Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JS/Redirector.NIQ Trojan


  • This topic is locked This topic is locked
25 replies to this topic

#1 Baish

Baish

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 02 August 2012 - 01:43 AM

Hey there.

Here is the DDS Log, MB Log and the results from the ESET Online Scan.

Link to Previous Thread if necessary (http://www.bleepingcomputer.com/forums/topic462016.html)

I had started a thread in order to request the removal of a malware infection just over a week ago, specifically "Trojan.Dropper.BC Miner" and after following the steps provided by SweetTech I was able to seemingly remove any outstanding problems and security malfunctions. Everything worked fine as it had before, lasting three days until i started having browser redirection again.The first go to step was to run a scan with MalwareBytes, the first scan detected a Hapili Trojan which would then disappear upon reboot only to leave any followup scans detecting other Trojans but not the Hapili in particular. Sometimes the MalwareBytes Scans don't result in anything while the ESET Scan and Microsoft Security Essentials are capable of detecting another and vice- versa. Apart from the redirection, i was also unable to properly update my OS via Windows Update due to an error code "80246008" caused by the removal of the removal of Backround Intelligent Transfer Service (BITS); the same error popped up in Microsoft Security Essentials also, as "x80246008" A DLL Error also popped up when logging in referring to a hconk.dll and has not happened since.

I was able to restore the BITS Service via the command prompt via "sc create BITS binpath= "c:\windows\system32\svchost.exe -k netsvcs" start= delayed-auto" However i feel that there's a larger problem and other edits that have gone unnoticed.

Thanks in advance.



MalwareBytes Log 1
=====================
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.26.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mr A :: THETERMINATOR [administrator]

8/1/2012 9:15:51 PM
mbam-log-2012-08-01 (21-15-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207508
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Mr A\AppData\Local\perforce\vhxawrlt.dll (Spyware.Password) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|perforce (Spyware.Password) -> Data: rundll32.exe "C:\Users\Mr A\AppData\Local\perforce\vhxawrlt.dll",GetImporterInterface -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Mr A\AppData\Local\perforce\vhxawrlt.dll (Spyware.Password) -> Delete on reboot.
C:\Users\Mr A\Local Settings\Temporary Internet Files\Content.IE5\JLI1YX49\fMB6lLWR[1].exe (Trojan.Happili) -> Quarantined and deleted successfully.

(end)


MalwareBytes Log 2
===================

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.26.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mr A :: THETERMINATOR [administrator]

8/1/2012 9:19:35 PM
mbam-log-2012-08-01 (21-19-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207509
Time elapsed: 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Mr A\AppData\Local\perforce\vhxawrlt.dll (Spyware.Password) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Mr A\AppData\Local\perforce\vhxawrlt.dll (Spyware.Password) -> Delete on reboot.

(end)


========
ESET
========
C:\Users\Mr A\AppData\Local\{740B0469-D8F3-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan



==================
DDS Log
==================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mr A at 23:38:24 on 2012-08-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.5883 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Google Update] "C:\Users\Mr A\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 216.228.160.5 216.228.160.6 216.228.160.7
TCP: Interfaces\{60BE8045-2580-4656-A749-1CC616775EC3} : DhcpNameServer = 216.228.160.5 216.228.160.6 216.228.160.7
mRun-x64: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mr A\AppData\Roaming\Mozilla\Firefox\Profiles\xedxndgn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Mr A\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-3 1258856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-11 382312]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-02 05:10:05 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87D20244-9C2D-403F-89AC-C560B19B7173}\mpengine.dll
2012-08-02 00:10:16 -------- d-----w- C:\Users\Mr A\AppData\Local\perforce
2012-07-31 15:44:22 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-28 20:33:20 -------- d-----w- C:\Users\Mr A\AppData\Local\{740B3D01-D8F3-11E1-8270-B8AC6F996F26}
2012-07-28 20:33:19 -------- d-----w- C:\Users\Mr A\AppData\Local\{740B0469-D8F3-11E1-8270-B8AC6F996F26}
2012-07-25 19:53:39 -------- d-----w- C:\Program Files (x86)\Common Files\Wrye Bash
2012-07-25 19:52:32 -------- d-----w- C:\Program Files\Nexus Mod Manager
2012-07-25 18:03:51 -------- d-----w- C:\Users\Mr A\AppData\Local\Google
2012-07-25 15:55:35 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D5E23DE7-E82A-49D1-B3C1-C09FC561A5A4}\gapaengine.dll
2012-07-25 15:53:49 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-25 15:53:47 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-25 15:50:06 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-07-25 15:50:06 839152 ----a-w- C:\Windows\System32\deployJava1.dll
2012-07-24 23:25:09 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-24 00:22:57 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-23 02:39:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-22 21:27:03 -------- d-----w- C:\Users\Mr A\AppData\Local\ArmA 2 Free
2012-07-22 03:19:02 -------- d-----w- C:\Icon Index
2012-07-21 18:14:13 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2012-07-21 03:46:24 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-21 02:34:10 -------- d-----w- C:\Program Files (x86)\THQ
2012-07-21 02:15:00 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-21 02:15:00 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-21 02:15:00 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-07 17:16:09 -------- d-----w- C:\Users\Mr A\AppData\Roaming\fltk.org
2012-07-07 17:16:09 -------- d-----w- C:\ProgramData\fltk.org
2012-07-06 00:01:37 2601752 ----a-w- C:\Windows\SysWow64\pbsvc_moh.exe
.
==================== Find3M ====================
.
2012-08-02 04:32:33 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 04:32:33 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-06 00:14:08 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-06 00:14:08 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-06 00:01:37 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-30 04:10:32 43680 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2012-06-30 04:10:32 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2012-06-25 14:49:19 249856 ------w- C:\Windows\Setup1.exe
2012-06-25 14:49:18 73216 ----a-w- C:\Windows\ST6UNST.EXE
2012-06-15 03:01:42 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-12 03:51:04 428392 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-06-12 02:30:01 2653573 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-06-12 02:29:20 3264360 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-06-12 02:29:19 6189928 ----a-w- C:\Windows\System32\nvcpl.dll
2012-06-12 02:28:59 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-06-12 02:28:59 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-06-12 02:28:59 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-06-08 14:56:50 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-30 06:29:18 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2012-05-30 06:29:14 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2012-05-27 16:38:15 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-21 13:10:56 31080 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-05-21 13:10:51 188776 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-05-21 07:34:41 1468264 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-05-15 10:48:00 364352 ----a-w- C:\Windows\System32\nvdecodemft.dll
2012-05-15 10:48:00 301376 ----a-w- C:\Windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48:00 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-05-14 12:55:27 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-05-14 12:55:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-05-08 22:45:40 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-05-05 00:23:33 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-05-04 22:46:30 6656 ----a-w- C:\Windows\System32\lpcio.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 23:38:41.83 ===============




DDS Attach
===============


.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/3/2012 4:51:37 PM
System Uptime: 8/1/2012 10:34:59 PM (1 hours ago)
.
Motherboard: ASRock | | P67 Extreme4 Gen3
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | CPUSocket | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 127.753 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 233 GiB total, 232.787 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP125: 7/25/2012 8:51:48 AM - Removed JavaFX 2.1.0
RP126: 7/26/2012 9:52:22 AM - OTL Restore Point - 7/26/2012 9:52:22 AM
RP127: 8/1/2012 9:29:30 PM - Removed Adobe Reader 9.
RP128: 8/1/2012 9:30:08 PM - Removed Adobe Download Assistant
RP129: 8/1/2012 10:09:18 PM - Windows Update
RP130: 8/1/2012 10:11:23 PM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
ASRock eXtreme Tuner v0.1.98
ASRock InstantBoot v1.26
Clear Sky Complete
Creation Kit
DAEMON Tools Lite
Diablo III
eReg
ESET Online Scanner v3
ESN Sonar
Etron USB3.0 Host Controller
Google Chrome
Intel® Management Engine Components
Malwarebytes Anti-Malware version 1.62.0.1300
marvell 91xx driver
Microsoft .NET Framework 1.1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MISERY for S.T.A.L.K.E.R - Call of Pripyat
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Origin
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
S.T.A.L.K.E.R. - Clear Sky
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Steam
The Elder Scrolls V: Skyrim
THX TruStudio
Wrye Bash
XFastUsb
.
==== Event Viewer Messages From Past Week ========
.
8/1/2012 9:41:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 9:41:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 9:41:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 9:41:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 9:37:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 9:37:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 9:37:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 9:37:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 9:31:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 9:31:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 9:15:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 9:15:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 7:36:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 7:36:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 10:17:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
8/1/2012 10:17:43 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/1/2012 10:17:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 10:17:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 10:08:40 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/1/2012 10:08:40 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
8/1/2012 1:25:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
8/1/2012 1:25:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1058.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/31/2012 8:44:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/31/2012 8:44:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/30/2012 9:11:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/30/2012 9:11:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/30/2012 7:01:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/30/2012 7:01:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/30/2012 5:51:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/30/2012 5:51:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/30/2012 10:00:51 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/30/2012 10:00:51 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/30/2012 1:03:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/30/2012 1:03:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/29/2012 7:21:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/29/2012 7:21:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/29/2012 6:29:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/29/2012 6:29:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/29/2012 5:17:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/29/2012 5:17:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/28/2012 6:53:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/28/2012 6:53:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/28/2012 4:45:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/28/2012 4:45:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/28/2012 10:46:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/28/2012 10:46:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/27/2012 8:11:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/27/2012 8:11:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/27/2012 8:05:37 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/27/2012 8:05:37 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/27/2012 4:29:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/27/2012 4:29:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/27/2012 2:50:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/27/2012 2:50:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/27/2012 10:21:17 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/27/2012 10:21:17 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/26/2012 7:18:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/26/2012 7:18:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/26/2012 3:52:36 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/26/2012 3:52:36 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/26/2012 10:05:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/26/2012 10:05:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.649.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/25/2012 8:56:22 AM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
7/25/2012 8:54:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/25/2012 8:54:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/25/2012 8:54:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
7/25/2012 8:54:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 05 August 2012 - 03:23 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Baish

Baish
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 05 August 2012 - 05:28 PM

Thanks for the response, here are the SC and ComboFix Logs.

Google redirects are still occurring
As before, overall speed and performance appears to be untouched, applications perform fine without any errors for short and extended periods of time, so no outstanding problems there.
Depending on what can be determined about the infection given the information we already know and what may surface in future scans and the following logs, any tips on reliably removing and preventing recurring malware problems and persistent threats specific to this one would be greatly appreciated. I'd like to be as certain as realistically possible that it's been wiped clean of threats short of reformatting.




Security Check
====================================
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````





=====================
ComboFix 12-08-05.02 - Mr A 08/05/2012 13:17:49.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6556 [GMT -7:00]
Running from: c:\users\Mr A\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 20:21 . 2012-08-05 20:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-05 20:21 . 2012-08-05 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 02:48 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A49B55AD-EAAC-4BE8-B85A-530570A3FA8A}\mpengine.dll
2012-08-04 02:30 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-02 00:10 . 2012-08-02 04:21 -------- d-----w- c:\users\Mr A\AppData\Local\perforce
2012-07-28 20:33 . 2012-07-28 20:33 -------- d-----w- c:\users\Mr A\AppData\Local\{740B3D01-D8F3-11E1-8270-B8AC6F996F26}
2012-07-28 20:33 . 2012-07-28 20:33 -------- d-----w- c:\users\Mr A\AppData\Local\{740B0469-D8F3-11E1-8270-B8AC6F996F26}
2012-07-25 19:53 . 2012-07-25 19:53 -------- d-----w- c:\program files (x86)\Common Files\Wrye Bash
2012-07-25 19:52 . 2012-07-27 16:16 -------- d-----w- c:\program files\Nexus Mod Manager
2012-07-25 18:03 . 2012-07-25 18:04 -------- d-----w- c:\users\Mr A\AppData\Local\Google
2012-07-25 15:55 . 2012-02-09 21:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5E23DE7-E82A-49D1-B3C1-C09FC561A5A4}\gapaengine.dll
2012-07-25 15:53 . 2012-07-25 15:53 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-25 15:53 . 2012-07-25 15:53 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-25 15:50 . 2012-07-25 15:49 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-25 15:50 . 2012-07-25 15:49 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-25 15:50 . 2012-07-25 15:49 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-25 15:50 . 2012-07-25 15:49 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-25 15:50 . 2012-07-25 15:49 188912 ----a-w- c:\windows\system32\java.exe
2012-07-25 15:49 . 2012-07-25 15:49 -------- d-----w- c:\program files\Java
2012-07-24 23:25 . 2012-07-24 23:25 -------- d-----w- c:\program files (x86)\ESET
2012-07-23 02:39 . 2012-07-23 02:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-22 21:27 . 2012-07-22 21:27 -------- d-----w- c:\users\Mr A\AppData\Local\ArmA 2 Free
2012-07-22 03:19 . 2012-07-22 03:19 -------- d-----w- C:\Icon Index
2012-07-21 18:14 . 2012-07-21 18:14 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-07-21 03:46 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-21 02:34 . 2012-07-21 02:34 -------- d-----w- c:\program files (x86)\THQ
2012-07-21 02:15 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-21 02:15 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-21 02:15 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-07 17:16 . 2012-07-07 17:16 -------- d-----w- c:\users\Mr A\AppData\Roaming\fltk.org
2012-07-07 17:16 . 2012-07-07 17:16 -------- d-----w- c:\programdata\fltk.org
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 04:32 . 2012-05-05 02:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 04:32 . 2012-05-05 02:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-21 03:45 . 2012-05-04 00:36 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 00:14 . 2012-05-05 04:14 218496 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-06 00:14 . 2012-05-05 00:23 218496 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-06 00:01 . 2012-05-05 00:23 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-03 20:46 . 2012-05-12 00:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 04:10 . 2012-06-30 04:08 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-06-30 04:10 . 2012-06-30 04:08 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-06-25 14:49 . 2012-06-25 14:49 249856 ------w- c:\windows\Setup1.exe
2012-06-25 14:49 . 2012-06-25 14:49 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-06-15 03:01 . 2012-05-05 00:23 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-12 06:26 . 2012-06-28 20:18 9048424 ----a-w- c:\windows\system32\nvcuda.dll
2012-06-12 06:26 . 2012-06-28 20:18 827752 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-06-12 06:26 . 2012-06-28 20:18 7586664 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-06-12 06:26 . 2012-06-28 20:18 2743656 ----a-w- c:\windows\system32\nvcuvid.dll
2012-06-12 06:26 . 2012-06-28 20:18 26238824 ----a-w- c:\windows\system32\nvoglv64.dll
2012-06-12 06:26 . 2012-06-28 20:18 2572136 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-06-12 06:26 . 2012-06-28 20:18 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-06-12 06:26 . 2012-06-28 20:18 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-06-12 06:26 . 2012-06-28 20:18 2418024 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-06-12 06:26 . 2012-06-28 20:18 2215784 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-06-12 06:26 . 2012-06-28 20:18 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-06-12 06:26 . 2012-06-28 20:18 19834728 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-06-12 06:26 . 2012-06-28 20:18 1864552 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-06-12 06:26 . 2012-06-28 20:18 18231656 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-06-12 06:26 . 2012-06-28 20:18 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-06-12 06:26 . 2012-06-28 20:18 15282024 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-06-12 06:26 . 2012-06-28 20:18 1472360 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-06-12 06:26 . 2012-06-28 20:18 13353320 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-06-12 06:26 . 2012-06-28 20:18 12349288 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-06-12 06:26 . 2012-05-04 00:19 968552 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-06-12 06:26 . 2012-05-04 00:19 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-12 06:26 . 2012-05-04 00:19 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-12 06:26 . 2012-05-04 00:19 2719592 ----a-w- c:\windows\system32\nvapi64.dll
2012-06-12 06:26 . 2012-05-04 00:19 1758056 ----a-w- c:\windows\system32\nvdispco64.dll
2012-06-12 06:26 . 2012-05-04 00:19 14744424 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-06-12 03:51 . 2012-06-12 03:51 428392 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-06-12 02:30 . 2012-05-04 00:19 2653573 ----a-w- c:\windows\system32\nvcoproc.bin
2012-06-12 02:29 . 2012-05-04 00:19 3264360 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-12 02:29 . 2012-05-04 00:19 6189928 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-12 02:28 . 2012-05-04 00:19 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-12 02:28 . 2012-05-04 00:19 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-06-12 02:28 . 2012-05-04 00:19 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-08 14:56 . 2012-05-13 15:41 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-02 22:19 . 2012-06-21 15:01 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:01 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:01 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:01 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 15:01 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:01 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:01 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 15:01 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-30 06:29 . 2012-05-30 06:29 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-30 06:29 . 2012-05-30 06:29 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-05-27 16:38 . 2012-05-27 16:38 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-21 13:10 . 2012-06-28 20:18 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2012-05-21 13:10 . 2012-06-28 20:18 188776 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-05-21 07:34 . 2012-05-04 00:19 1468264 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-05-15 10:48 . 2012-05-22 23:42 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 23:42 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-04 00:19 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-14 12:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-14 12:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-13 15:41 . 2012-05-13 15:41 53248 ----a-r- c:\users\Mr A\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-08 22:45 . 2012-05-08 22:45 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-03 1353080]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-07-02 3407496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2012-05-04 4942336]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-04 1255736]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-10-01 302120]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-27 283200]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-05-04 15936]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-12 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-12 382312]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1707535600-1790980881-671917193-1000Core.job
- c:\users\Mr A\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 18:03]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1707535600-1790980881-671917193-1000UA.job
- c:\users\Mr A\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 18:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 216.228.160.5 216.228.160.6 216.228.160.7
FF - ProfilePath - c:\users\Mr A\AppData\Roaming\Mozilla\Firefox\Profiles\xedxndgn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1707535600-1790980881-671917193-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,6c,d1,d2,c0,4c,4e,0f,e2,7b,54,4e,58,34,af,3d,8e,d6,be,f6,d5,86,c1,
49,6f,0e,53,cc,73,58,6e,cd,80,3f,f9,55,f3,e7,5c,d5,7a,9e,59,f3,57,73,d3,3a,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-1707535600-1790980881-671917193-1000\Software\SecuROM\License information*]
"datasecu"=hex:46,06,3f,d6,94,86,62,8b,30,a8,71,83,9c,07,14,e9,e0,87,7c,dc,a2,
32,b4,d5,9a,05,35,f9,ca,1c,98,08,06,d0,38,18,07,aa,80,f5,c2,ad,a5,db,a2,8f,\
"rkeysecu"=hex:27,14,5d,c0,8d,38,37,a6,c5,13,56,73,1c,14,84,9f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-05 13:23:29
ComboFix-quarantined-files.txt 2012-08-05 20:23
.
Pre-Run: 138,092,871,680 bytes free
Post-Run: 138,029,113,344 bytes free
.
- - End Of File - - 12B3DBB8530506C8E18045391E74EC94

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 05 August 2012 - 05:47 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Baish

Baish
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 06 August 2012 - 06:48 PM

Here you are.



TDSS
======

16:12:40.0163 3828 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:12:40.0537 3828 ============================================================
16:12:40.0537 3828 Current date / time: 2012/08/05 16:12:40.0537
16:12:40.0537 3828 SystemInfo:
16:12:40.0537 3828
16:12:40.0537 3828 OS Version: 6.1.7601 ServicePack: 1.0
16:12:40.0537 3828 Product type: Workstation
16:12:40.0537 3828 ComputerName: THETERMINATOR
16:12:40.0537 3828 UserName: Mr A
16:12:40.0537 3828 Windows directory: C:\Windows
16:12:40.0537 3828 System windows directory: C:\Windows
16:12:40.0537 3828 Running under WOW64
16:12:40.0537 3828 Processor architecture: Intel x64
16:12:40.0537 3828 Number of processors: 4
16:12:40.0537 3828 Page size: 0x1000
16:12:40.0537 3828 Boot type: Normal boot
16:12:40.0537 3828 ============================================================
16:12:44.0141 3828 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:12:44.0156 3828 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:12:44.0172 3828 ============================================================
16:12:44.0172 3828 \Device\Harddisk0\DR0:
16:12:44.0172 3828 MBR partitions:
16:12:44.0172 3828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C5000
16:12:44.0172 3828 \Device\Harddisk1\DR1:
16:12:44.0172 3828 MBR partitions:
16:12:44.0172 3828 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
16:12:44.0172 3828 ============================================================
16:12:44.0172 3828 C: <-> \Device\Harddisk1\DR1\Partition0
16:12:44.0188 3828 E: <-> \Device\Harddisk0\DR0\Partition0
16:12:44.0188 3828 ============================================================
16:12:44.0188 3828 Initialize success
16:12:44.0188 3828 ============================================================
16:13:05.0093 3084 ============================================================
16:13:05.0093 3084 Scan started
16:13:05.0093 3084 Mode: Manual;
16:13:05.0093 3084 ============================================================
16:13:05.0888 3084 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:13:05.0904 3084 1394ohci - ok
16:13:05.0935 3084 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:13:05.0951 3084 ACPI - ok
16:13:05.0966 3084 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:13:05.0966 3084 AcpiPmi - ok
16:13:06.0029 3084 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:13:06.0044 3084 adp94xx - ok
16:13:06.0075 3084 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:13:06.0091 3084 adpahci - ok
16:13:06.0107 3084 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:13:06.0122 3084 adpu320 - ok
16:13:06.0153 3084 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:13:06.0153 3084 AeLookupSvc - ok
16:13:06.0200 3084 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:13:06.0231 3084 AFD - ok
16:13:06.0263 3084 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:13:06.0263 3084 agp440 - ok
16:13:06.0278 3084 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:13:06.0278 3084 ALG - ok
16:13:06.0294 3084 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:13:06.0294 3084 aliide - ok
16:13:06.0309 3084 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:13:06.0309 3084 amdide - ok
16:13:06.0341 3084 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:13:06.0341 3084 AmdK8 - ok
16:13:06.0356 3084 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:13:06.0356 3084 AmdPPM - ok
16:13:06.0387 3084 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
16:13:06.0403 3084 amdsata - ok
16:13:06.0419 3084 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:13:06.0434 3084 amdsbs - ok
16:13:06.0450 3084 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
16:13:06.0450 3084 amdxata - ok
16:13:06.0481 3084 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:13:06.0481 3084 AppID - ok
16:13:06.0512 3084 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:13:06.0528 3084 AppIDSvc - ok
16:13:06.0575 3084 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:13:06.0575 3084 Appinfo - ok
16:13:06.0606 3084 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:13:06.0621 3084 arc - ok
16:13:06.0621 3084 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:13:06.0637 3084 arcsas - ok
16:13:06.0746 3084 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:13:06.0746 3084 aspnet_state - ok
16:13:06.0809 3084 AsrCDDrv - ok
16:13:06.0809 3084 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:13:06.0809 3084 AsyncMac - ok
16:13:06.0840 3084 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:13:06.0840 3084 atapi - ok
16:13:06.0902 3084 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
16:13:06.0902 3084 atksgt - ok
16:13:06.0980 3084 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:13:06.0996 3084 AudioEndpointBuilder - ok
16:13:07.0011 3084 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:13:07.0011 3084 AudioSrv - ok
16:13:07.0058 3084 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:13:07.0058 3084 AxInstSV - ok
16:13:07.0105 3084 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:13:07.0121 3084 b06bdrv - ok
16:13:07.0152 3084 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:13:07.0167 3084 b57nd60a - ok
16:13:07.0199 3084 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:13:07.0214 3084 BDESVC - ok
16:13:07.0214 3084 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:13:07.0214 3084 Beep - ok
16:13:07.0292 3084 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:13:07.0308 3084 BFE - ok
16:13:07.0386 3084 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:13:07.0401 3084 BITS - ok
16:13:07.0448 3084 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:13:07.0448 3084 blbdrive - ok
16:13:07.0479 3084 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:13:07.0479 3084 bowser - ok
16:13:07.0511 3084 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:13:07.0511 3084 BrFiltLo - ok
16:13:07.0511 3084 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:13:07.0511 3084 BrFiltUp - ok
16:13:07.0526 3084 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:13:07.0526 3084 BridgeMP - ok
16:13:07.0573 3084 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:13:07.0573 3084 Browser - ok
16:13:07.0604 3084 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:13:07.0620 3084 Brserid - ok
16:13:07.0620 3084 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:13:07.0620 3084 BrSerWdm - ok
16:13:07.0620 3084 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:13:07.0635 3084 BrUsbMdm - ok
16:13:07.0635 3084 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:13:07.0635 3084 BrUsbSer - ok
16:13:07.0635 3084 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:13:07.0635 3084 BTHMODEM - ok
16:13:07.0667 3084 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:13:07.0682 3084 bthserv - ok
16:13:07.0698 3084 catchme - ok
16:13:07.0713 3084 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:13:07.0729 3084 cdfs - ok
16:13:07.0760 3084 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:13:07.0760 3084 cdrom - ok
16:13:07.0807 3084 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:13:07.0807 3084 CertPropSvc - ok
16:13:07.0823 3084 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:13:07.0823 3084 circlass - ok
16:13:07.0869 3084 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:13:07.0885 3084 CLFS - ok
16:13:07.0947 3084 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:13:07.0947 3084 clr_optimization_v2.0.50727_32 - ok
16:13:07.0994 3084 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:13:07.0994 3084 clr_optimization_v2.0.50727_64 - ok
16:13:08.0088 3084 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:13:08.0088 3084 clr_optimization_v4.0.30319_32 - ok
16:13:08.0119 3084 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:13:08.0119 3084 clr_optimization_v4.0.30319_64 - ok
16:13:08.0166 3084 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:13:08.0166 3084 CmBatt - ok
16:13:08.0181 3084 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:13:08.0181 3084 cmdide - ok
16:13:08.0244 3084 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
16:13:08.0259 3084 CNG - ok
16:13:08.0275 3084 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:13:08.0275 3084 Compbatt - ok
16:13:08.0322 3084 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:13:08.0322 3084 CompositeBus - ok
16:13:08.0337 3084 COMSysApp - ok
16:13:08.0384 3084 cpuz135 (75dbd5db9892d7451d0429bec1aabe1a) C:\Windows\system32\drivers\cpuz135_x64.sys
16:13:08.0384 3084 cpuz135 - ok
16:13:08.0400 3084 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:13:08.0400 3084 crcdisk - ok
16:13:08.0447 3084 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:13:08.0462 3084 CryptSvc - ok
16:13:08.0509 3084 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:13:08.0525 3084 DcomLaunch - ok
16:13:08.0556 3084 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:13:08.0571 3084 defragsvc - ok
16:13:08.0618 3084 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:13:08.0618 3084 DfsC - ok
16:13:08.0665 3084 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:13:08.0681 3084 Dhcp - ok
16:13:08.0712 3084 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:13:08.0712 3084 discache - ok
16:13:08.0743 3084 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:13:08.0743 3084 Disk - ok
16:13:08.0774 3084 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:13:08.0790 3084 Dnscache - ok
16:13:08.0837 3084 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:13:08.0837 3084 dot3svc - ok
16:13:08.0883 3084 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:13:08.0899 3084 DPS - ok
16:13:08.0915 3084 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:13:08.0930 3084 drmkaud - ok
16:13:08.0977 3084 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:13:08.0977 3084 dtsoftbus01 - ok
16:13:09.0055 3084 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:13:09.0071 3084 DXGKrnl - ok
16:13:09.0102 3084 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:13:09.0102 3084 EapHost - ok
16:13:09.0242 3084 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:13:09.0336 3084 ebdrv - ok
16:13:09.0414 3084 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:13:09.0414 3084 EFS - ok
16:13:09.0492 3084 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:13:09.0585 3084 ehRecvr - ok
16:13:09.0617 3084 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:13:09.0663 3084 ehSched - ok
16:13:09.0710 3084 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:13:09.0726 3084 elxstor - ok
16:13:09.0757 3084 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:13:09.0757 3084 ErrDev - ok
16:13:09.0788 3084 EtronHub3 (df2f6c1e55f6e81cfc7f688380d85816) C:\Windows\system32\Drivers\EtronHub3.sys
16:13:09.0788 3084 EtronHub3 - ok
16:13:09.0819 3084 EtronXHCI (e093abfb67a4b9d94f80611a7d0a8bb9) C:\Windows\system32\Drivers\EtronXHCI.sys
16:13:09.0819 3084 EtronXHCI - ok
16:13:09.0866 3084 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:13:09.0882 3084 EventSystem - ok
16:13:09.0913 3084 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:13:09.0929 3084 exfat - ok
16:13:09.0929 3084 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:13:09.0944 3084 fastfat - ok
16:13:10.0007 3084 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:13:10.0022 3084 Fax - ok
16:13:10.0038 3084 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:13:10.0038 3084 fdc - ok
16:13:10.0053 3084 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:13:10.0053 3084 fdPHost - ok
16:13:10.0069 3084 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:13:10.0069 3084 FDResPub - ok
16:13:10.0100 3084 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:13:10.0100 3084 FileInfo - ok
16:13:10.0100 3084 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:13:10.0100 3084 Filetrace - ok
16:13:10.0100 3084 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:13:10.0116 3084 flpydisk - ok
16:13:10.0147 3084 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:13:10.0147 3084 FltMgr - ok
16:13:10.0178 3084 FNETURPX (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS
16:13:10.0194 3084 FNETURPX - ok
16:13:10.0256 3084 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:13:10.0303 3084 FontCache - ok
16:13:10.0365 3084 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:13:10.0365 3084 FontCache3.0.0.0 - ok
16:13:10.0397 3084 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:13:10.0397 3084 FsDepends - ok
16:13:10.0428 3084 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:13:10.0428 3084 Fs_Rec - ok
16:13:10.0475 3084 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:13:10.0490 3084 fvevol - ok
16:13:10.0506 3084 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:13:10.0506 3084 gagp30kx - ok
16:13:10.0584 3084 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:13:10.0615 3084 gpsvc - ok
16:13:10.0631 3084 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:13:10.0631 3084 hcw85cir - ok
16:13:10.0677 3084 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:13:10.0693 3084 HdAudAddService - ok
16:13:10.0724 3084 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:13:10.0724 3084 HDAudBus - ok
16:13:10.0740 3084 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:13:10.0740 3084 HidBatt - ok
16:13:10.0755 3084 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:13:10.0755 3084 HidBth - ok
16:13:10.0771 3084 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:13:10.0771 3084 HidIr - ok
16:13:10.0787 3084 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:13:10.0787 3084 hidserv - ok
16:13:10.0833 3084 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:13:10.0833 3084 HidUsb - ok
16:13:10.0865 3084 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:13:10.0865 3084 hkmsvc - ok
16:13:10.0911 3084 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:13:10.0927 3084 HomeGroupListener - ok
16:13:10.0958 3084 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:13:10.0974 3084 HomeGroupProvider - ok
16:13:11.0005 3084 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:13:11.0005 3084 HpSAMD - ok
16:13:11.0067 3084 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:13:11.0083 3084 HTTP - ok
16:13:11.0114 3084 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:13:11.0114 3084 hwpolicy - ok
16:13:11.0145 3084 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:13:11.0161 3084 i8042prt - ok
16:13:11.0177 3084 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
16:13:11.0208 3084 iaStorV - ok
16:13:11.0301 3084 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:13:11.0333 3084 idsvc - ok
16:13:11.0364 3084 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:13:11.0364 3084 iirsp - ok
16:13:11.0442 3084 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:13:11.0473 3084 IKEEXT - ok
16:13:11.0613 3084 IntcAzAudAddService (c7124da48e557d8f88d0d7f1254557f4) C:\Windows\system32\drivers\RTKVHD64.sys
16:13:11.0613 3084 IntcAzAudAddService - ok
16:13:11.0723 3084 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:13:11.0723 3084 intelide - ok
16:13:11.0754 3084 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:13:11.0754 3084 intelppm - ok
16:13:11.0769 3084 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:13:11.0785 3084 IPBusEnum - ok
16:13:11.0816 3084 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:13:11.0816 3084 IpFilterDriver - ok
16:13:11.0894 3084 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:13:11.0910 3084 iphlpsvc - ok
16:13:11.0941 3084 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:13:11.0941 3084 IPMIDRV - ok
16:13:11.0972 3084 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:13:11.0972 3084 IPNAT - ok
16:13:12.0003 3084 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:13:12.0003 3084 IRENUM - ok
16:13:12.0035 3084 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:13:12.0035 3084 isapnp - ok
16:13:12.0050 3084 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:13:12.0066 3084 iScsiPrt - ok
16:13:12.0081 3084 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:13:12.0081 3084 kbdclass - ok
16:13:12.0113 3084 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:13:12.0113 3084 kbdhid - ok
16:13:12.0128 3084 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:13:12.0144 3084 KeyIso - ok
16:13:12.0175 3084 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
16:13:12.0191 3084 KSecDD - ok
16:13:12.0191 3084 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
16:13:12.0206 3084 KSecPkg - ok
16:13:12.0222 3084 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:13:12.0222 3084 ksthunk - ok
16:13:12.0269 3084 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:13:12.0300 3084 KtmRm - ok
16:13:12.0331 3084 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:13:12.0347 3084 LanmanServer - ok
16:13:12.0378 3084 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:13:12.0393 3084 LanmanWorkstation - ok
16:13:12.0503 3084 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:13:12.0518 3084 LBTServ - ok
16:13:12.0581 3084 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
16:13:12.0581 3084 LEqdUsb - ok
16:13:12.0596 3084 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
16:13:12.0596 3084 LHidEqd - ok
16:13:12.0643 3084 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:13:12.0643 3084 LHidFilt - ok
16:13:12.0705 3084 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
16:13:12.0705 3084 lirsgt - ok
16:13:12.0721 3084 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:13:12.0721 3084 lltdio - ok
16:13:12.0768 3084 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:13:12.0768 3084 lltdsvc - ok
16:13:12.0783 3084 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:13:12.0799 3084 lmhosts - ok
16:13:12.0799 3084 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:13:12.0799 3084 LMouFilt - ok
16:13:12.0846 3084 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:13:12.0846 3084 LSI_FC - ok
16:13:12.0877 3084 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:13:12.0877 3084 LSI_SAS - ok
16:13:12.0893 3084 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:13:12.0893 3084 LSI_SAS2 - ok
16:13:12.0908 3084 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:13:12.0908 3084 LSI_SCSI - ok
16:13:12.0924 3084 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:13:12.0939 3084 luafv - ok
16:13:12.0971 3084 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
16:13:12.0971 3084 MBfilt - ok
16:13:12.0986 3084 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:13:13.0002 3084 Mcx2Svc - ok
16:13:13.0017 3084 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:13:13.0017 3084 megasas - ok
16:13:13.0033 3084 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:13:13.0049 3084 MegaSR - ok
16:13:13.0080 3084 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:13:13.0080 3084 MEIx64 - ok
16:13:13.0111 3084 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:13:13.0111 3084 MMCSS - ok
16:13:13.0127 3084 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:13:13.0127 3084 Modem - ok
16:13:13.0158 3084 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:13:13.0158 3084 monitor - ok
16:13:13.0189 3084 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:13:13.0189 3084 mouclass - ok
16:13:13.0189 3084 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:13:13.0205 3084 mouhid - ok
16:13:13.0236 3084 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:13:13.0251 3084 mountmgr - ok
16:13:13.0329 3084 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:13:13.0345 3084 MozillaMaintenance - ok
16:13:13.0392 3084 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
16:13:13.0407 3084 MpFilter - ok
16:13:13.0439 3084 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:13:13.0439 3084 mpio - ok
16:13:13.0485 3084 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:13:13.0485 3084 mpsdrv - ok
16:13:13.0563 3084 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:13:13.0595 3084 MpsSvc - ok
16:13:13.0626 3084 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:13:13.0641 3084 MRxDAV - ok
16:13:13.0657 3084 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:13:13.0673 3084 mrxsmb - ok
16:13:13.0688 3084 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:13:13.0704 3084 mrxsmb10 - ok
16:13:13.0719 3084 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:13:13.0719 3084 mrxsmb20 - ok
16:13:13.0751 3084 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:13:13.0751 3084 msahci - ok
16:13:13.0782 3084 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:13:13.0782 3084 msdsm - ok
16:13:13.0813 3084 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:13:13.0829 3084 MSDTC - ok
16:13:13.0860 3084 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:13:13.0860 3084 Msfs - ok
16:13:13.0875 3084 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:13:13.0875 3084 mshidkmdf - ok
16:13:13.0891 3084 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:13:13.0891 3084 msisadrv - ok
16:13:13.0922 3084 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:13:13.0938 3084 MSiSCSI - ok
16:13:13.0938 3084 msiserver - ok
16:13:13.0953 3084 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:13:13.0969 3084 MSKSSRV - ok
16:13:14.0047 3084 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:13:14.0047 3084 MsMpSvc - ok
16:13:14.0047 3084 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:13:14.0047 3084 MSPCLOCK - ok
16:13:14.0047 3084 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:13:14.0047 3084 MSPQM - ok
16:13:14.0094 3084 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:13:14.0109 3084 MsRPC - ok
16:13:14.0125 3084 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:13:14.0125 3084 mssmbios - ok
16:13:14.0141 3084 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:13:14.0141 3084 MSTEE - ok
16:13:14.0156 3084 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:13:14.0156 3084 MTConfig - ok
16:13:14.0172 3084 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:13:14.0172 3084 Mup - ok
16:13:14.0219 3084 mv91xx (4fad606c7aeb336e5aa4a005de09ca80) C:\Windows\system32\DRIVERS\mv91xx.sys
16:13:14.0234 3084 mv91xx - ok
16:13:14.0281 3084 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:13:14.0297 3084 napagent - ok
16:13:14.0328 3084 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:13:14.0343 3084 NativeWifiP - ok
16:13:14.0406 3084 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:13:14.0437 3084 NDIS - ok
16:13:14.0453 3084 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:13:14.0453 3084 NdisCap - ok
16:13:14.0468 3084 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:13:14.0468 3084 NdisTapi - ok
16:13:14.0499 3084 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:13:14.0499 3084 Ndisuio - ok
16:13:14.0546 3084 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:13:14.0546 3084 NdisWan - ok
16:13:14.0577 3084 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:13:14.0577 3084 NDProxy - ok
16:13:14.0593 3084 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:13:14.0593 3084 NetBIOS - ok
16:13:14.0640 3084 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:13:14.0640 3084 NetBT - ok
16:13:14.0687 3084 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:13:14.0687 3084 Netlogon - ok
16:13:14.0718 3084 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:13:14.0733 3084 Netman - ok
16:13:14.0827 3084 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:13:14.0843 3084 NetMsmqActivator - ok
16:13:14.0843 3084 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:13:14.0843 3084 NetPipeActivator - ok
16:13:14.0874 3084 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:13:14.0889 3084 netprofm - ok
16:13:14.0889 3084 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:13:14.0889 3084 NetTcpActivator - ok
16:13:14.0889 3084 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:13:14.0905 3084 NetTcpPortSharing - ok
16:13:14.0952 3084 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:13:14.0952 3084 nfrd960 - ok
16:13:14.0983 3084 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:13:14.0983 3084 NisDrv - ok
16:13:15.0092 3084 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
16:13:15.0108 3084 NisSrv - ok
16:13:15.0170 3084 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:13:15.0186 3084 NlaSvc - ok
16:13:15.0201 3084 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:13:15.0201 3084 Npfs - ok
16:13:15.0217 3084 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:13:15.0217 3084 nsi - ok
16:13:15.0233 3084 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:13:15.0233 3084 nsiproxy - ok
16:13:15.0326 3084 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
16:13:15.0389 3084 Ntfs - ok
16:13:15.0467 3084 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:13:15.0467 3084 Null - ok
16:13:15.0498 3084 NVHDA (5f1ff880adacf7e0ff7c27ba188b05da) C:\Windows\system32\drivers\nvhda64v.sys
16:13:15.0513 3084 NVHDA - ok
16:13:16.0028 3084 nvlddmkm (8917336c07fa25d37d460fe49195a7ea) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:13:16.0106 3084 nvlddmkm - ok
16:13:16.0184 3084 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
16:13:16.0200 3084 nvraid - ok
16:13:16.0231 3084 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
16:13:16.0247 3084 nvstor - ok
16:13:16.0309 3084 nvsvc (37d1f21763ff1b40ae8715aa793b1a33) C:\Windows\system32\nvvsvc.exe
16:13:16.0340 3084 nvsvc - ok
16:13:16.0434 3084 nvUpdatusService (16775fc73ac10da31cf61382b1927fa4) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:13:16.0449 3084 nvUpdatusService - ok
16:13:16.0559 3084 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:13:16.0559 3084 nv_agp - ok
16:13:16.0590 3084 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:13:16.0590 3084 ohci1394 - ok
16:13:16.0621 3084 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:13:16.0637 3084 p2pimsvc - ok
16:13:16.0668 3084 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:13:16.0683 3084 p2psvc - ok
16:13:16.0715 3084 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:13:16.0715 3084 Parport - ok
16:13:16.0746 3084 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:13:16.0746 3084 partmgr - ok
16:13:16.0761 3084 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:13:16.0777 3084 PcaSvc - ok
16:13:16.0808 3084 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:13:16.0808 3084 pci - ok
16:13:16.0824 3084 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:13:16.0824 3084 pciide - ok
16:13:16.0839 3084 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:13:16.0855 3084 pcmcia - ok
16:13:16.0871 3084 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:13:16.0871 3084 pcw - ok
16:13:16.0902 3084 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:13:16.0933 3084 PEAUTH - ok
16:13:16.0995 3084 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:13:16.0995 3084 PerfHost - ok
16:13:17.0089 3084 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:13:17.0136 3084 pla - ok
16:13:17.0183 3084 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:13:17.0183 3084 PlugPlay - ok
16:13:17.0214 3084 PnkBstrA - ok
16:13:17.0229 3084 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:13:17.0229 3084 PNRPAutoReg - ok
16:13:17.0261 3084 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:13:17.0261 3084 PNRPsvc - ok
16:13:17.0307 3084 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:13:17.0323 3084 PolicyAgent - ok
16:13:17.0370 3084 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:13:17.0370 3084 Power - ok
16:13:17.0432 3084 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:13:17.0432 3084 PptpMiniport - ok
16:13:17.0463 3084 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:13:17.0463 3084 Processor - ok
16:13:17.0479 3084 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:13:17.0495 3084 ProfSvc - ok
16:13:17.0510 3084 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:13:17.0526 3084 ProtectedStorage - ok
16:13:17.0557 3084 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:13:17.0557 3084 Psched - ok
16:13:17.0635 3084 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:13:17.0682 3084 ql2300 - ok
16:13:17.0791 3084 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:13:17.0791 3084 ql40xx - ok
16:13:17.0822 3084 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:13:17.0838 3084 QWAVE - ok
16:13:17.0869 3084 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:13:17.0869 3084 QWAVEdrv - ok
16:13:17.0869 3084 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:13:17.0869 3084 RasAcd - ok
16:13:17.0900 3084 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:13:17.0900 3084 RasAgileVpn - ok
16:13:17.0916 3084 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:13:17.0931 3084 RasAuto - ok
16:13:17.0947 3084 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:13:17.0963 3084 Rasl2tp - ok
16:13:17.0994 3084 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:13:18.0025 3084 RasMan - ok
16:13:18.0041 3084 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:13:18.0041 3084 RasPppoe - ok
16:13:18.0072 3084 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:13:18.0072 3084 RasSstp - ok
16:13:18.0119 3084 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:13:18.0119 3084 rdbss - ok
16:13:18.0150 3084 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:13:18.0150 3084 rdpbus - ok
16:13:18.0165 3084 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:13:18.0165 3084 RDPCDD - ok
16:13:18.0181 3084 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:13:18.0181 3084 RDPENCDD - ok
16:13:18.0197 3084 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:13:18.0197 3084 RDPREFMP - ok
16:13:18.0228 3084 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:13:18.0243 3084 RDPWD - ok
16:13:18.0290 3084 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:13:18.0306 3084 rdyboost - ok
16:13:18.0321 3084 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:13:18.0337 3084 RemoteAccess - ok
16:13:18.0368 3084 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:13:18.0384 3084 RemoteRegistry - ok
16:13:18.0399 3084 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:13:18.0399 3084 RpcEptMapper - ok
16:13:18.0415 3084 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:13:18.0415 3084 RpcLocator - ok
16:13:18.0462 3084 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
16:13:18.0477 3084 RpcSs - ok
16:13:18.0493 3084 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:13:18.0493 3084 rspndr - ok
16:13:18.0540 3084 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:13:18.0540 3084 RTL8167 - ok
16:13:18.0571 3084 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:13:18.0571 3084 SamSs - ok
16:13:18.0602 3084 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:13:18.0602 3084 sbp2port - ok
16:13:18.0633 3084 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:13:18.0649 3084 SCardSvr - ok
16:13:18.0680 3084 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:13:18.0680 3084 scfilter - ok
16:13:18.0743 3084 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:13:18.0789 3084 Schedule - ok
16:13:18.0821 3084 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:13:18.0821 3084 SCPolicySvc - ok
16:13:18.0852 3084 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:13:18.0867 3084 SDRSVC - ok
16:13:18.0914 3084 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:13:18.0914 3084 secdrv - ok
16:13:18.0930 3084 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:13:18.0930 3084 seclogon - ok
16:13:18.0945 3084 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:13:18.0945 3084 SENS - ok
16:13:18.0977 3084 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:13:18.0977 3084 SensrSvc - ok
16:13:18.0992 3084 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:13:18.0992 3084 Serenum - ok
16:13:19.0023 3084 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:13:19.0039 3084 Serial - ok
16:13:19.0070 3084 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:13:19.0070 3084 sermouse - ok
16:13:19.0101 3084 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:13:19.0117 3084 SessionEnv - ok
16:13:19.0133 3084 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:13:19.0133 3084 sffdisk - ok
16:13:19.0148 3084 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:13:19.0148 3084 sffp_mmc - ok
16:13:19.0148 3084 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:13:19.0148 3084 sffp_sd - ok
16:13:19.0164 3084 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:13:19.0164 3084 sfloppy - ok
16:13:19.0226 3084 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:13:19.0242 3084 SharedAccess - ok
16:13:19.0289 3084 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:13:19.0304 3084 ShellHWDetection - ok
16:13:19.0320 3084 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:13:19.0320 3084 SiSRaid2 - ok
16:13:19.0335 3084 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:13:19.0351 3084 SiSRaid4 - ok
16:13:19.0367 3084 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:13:19.0367 3084 Smb - ok
16:13:19.0398 3084 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:13:19.0398 3084 SNMPTRAP - ok
16:13:19.0413 3084 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:13:19.0413 3084 spldr - ok
16:13:19.0476 3084 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:13:19.0491 3084 Spooler - ok
16:13:19.0663 3084 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:13:19.0757 3084 sppsvc - ok
16:13:19.0835 3084 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:13:19.0835 3084 sppuinotify - ok
16:13:19.0897 3084 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:13:19.0913 3084 srv - ok
16:13:19.0928 3084 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:13:19.0944 3084 srv2 - ok
16:13:19.0959 3084 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:13:19.0975 3084 srvnet - ok
16:13:20.0006 3084 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:13:20.0022 3084 SSDPSRV - ok
16:13:20.0037 3084 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:13:20.0037 3084 SstpSvc - ok
16:13:20.0115 3084 Steam Client Service - ok
16:13:20.0209 3084 Stereo Service (faf7bf30b496e839a87c024e309b2a3f) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:13:20.0209 3084 Stereo Service - ok
16:13:20.0225 3084 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:13:20.0240 3084 stexstor - ok
16:13:20.0303 3084 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:13:20.0318 3084 stisvc - ok
16:13:20.0349 3084 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:13:20.0349 3084 swenum - ok
16:13:20.0412 3084 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:13:20.0459 3084 swprv - ok
16:13:20.0552 3084 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:13:20.0599 3084 SysMain - ok
16:13:20.0693 3084 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:13:20.0693 3084 TabletInputService - ok
16:13:20.0724 3084 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:13:20.0724 3084 TapiSrv - ok
16:13:20.0739 3084 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:13:20.0739 3084 TBS - ok
16:13:20.0880 3084 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:13:20.0942 3084 Tcpip - ok
16:13:21.0051 3084 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:13:21.0067 3084 TCPIP6 - ok
16:13:21.0129 3084 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:13:21.0129 3084 tcpipreg - ok
16:13:21.0145 3084 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:13:21.0145 3084 TDPIPE - ok
16:13:21.0176 3084 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:13:21.0176 3084 TDTCP - ok
16:13:21.0207 3084 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:13:21.0207 3084 tdx - ok
16:13:21.0239 3084 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:13:21.0239 3084 TermDD - ok
16:13:21.0301 3084 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:13:21.0317 3084 TermService - ok
16:13:21.0348 3084 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:13:21.0348 3084 Themes - ok
16:13:21.0379 3084 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:13:21.0379 3084 THREADORDER - ok
16:13:21.0395 3084 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:13:21.0395 3084 TrkWks - ok
16:13:21.0457 3084 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:13:21.0488 3084 TrustedInstaller - ok
16:13:21.0519 3084 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:13:21.0519 3084 tssecsrv - ok
16:13:21.0566 3084 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:13:21.0582 3084 TsUsbFlt - ok
16:13:21.0629 3084 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:13:21.0629 3084 tunnel - ok
16:13:21.0660 3084 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:13:21.0660 3084 uagp35 - ok
16:13:21.0707 3084 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:13:21.0707 3084 udfs - ok
16:13:21.0738 3084 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:13:21.0753 3084 UI0Detect - ok
16:13:21.0785 3084 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:13:21.0785 3084 uliagpkx - ok
16:13:21.0800 3084 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:13:21.0800 3084 umbus - ok
16:13:21.0816 3084 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:13:21.0816 3084 UmPass - ok
16:13:21.0847 3084 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:13:21.0878 3084 upnphost - ok
16:13:21.0909 3084 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
16:13:21.0925 3084 usbccgp - ok
16:13:21.0925 3084 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:13:21.0941 3084 usbcir - ok
16:13:21.0941 3084 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
16:13:21.0941 3084 usbehci - ok
16:13:21.0972 3084 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
16:13:21.0987 3084 usbhub - ok
16:13:21.0987 3084 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
16:13:21.0987 3084 usbohci - ok
16:13:22.0019 3084 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:13:22.0019 3084 usbprint - ok
16:13:22.0034 3084 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
16:13:22.0034 3084 USBSTOR - ok
16:13:22.0050 3084 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
16:13:22.0050 3084 usbuhci - ok
16:13:22.0065 3084 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:13:22.0081 3084 UxSms - ok
16:13:22.0097 3084 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:13:22.0097 3084 VaultSvc - ok
16:13:22.0112 3084 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:13:22.0112 3084 vdrvroot - ok
16:13:22.0175 3084 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:13:22.0206 3084 vds - ok
16:13:22.0237 3084 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:13:22.0237 3084 vga - ok
16:13:22.0253 3084 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:13:22.0253 3084 VgaSave - ok
16:13:22.0299 3084 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:13:22.0315 3084 vhdmp - ok
16:13:22.0331 3084 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:13:22.0331 3084 viaide - ok
16:13:22.0362 3084 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:13:22.0362 3084 volmgr - ok
16:13:22.0409 3084 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:13:22.0424 3084 volmgrx - ok
16:13:22.0455 3084 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:13:22.0471 3084 volsnap - ok
16:13:22.0487 3084 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:13:22.0502 3084 vsmraid - ok
16:13:22.0611 3084 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:13:22.0658 3084 VSS - ok
16:13:22.0767 3084 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:13:22.0767 3084 vwifibus - ok
16:13:22.0814 3084 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:13:22.0830 3084 W32Time - ok
16:13:22.0861 3084 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:13:22.0861 3084 WacomPen - ok
16:13:22.0908 3084 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:13:22.0923 3084 WANARP - ok
16:13:22.0939 3084 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:13:22.0939 3084 Wanarpv6 - ok
16:13:23.0017 3084 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:13:23.0064 3084 WatAdminSvc - ok
16:13:23.0142 3084 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:13:23.0189 3084 wbengine - ok
16:13:23.0282 3084 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:13:23.0298 3084 WbioSrvc - ok
16:13:23.0345 3084 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:13:23.0360 3084 wcncsvc - ok
16:13:23.0376 3084 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:13:23.0376 3084 WcsPlugInService - ok
16:13:23.0423 3084 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:13:23.0423 3084 Wd - ok
16:13:23.0469 3084 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:13:23.0485 3084 Wdf01000 - ok
16:13:23.0501 3084 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:13:23.0501 3084 WdiServiceHost - ok
16:13:23.0516 3084 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:13:23.0516 3084 WdiSystemHost - ok
16:13:23.0547 3084 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:13:23.0563 3084 WebClient - ok
16:13:23.0594 3084 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:13:23.0610 3084 Wecsvc - ok
16:13:23.0625 3084 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:13:23.0625 3084 wercplsupport - ok
16:13:23.0657 3084 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:13:23.0657 3084 WerSvc - ok
16:13:23.0703 3084 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:13:23.0703 3084 WfpLwf - ok
16:13:23.0719 3084 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:13:23.0719 3084 WIMMount - ok
16:13:23.0750 3084 WinDefend - ok
16:13:23.0750 3084 WinHttpAutoProxySvc - ok
16:13:23.0813 3084 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:13:23.0813 3084 Winmgmt - ok
16:13:23.0937 3084 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:13:24.0000 3084 WinRM - ok
16:13:24.0125 3084 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:13:24.0140 3084 Wlansvc - ok
16:13:24.0187 3084 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:13:24.0203 3084 WmiAcpi - ok
16:13:24.0249 3084 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:13:24.0296 3084 wmiApSrv - ok
16:13:24.0343 3084 WMPNetworkSvc - ok
16:13:24.0359 3084 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:13:24.0359 3084 WPCSvc - ok
16:13:24.0405 3084 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:13:24.0405 3084 WPDBusEnum - ok
16:13:24.0437 3084 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:13:24.0437 3084 ws2ifsl - ok
16:13:24.0452 3084 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:13:24.0468 3084 wscsvc - ok
16:13:24.0468 3084 WSearch - ok
16:13:24.0608 3084 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:13:24.0686 3084 wuauserv - ok
16:13:24.0780 3084 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:13:24.0780 3084 WudfPf - ok
16:13:24.0811 3084 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:13:24.0811 3084 wudfsvc - ok
16:13:24.0858 3084 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:13:24.0858 3084 WwanSvc - ok
16:13:24.0873 3084 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:13:24.0920 3084 \Device\Harddisk0\DR0 - ok
16:13:24.0936 3084 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:13:25.0076 3084 \Device\Harddisk1\DR1 - ok
16:13:25.0076 3084 Boot (0x1200) (4ad57c2d71d2103d3a44f4cbae0669bd) \Device\Harddisk0\DR0\Partition0
16:13:25.0076 3084 \Device\Harddisk0\DR0\Partition0 - ok
16:13:25.0092 3084 Boot (0x1200) (e11741e26834917d677316c85d2deb83) \Device\Harddisk1\DR1\Partition0
16:13:25.0092 3084 \Device\Harddisk1\DR1\Partition0 - ok
16:13:25.0092 3084 ============================================================
16:13:25.0092 3084 Scan finished
16:13:25.0092 3084 ============================================================
16:13:25.0092 4444 Detected object count: 0
16:13:25.0092 4444 Actual detected object count: 0
16:14:26.0213 4136 Deinitialize success



AnswMBR
==============

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 16:15:15
-----------------------------
16:15:15.212 OS Version: Windows x64 6.1.7601 Service Pack 1
16:15:15.212 Number of processors: 4 586 0x2A07
16:15:15.212 ComputerName: THETERMINATOR UserName: Mr A
16:15:15.727 Initialize success
16:17:02.324 AVAST engine defs: 12080501
16:17:06.567 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:17:06.567 Disk 0 Vendor: WDC_WD2500AAJS-00VTA0 01.01B01 Size: 238475MB BusType: 3
16:17:06.583 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
16:17:06.583 Disk 1 Vendor: ST3250410AS 3.AAF Size: 238475MB BusType: 3
16:17:06.598 Disk 1 MBR read successfully
16:17:06.598 Disk 1 MBR scan
16:17:06.598 Disk 1 Windows 7 default MBR code
16:17:06.614 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
16:17:06.692 Disk 1 scanning C:\Windows\system32\drivers
16:17:19.172 Service scanning
16:17:44.007 Modules scanning
16:17:44.007 Disk 1 trace - called modules:
16:17:44.023 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:17:44.522 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007fa2060]
16:17:44.522 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007801520]
16:17:44.522 5 ACPI.sys[fffff88000fa27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80077fd680]
16:17:45.193 AVAST engine scan C:\Windows
16:17:49.108 AVAST engine scan C:\Windows\system32
16:21:47.124 AVAST engine scan C:\Windows\system32\drivers
16:22:00.509 AVAST engine scan C:\Users\Mr A
16:26:28.234 AVAST engine scan C:\ProgramData
16:27:01.628 Scan finished successfully
16:30:55.424 Disk 1 MBR has been saved successfully to "C:\Users\Mr A\Desktop\MBR.dat"
16:30:55.459 The log file has been saved successfully to "C:\Users\Mr A\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 06 August 2012 - 09:08 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 08 August 2012 - 11:19 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Baish

Baish
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 09 August 2012 - 01:59 AM

Hey, had to take some time off for personal reasons and didn't have access to my PC. Thanks again.

The redirects have ceased since running the script without any additional problems, so outwardly there doesn't appear to be anything significant, i'm ready to continue when you are. Cheers.

Here is the log from ComboFix

===========

ComboFix 12-08-05.02 - Mr A 08/06/2012 21:50:47.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6730 [GMT -7:00]
Running from: c:\users\Mr A\Desktop\ComboFix.exe
Command switches used :: c:\users\Mr A\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 04:55 . 2012-08-07 04:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-07 04:55 . 2012-08-07 04:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 04:49 . 2012-08-07 04:49 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A205452C-EECD-46A5-8095-FB23B7899B2F}\offreg.dll
2012-08-06 22:38 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A205452C-EECD-46A5-8095-FB23B7899B2F}\mpengine.dll
2012-08-05 20:24 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-02 00:10 . 2012-08-02 04:21 -------- d-----w- c:\users\Mr A\AppData\Local\perforce
2012-07-28 20:33 . 2012-07-28 20:33 -------- d-----w- c:\users\Mr A\AppData\Local\{740B3D01-D8F3-11E1-8270-B8AC6F996F26}
2012-07-28 20:33 . 2012-07-28 20:33 -------- d-----w- c:\users\Mr A\AppData\Local\{740B0469-D8F3-11E1-8270-B8AC6F996F26}
2012-07-25 19:53 . 2012-07-25 19:53 -------- d-----w- c:\program files (x86)\Common Files\Wrye Bash
2012-07-25 19:52 . 2012-07-27 16:16 -------- d-----w- c:\program files\Nexus Mod Manager
2012-07-25 18:03 . 2012-07-25 18:04 -------- d-----w- c:\users\Mr A\AppData\Local\Google
2012-07-25 15:55 . 2012-02-09 21:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5E23DE7-E82A-49D1-B3C1-C09FC561A5A4}\gapaengine.dll
2012-07-25 15:53 . 2012-07-25 15:53 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-25 15:53 . 2012-07-25 15:53 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-25 15:50 . 2012-07-25 15:49 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-25 15:50 . 2012-07-25 15:49 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-25 15:50 . 2012-07-25 15:49 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-25 15:50 . 2012-07-25 15:49 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-25 15:50 . 2012-07-25 15:49 188912 ----a-w- c:\windows\system32\java.exe
2012-07-25 15:49 . 2012-07-25 15:49 -------- d-----w- c:\program files\Java
2012-07-24 23:25 . 2012-07-24 23:25 -------- d-----w- c:\program files (x86)\ESET
2012-07-23 02:39 . 2012-07-23 02:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-22 21:27 . 2012-07-22 21:27 -------- d-----w- c:\users\Mr A\AppData\Local\ArmA 2 Free
2012-07-22 03:19 . 2012-07-22 03:19 -------- d-----w- C:\Icon Index
2012-07-21 18:14 . 2012-07-21 18:14 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-07-21 03:46 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-21 02:34 . 2012-07-21 02:34 -------- d-----w- c:\program files (x86)\THQ
2012-07-21 02:15 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-21 02:15 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-21 02:15 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 04:32 . 2012-05-05 02:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 04:32 . 2012-05-05 02:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-21 03:45 . 2012-05-04 00:36 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 00:14 . 2012-05-05 04:14 218496 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-06 00:14 . 2012-05-05 00:23 218496 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-06 00:01 . 2012-05-05 00:23 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-03 20:46 . 2012-05-12 00:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 04:10 . 2012-06-30 04:08 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-06-30 04:10 . 2012-06-30 04:08 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-06-25 14:49 . 2012-06-25 14:49 249856 ------w- c:\windows\Setup1.exe
2012-06-25 14:49 . 2012-06-25 14:49 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-06-15 03:01 . 2012-05-05 00:23 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-12 06:26 . 2012-06-28 20:18 9048424 ----a-w- c:\windows\system32\nvcuda.dll
2012-06-12 06:26 . 2012-06-28 20:18 827752 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-06-12 06:26 . 2012-06-28 20:18 7586664 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-06-12 06:26 . 2012-06-28 20:18 2743656 ----a-w- c:\windows\system32\nvcuvid.dll
2012-06-12 06:26 . 2012-06-28 20:18 26238824 ----a-w- c:\windows\system32\nvoglv64.dll
2012-06-12 06:26 . 2012-06-28 20:18 2572136 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-06-12 06:26 . 2012-06-28 20:18 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-06-12 06:26 . 2012-06-28 20:18 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-06-12 06:26 . 2012-06-28 20:18 2418024 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-06-12 06:26 . 2012-06-28 20:18 2215784 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-06-12 06:26 . 2012-06-28 20:18 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-06-12 06:26 . 2012-06-28 20:18 19834728 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-06-12 06:26 . 2012-06-28 20:18 1864552 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-06-12 06:26 . 2012-06-28 20:18 18231656 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-06-12 06:26 . 2012-06-28 20:18 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-06-12 06:26 . 2012-06-28 20:18 15282024 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-06-12 06:26 . 2012-06-28 20:18 1472360 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-06-12 06:26 . 2012-06-28 20:18 13353320 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-06-12 06:26 . 2012-06-28 20:18 12349288 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-06-12 06:26 . 2012-05-04 00:19 968552 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-06-12 06:26 . 2012-05-04 00:19 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-12 06:26 . 2012-05-04 00:19 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-12 06:26 . 2012-05-04 00:19 2719592 ----a-w- c:\windows\system32\nvapi64.dll
2012-06-12 06:26 . 2012-05-04 00:19 1758056 ----a-w- c:\windows\system32\nvdispco64.dll
2012-06-12 06:26 . 2012-05-04 00:19 14744424 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-06-12 03:51 . 2012-06-12 03:51 428392 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-06-12 02:30 . 2012-05-04 00:19 2653573 ----a-w- c:\windows\system32\nvcoproc.bin
2012-06-12 02:29 . 2012-05-04 00:19 3264360 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-12 02:29 . 2012-05-04 00:19 6189928 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-12 02:28 . 2012-05-04 00:19 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-12 02:28 . 2012-05-04 00:19 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-06-12 02:28 . 2012-05-04 00:19 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-08 14:56 . 2012-05-13 15:41 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-02 22:19 . 2012-06-21 15:01 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:01 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:01 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:01 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 15:01 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:01 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:01 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 15:01 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-30 06:29 . 2012-05-30 06:29 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-30 06:29 . 2012-05-30 06:29 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-05-27 16:38 . 2012-05-27 16:38 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-21 13:10 . 2012-06-28 20:18 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2012-05-21 13:10 . 2012-06-28 20:18 188776 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-05-21 07:34 . 2012-05-04 00:19 1468264 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-05-15 10:48 . 2012-05-22 23:42 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 23:42 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-04 00:19 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-14 12:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-14 12:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-13 15:41 . 2012-05-13 15:41 53248 ----a-r- c:\users\Mr A\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-05_20.21.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-04 00:06 . 2012-08-07 04:38 35338 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-07 04:38 32376 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-03 23:59 . 2012-08-05 21:48 15866 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1707535600-1790980881-671917193-1000_UserData.bin
- 2012-05-03 23:59 . 2012-08-03 23:07 15866 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1707535600-1790980881-671917193-1000_UserData.bin
- 2012-08-05 18:26 . 2012-08-05 18:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-07 04:36 . 2012-08-07 04:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-05 18:26 . 2012-08-05 18:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-07 04:36 . 2012-08-07 04:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-08-05 17:54 229220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-07 01:29 229220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-05 05:16 . 2012-08-07 01:29 45604064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1707535600-1790980881-671917193-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-03 1353080]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-07-02 3407496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2012-05-04 4942336]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-04 1255736]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-10-01 302120]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-27 283200]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-05-04 15936]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-12 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-12 382312]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1707535600-1790980881-671917193-1000Core.job
- c:\users\Mr A\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 18:03]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1707535600-1790980881-671917193-1000UA.job
- c:\users\Mr A\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 18:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 216.228.160.5 216.228.160.6 216.228.160.7
FF - ProfilePath - c:\users\Mr A\AppData\Roaming\Mozilla\Firefox\Profiles\xedxndgn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1707535600-1790980881-671917193-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,6c,d1,d2,c0,4c,4e,0f,e2,7b,54,4e,58,34,af,3d,8e,d6,be,f6,d5,86,c1,
49,6f,0e,53,cc,73,58,6e,cd,80,3f,f9,55,f3,e7,5c,d5,7a,9e,59,f3,57,73,d3,3a,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-1707535600-1790980881-671917193-1000\Software\SecuROM\License information*]
"datasecu"=hex:46,06,3f,d6,94,86,62,8b,30,a8,71,83,9c,07,14,e9,e0,87,7c,dc,a2,
32,b4,d5,9a,05,35,f9,ca,1c,98,08,06,d0,38,18,07,aa,80,f5,c2,ad,a5,db,a2,8f,\
"rkeysecu"=hex:27,14,5d,c0,8d,38,37,a6,c5,13,56,73,1c,14,84,9f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-06 21:56:47
ComboFix-quarantined-files.txt 2012-08-07 04:56
ComboFix2.txt 2012-08-05 20:23
.
Pre-Run: 136,808,890,368 bytes free
Post-Run: 136,565,129,216 bytes free
.
- - End Of File - - 83334757D9975CB1DBF3FAAD27520FC7

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 09 August 2012 - 08:23 AM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Baish

Baish
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 09 August 2012 - 03:36 PM

Ok, no problems running either of the programs, however there was another redirect prior to running the scans.

=====
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.09.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mr A :: THETERMINATOR [administrator]

8/9/2012 1:28:07 PM
mbam-log-2012-08-09 (13-28-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210844
Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





HijackThis
===========

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:31:30 PM, on 8/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Users\Mr A\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
O4 - HKLM\..\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKUS\S-1-5-21-1707535600-1790980881-671917193-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 09 August 2012 - 04:04 PM

tell me about the redirect

was it the computer or could it have been the web page you were on


what browser were you using


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 12 August 2012 - 12:11 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Baish

Baish
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 12 August 2012 - 05:07 PM

The redirect occurs when following any link at random from a google search, currently it takes me to one of the following URLs. Edited for spacing to refrain from posting a direct link to the websites. These do not occur when following links that are embedded on a webpage or are a part of the site interface. Navigating to a website by submitting the URL into the address bar does not cause these problems.

( http: //onlinesweekschoosing. info/?a=YWZmaWQ9MDU1ODg= ) Or (click .get-free-answers.com )

Neither of the pages fully load and only appear as a blank screen and will occasionally lock up
Firefox, which leaves me having to restart it on occasion. The websites that i frequent will range from general news websites, tech support forums, hardware & software review sites and various modding communities; all of which have been around for a respectable amount of time with a notable community and reputation. Nytimes, Overlock.net, Anandtech, Tomshardware etc. If i had to guess, i may have pulled this from a scam adobe update via a clickjack or something similar.

Ultimately these will happen at random and outside of the security issues in the past appear to remain the same and act as a nuisance while to me affirms an infected computer.

Edited by Baish, 12 August 2012 - 05:17 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 12 August 2012 - 05:27 PM

this only happens in firefox?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Baish

Baish
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 12 August 2012 - 05:53 PM

Just ran through a couple dozen links using Internet Explorer 9 & Chrome and no redirect. Just Firefox.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users