys[fffff88000f967a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800445f060]
01:13:43.008 \Driver\atapi[0xfffffa8004446cb0] -> IRP_MJ_CREATE -> 0xfffffa80042e62c0
01:13:43.664 AVAST engine scan C:\Windows
01:13:45.941 AVAST engine scan C:\Windows\system32
01:16:32.893 AVAST engine scan C:\Windows\system32\drivers
01:16:43.158 AVAST engine scan C:\Users\Matt
01:20:54.833 AVAST engine scan C:\ProgramData
01:21:45.096 Scan finished successfully
01:21:56.453 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
01:21:56.453 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:03 AM

Posted 04 August 2012 - 04:06 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mattp128

mattp128
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 04 August 2012 - 11:35 AM

No problems noted with the PC so far.

ComboFix 12-08-04.02 - Matt 08/04/2012 9:18.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2643 [GMT -7:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
Command switches used :: c:\users\Matt\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matt\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 16:23 . 2012-08-04 16:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-04 16:23 . 2012-08-04 16:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 09:19 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72A6791C-43BE-4903-AAA1-1AD29463722A}\mpengine.dll
2012-08-03 05:52 . 2012-08-03 05:52 9827016 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-26 16:57 . 2012-07-26 16:57 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2012-07-26 16:57 . 2012-07-26 16:57 -------- d-----w- c:\programdata\Malwarebytes
2012-07-26 16:57 . 2012-07-26 16:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-26 16:57 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-22 11:08 . 2012-07-22 11:08 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-20 01:34 . 2012-07-20 01:34 -------- d-----w- c:\users\Matt\AppData\Local\Macromedia
2012-07-19 06:24 . 2012-07-19 06:24 -------- d-----w- c:\users\Matt\AppData\Roaming\Unity
2012-07-19 05:49 . 2012-08-03 05:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 06:44 . 2012-07-12 06:45 -------- d-----w- c:\windows\WindowsMobile
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 05:52 . 2011-05-20 04:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 01:56 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 01:56 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 01:56 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 01:56 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 01:56 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 01:56 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 01:56 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 01:56 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 01:56 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-11-04 07:06 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-27 23:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-27 23:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-03_08.48.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-04 07:28 . 2012-08-03 08:58 39724 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-04 07:57 26796 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-04 06:46 . 2012-08-04 07:57 11906 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1797719004-1626035569-3720017508-1000_UserData.bin
+ 2012-08-04 16:24 . 2012-08-04 16:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-03 08:47 . 2012-08-03 08:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-04 16:24 . 2012-08-04 16:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-03 08:47 . 2012-08-03 08:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-08-03 08:27 632958 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-04 08:01 632958 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-04 08:01 110592 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-03 08:27 110592 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-03 08:46 320728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-04 16:23 320728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-29 05:57 . 2012-08-04 16:23 15645100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1797719004-1626035569-3720017508-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="d:\programs\Itunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-11-14 1884064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart16.exe [2006-9-23 10872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-03 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-04 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-09 503352]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-07 676864]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 05:52]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 23:02]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 23:02]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1797719004-1626035569-3720017508-1000Core.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-10 05:12]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1797719004-1626035569-3720017508-1000UA.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-10 05:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-15 190536]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\jt6iwhx0.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2012-08-04 09:29:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-04 16:29
ComboFix2.txt 2012-08-03 08:52
.
Pre-Run: 8,547,418,112 bytes free
Post-Run: 8,618,463,232 bytes free
.
- - End Of File - - CCBC24FAC40E5B17F928CA9421647045

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:03 AM

Posted 04 August 2012 - 03:11 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 mattp128

mattp128
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 04 August 2012 - 03:21 PM

Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.4
Amazon MP3 Downloader 1.0.15
Android SDK Tools
Apple Application Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
Assassin's Creed Brotherhood
Audacity 1.3.12 (Unicode)
AutoCAD 2006 - English
Autodesk DWF Viewer
Avira Free Antivirus
BattleTag
Belkin F7D1101 Basic Wireless USB Adapter
Belkin Setup and Router Monitor
Call of Duty 2
Call of Duty® 4 - Modern Warfare™
CCS64 V3.8
Celestia 1.6.0
DAOC-Charplan
DAoC Portal
Dawn of Light v1.9.4 r2500
Diablo
Diablo II
Eden Launcher version 2.0
Free WMA to MP3 Converter 1.16
Garry's Mod
Go PlayAlong
Google Chrome
Google Earth
Google Update Helper
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life: Blue Shift
Half-Life: Opposing Force
ICQ7.2
IL-2 Sturmovik: 1946
Java Auto Updater
Java™ 6 Update 31
LAME v3.98.3 for Audacity
LEGO Universe
LIMBO
Magicka
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 1.1
Microsoft Office Professional Edition 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mobipocket Reader 6.2
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Workbench 5.2 CE
Need for Speed: SHIFT
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Pcsx2 0.9.2 Watermoose
Plants vs. Zombies
Portal
Power Tab Editor 1.7
PSpice Student 9.1
PunkBuster Services
QuickTime
Real Myst
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Star Wars JK II Jedi Outcast
Star Wars Knights of the Old Republic
Star Wars: Knights of the Old Republic
Star Wars: The Old Republic
Station Launcher
Tank Universal
Team Fortress 2
Team Fortress 2 Beta
The Elder Scrolls IV: Oblivion
The Elder Scrolls V: Skyrim
Tomb Raider: Anniversary
Tron 2.0
Ubisoft Game Launcher
Unity Web Player
Unreal Gold
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Veetle TV 0.9.18
WinX Free WMV to MP4 Converter 2.0.7
Wizard101

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:03 AM

Posted 04 August 2012 - 03:33 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.4
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 mattp128

mattp128
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 04 August 2012 - 05:58 PM

PC is fine so far:

MBAM:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Matt :: FIZGIG [administrator]

8/4/2012 3:47:59 PM
mbam-log-2012-08-04 (15-47-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214581
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

HiJack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:57:27 PM, on 8/4/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
D:\Programs\Itunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Matt\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20120831,19250,0,18,0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programs\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9574 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:03 AM

Posted 04 August 2012 - 06:52 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "D:\Programs\Itunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
      O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users