Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

suspicious behaviour, uncertain cause, mass paranoia


  • This topic is locked This topic is locked
21 replies to this topic

#1 ZT-repairseek

ZT-repairseek

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 02 August 2012 - 11:41 AM

okay so. after a webpage choked on me yesterday and caused three out of four trident-based browsers I have (semicomplicated situation there) to crap out on me untill the fourth was restarted, when going to any page attached to github.com I get an error message about framing not being allowed for security reasons. of course, nothing that I can see is using frames. so this leads me to suspect that there's some malware in effect.

however. I've run MBAM four times now, and done a full scan with avast, and both come up clean. yet that mysterious error persists. so now I'm here to post an HJT log and any logs from things I'm suggested to use, to see if anyone can come up with a cause for this.

without further ado, HJT:


~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:47:57 PM, on 8/2/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19272)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Tools\MBAM\mbam.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Tools\HJT\whatisthismadness.exe

O1 - Hosts: ::1 localhost #[IPv6]
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\FreeDownloadManager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\ZT01\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: PacketiX VPN Client Task Tray.lnk = C:\Program Files\PacketiXVPNClient\vpncmgr.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dllink.htm
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {145C073F-9098-41CA-81E1-295D17CDFD55} (TTS Launcher Class) - https://ta.mk-style.com/weblauncher/common/CnCGameLauncher.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.jp/3drender/renderer/mabiweb.2010.05.24.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab
O16 - DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} (HgTAgent2 Extension Class) - http://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E4BC6F2E-E1BB-4F76-A400-87FF46653A8E} (LovClientLoader.Loader) - http://lov.ujj.co.jp/mypage/activex/LovClientLoader.CAB
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} (PubPlugin Class) - http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi-2.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: PacketiX VPN Client (vpnclient) - SoftEther Corporation - C:\Program Files\PacketiXVPNClient\vpnclient.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5004 bytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
as per what the helpbot will remind, GMER log is in production, and then DDS will be as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

here we have our DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19272 BrowserJavaVersion: 10.5.1
Run by ZT01 at 21:20:52 on 2012-08-02
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Avast5\AvastSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Tools\gmer.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1307304502&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
uInternet Settings,ProxyOverride = <local>
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast5\aswWebRepIE.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\freedownloadmanager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast5\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "c:\users\zt01\appdata\local\akamai\netsession_win.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avast5] "c:\program files\avast5\avastUI.exe" /nogui
mRun: [LogMeIn Hamachi Ui] "c:\program files\hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\packet~1.lnk - c:\program files\packetixvpnclient\vpncmgr.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\freedownloadmanager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\freedownloadmanager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\freedownloadmanager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\freedownloadmanager\dllink.htm
DPF: {145C073F-9098-41CA-81E1-295D17CDFD55} - hxxps://ta.mk-style.com/weblauncher/common/CnCGameLauncher.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2010.05.24.cab
DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} - hxxps://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab
DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} - hxxp://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E4BC6F2E-E1BB-4F76-A400-87FF46653A8E} - hxxp://lov.ujj.co.jp/mypage/activex/LovClientLoader.CAB
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
TCP: Interfaces\{7FC568D2-FC5A-447B-B854-ACECCEF5A807} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{C723B582-89C9-46B3-BED0-D6447C13A797} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-6 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-6 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-6 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast5\AvastSvc.exe [2011-2-6 44808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2010-4-6 98400]
R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\drivers\Neo_0092.sys [2011-5-23 22000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\hamachi\hamachi-2.exe [2012-2-28 1373576]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]
S3 vpnclient;PacketiX VPN Client;c:\program files\packetixvpnclient\vpnclient.exe [2008-5-15 2478080]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\gamebooster3\driver\WinRing0.sys [2012-6-24 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-17 19:46:01 -------- d-----w- c:\users\zt01\appdata\roaming\GPEXE
2012-07-17 19:45:43 -------- d-----w- c:\program files\Gamepot
2012-07-15 22:05:54 40960 ----a-r- c:\users\zt01\appdata\roaming\microsoft\installer\{57464bb0-495d-42bd-b409-e8db7e24aade}\NewShortcut1_57464BB0495D42BDB409E8DB7E24AADE.exe
2012-07-15 22:05:53 -------- d-----w- C:\JS3_TRY
.
==================== Find3M ====================
.
2012-07-29 14:50:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-29 14:50:54 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-01 19:58:53 68972 ----a-w- c:\windows\system32\nglide_uninst.exe
2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-09 01:53:14 1294336 ----a-w- c:\windows\system32\glide3x.dll
2012-05-09 01:48:22 1286144 ----a-w- c:\windows\system32\glide2x.dll
2012-05-08 15:25:22 1273856 ----a-w- c:\windows\system32\glide.dll
.
============= FINISH: 21:21:59.80 ===============
~~~~~~~~~~~~~~~~~~~~
as of this time GMER has been scanning for around eight hours. getting kinda tired of solitare in the mean time.
~~~~~~~~~~~~~~~~~~~~
OKAY. it's been some twelve hours since I started GMER's scan. I'm not 100% what it has and hasn't looked at by now because of it's scanning order that confounds me; but I can't see wasting another I don't know how many hours of your time and mine while it contemplates 22gb+ of inert images that I have nowhere else to store at this time, and it's not found anything new since the last edit, so in the interest of getting on with this, I'm posting what it found:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-03 01:08:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005d WDC_WD32 rev.01.0
Running: gmer.exe; Driver: C:\Users\ZT01\AppData\Local\Temp\uxtirpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8F478536]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8FA727BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8F478F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8F483D7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8F483DC6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8F483F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8F483CE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8FA72BAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8F483D30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8F479146]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8F483F02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8F4798CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8F478584]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8FA7289E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8F4781EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8F4785D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8F47D2A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8F47A292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8F483DA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8F483DE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8F483F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8F483D0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8F483E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8F483D58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8F483F26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8FA72A1E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8F47A15E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x8F479D08]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8F478620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8F47866E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8F47974A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8F478276]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8F478426]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8F4783CC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8F479A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8F479B88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8F478496]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8FA72AE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8F4795CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8F4786BC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8FA72954]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8F4792CE]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 828BB7D0 4 Bytes [36, 85, 47, 8F] {TEST SS:[EDI-0x71], EAX}
.text ntkrnlpa.exe!KeSetEvent + 131 828BB7F4 4 Bytes [BA, 27, A7, 8F]
.text ntkrnlpa.exe!KeSetEvent + 191 828BB854 4 Bytes [52, 8F, 47, 8F] {PUSH EDX; POP DWORD [EDI-0x71]}
.text ntkrnlpa.exe!KeSetEvent + 1D1 828BB894 8 Bytes [7A, 3D, 48, 8F, C6, 3D, 48, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 828BB8A0 4 Bytes [48, 3F, 48, 8F]
.text ...
.text win32k.sys!EngCreateRectRgn + 4537 96EAFC70 5 Bytes JMP 8F47DD72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + 104A 96EBFE96 5 Bytes JMP 8F47DE04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 96EC8EE9 5 Bytes JMP 8F47EA2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 96EC9CD5 5 Bytes JMP 8F47EB90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C2F 96ED2463 5 Bytes JMP 8F47D2DE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 96ED33BA 5 Bytes JMP 8F47E7FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 30EA 96EDEAE7 5 Bytes JMP 8F47DC2C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 455D 96EDFF5A 5 Bytes JMP 8F47D538 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 46AC 96EE00A9 5 Bytes JMP 8F47DEDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4C41 96EE063E 5 Bytes JMP 8F47DEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 5229 96EE0C26 5 Bytes JMP 8F47DA52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A0E 96EF9AD5 5 Bytes JMP 8F47D992 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A62 96EF9B29 5 Bytes JMP 8F47DC58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 96F20B8E 5 Bytes JMP 8F47E6C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 96F234ED 5 Bytes JMP 8F47D3E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 96F29E2E 5 Bytes JMP 8F47D5A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B44 96F342D8 5 Bytes JMP 8F47EC32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 96F371CC 5 Bytes JMP 8F47D3FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1D73 96F40FE7 5 Bytes JMP 8F47E7B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + B973 96F51570 5 Bytes JMP 8F47DE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 8C4 96F55762 5 Bytes JMP 8F47E972 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6F65 96F5BE03 5 Bytes JMP 8F47E76A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 96F5F58A 5 Bytes JMP 8F47E8C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 96F66EA9 5 Bytes JMP 8F47D4D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 96F8544A 5 Bytes JMP 8F47D790 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 96F8ACCA 5 Bytes JMP 8F47D664 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 96F8E802 5 Bytes JMP 8F47EAE8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 3765 96FA6BD4 5 Bytes JMP 8F47DE34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 96FACD17 5 Bytes JMP 8F47D6B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D27F 96FB9587 5 Bytes JMP 8F47D8BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + 10CF0 96FBCFF8 5 Bytes JMP 8F47D826 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[360] ntdll.dll!LdrLoadDll 77999378 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[360] ntdll.dll!LdrUnloadDll 779AB680 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[360] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[360] ADVAPI32.dll!CreateServiceW 778E9EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\iexplore.exe[360] ADVAPI32.dll!DeleteService 778EA07E 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\iexplore.exe[360] ADVAPI32.dll!SetServiceObjectSecurity 77926CD9 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\iexplore.exe[360] ADVAPI32.dll!ChangeServiceConfigA 77926DD9 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\iexplore.exe[360] ADVAPI32.dll!ChangeServiceConfigW 77926F81 5 Bytes JMP 00060A08
.text C:\Program Files\Internet Explorer\iexplore.exe[360] ADVAPI32.dll!ChangeServiceConfig2A 77927099 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[360] ADVAPI32.dll!ChangeServiceConfig2W 779271E1 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\iexplore.exe[360] ADVAPI32.dll!CreateServiceA 779272A1 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!SetWindowsHookExA 76176322 5 Bytes JMP 001C0600
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!SetWindowsHookExW 761787AD 5 Bytes JMP 713F9A65 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!CallNextHookEx 76178E3B 5 Bytes JMP 713ED0DD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!UnhookWindowsHookEx 761798DB 5 Bytes JMP 7136466C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!SetWinEventHook 76179F3A 5 Bytes JMP 001C01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!UnhookWinEvent 7617C06F 5 Bytes JMP 001C03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!CreateWindowExW 76181305 5 Bytes JMP 713FDAD4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!DialogBoxParamW 761A10B0 5 Bytes JMP 71325505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!DialogBoxIndirectParamW 761A2EF5 5 Bytes JMP 714F7207 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!DialogBoxParamA 761B8152 5 Bytes JMP 714F71A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!DialogBoxIndirectParamA 761B847D 5 Bytes JMP 714F726A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!MessageBoxIndirectA 761CD4D9 5 Bytes JMP 714F7139 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!MessageBoxIndirectW 761CD5D3 5 Bytes JMP 714F70CE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!MessageBoxExA 761CD639 5 Bytes JMP 714F706C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!MessageBoxExW 761CD65D 5 Bytes JMP 714F700A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] ole32.dll!OleLoadFromStream 774F1E80 5 Bytes JMP 714F756F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] ole32.dll!CoCreateInstance 77529F3E 5 Bytes JMP 713FDB30 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Windows\system32\csrss.exe[524] KERNEL32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[644] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[732] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Windows\system32\csrss.exe[780] KERNEL32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text ...
.text C:\Program Files\Avast5\AvastSvc.exe[1040] kernel32.dll!SetUnhandledExceptionFilter 7603A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Avast5\AvastSvc.exe[1040] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Windows\Explorer.exe[1364] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] ntdll.dll!LdrLoadDll 77999378 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] ntdll.dll!LdrUnloadDll 779AB680 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] ADVAPI32.dll!CreateServiceW 778E9EB4 5 Bytes JMP 002003FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] ADVAPI32.dll!DeleteService 778EA07E 5 Bytes JMP 00200600
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] ADVAPI32.dll!SetServiceObjectSecurity 77926CD9 5 Bytes JMP 00201014
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] ADVAPI32.dll!ChangeServiceConfigA 77926DD9 5 Bytes JMP 00200804
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] ADVAPI32.dll!ChangeServiceConfigW 77926F81 5 Bytes JMP 00200A08
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] ADVAPI32.dll!ChangeServiceConfig2A 77927099 5 Bytes JMP 00200C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] ADVAPI32.dll!ChangeServiceConfig2W 779271E1 5 Bytes JMP 00200E10
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] ADVAPI32.dll!CreateServiceA 779272A1 5 Bytes JMP 002001F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] USER32.dll!SetWindowsHookExA 76176322 5 Bytes JMP 00210600
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] USER32.dll!SetWindowsHookExW 761787AD 5 Bytes JMP 00210804
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] USER32.dll!UnhookWindowsHookEx 761798DB 5 Bytes JMP 00210A08
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] USER32.dll!SetWinEventHook 76179F3A 5 Bytes JMP 002101F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] USER32.dll!UnhookWinEvent 7617C06F 5 Bytes JMP 002103FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] USER32.dll!CreateWindowExW 76181305 5 Bytes JMP 713FDAD4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] USER32.dll!DialogBoxParamW 761A10B0 5 Bytes JMP 71325505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] USER32.dll!DialogBoxIndirectParamW 761A2EF5 5 Bytes JMP 714F7207 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] USER32.dll!DialogBoxParamA 761B8152 5 Bytes JMP 714F71A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] USER32.dll!DialogBoxIndirectParamA 761B847D 5 Bytes JMP 714F726A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] USER32.dll!MessageBoxIndirectA 761CD4D9 5 Bytes JMP 714F7139 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] USER32.dll!MessageBoxIndirectW 761CD5D3 5 Bytes JMP 714F70CE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] USER32.dll!MessageBoxExA 761CD639 5 Bytes JMP 714F706C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2040] USER32.dll!MessageBoxExW 761CD65D 5 Bytes JMP 714F700A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Windows\system32\winlogon.exe[2084] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2128] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[2240] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2340] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[2420] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ntdll.dll!LdrLoadDll 77999378 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ntdll.dll!LdrUnloadDll 779AB680 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!CreateServiceW 778E9EB4 5 Bytes JMP 00A003FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!DeleteService 778EA07E 5 Bytes JMP 00A00600
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 77926CD9 5 Bytes JMP 00A01014
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 77926DD9 5 Bytes JMP 00A00804
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 77926F81 5 Bytes JMP 00A00A08
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 77927099 5 Bytes JMP 00A00C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 779271E1 5 Bytes JMP 00A00E10
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!CreateServiceA 779272A1 5 Bytes JMP 00A001F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!SetWindowsHookExA 76176322 5 Bytes JMP 00A10600
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!SetWindowsHookExW 761787AD 5 Bytes JMP 713F9A65 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!CallNextHookEx 76178E3B 5 Bytes JMP 713ED0DD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!UnhookWindowsHookEx 761798DB 5 Bytes JMP 7136466C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!SetWinEventHook 76179F3A 5 Bytes JMP 00A101F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!UnhookWinEvent 7617C06F 5 Bytes JMP 00A103FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!CreateWindowExW 76181305 5 Bytes JMP 713FDAD4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxParamW 761A10B0 5 Bytes JMP 71325505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxIndirectParamW 761A2EF5 5 Bytes JMP 714F7207 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxParamA 761B8152 5 Bytes JMP 714F71A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxIndirectParamA 761B847D 5 Bytes JMP 714F726A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxIndirectA 761CD4D9 5 Bytes JMP 714F7139 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxIndirectW 761CD5D3 5 Bytes JMP 714F70CE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxExA 761CD639 5 Bytes JMP 714F706C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxExW 761CD65D 5 Bytes JMP 714F700A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ole32.dll!OleLoadFromStream 774F1E80 5 Bytes JMP 714F756F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ole32.dll!CoCreateInstance 77529F3E 5 Bytes JMP 713FDB30 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[4004] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4348] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[4392] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[4448] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Windows\Explorer.EXE[4576] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] ntdll.dll!LdrLoadDll 77999378 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] ntdll.dll!LdrUnloadDll 779AB680 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] ADVAPI32.dll!CreateServiceW 778E9EB4 5 Bytes JMP 001003FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] ADVAPI32.dll!DeleteService 778EA07E 5 Bytes JMP 00100600
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] ADVAPI32.dll!SetServiceObjectSecurity 77926CD9 5 Bytes JMP 00101014
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] ADVAPI32.dll!ChangeServiceConfigA 77926DD9 5 Bytes JMP 00100804
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] ADVAPI32.dll!ChangeServiceConfigW 77926F81 5 Bytes JMP 00100A08
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] ADVAPI32.dll!ChangeServiceConfig2A 77927099 5 Bytes JMP 00100C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] ADVAPI32.dll!ChangeServiceConfig2W 779271E1 5 Bytes JMP 00100E10
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] ADVAPI32.dll!CreateServiceA 779272A1 5 Bytes JMP 001001F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!SetWindowsHookExA 76176322 5 Bytes JMP 00110600
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!SetWindowsHookExW 761787AD 5 Bytes JMP 713F9A65 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!CallNextHookEx 76178E3B 5 Bytes JMP 713ED0DD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!UnhookWindowsHookEx 761798DB 5 Bytes JMP 7136466C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!SetWinEventHook 76179F3A 5 Bytes JMP 001101F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!UnhookWinEvent 7617C06F 5 Bytes JMP 001103FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!CreateWindowExW 76181305 5 Bytes JMP 713FDAD4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!DialogBoxParamW 761A10B0 5 Bytes JMP 71325505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!DialogBoxIndirectParamW 761A2EF5 5 Bytes JMP 714F7207 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!DialogBoxParamA 761B8152 5 Bytes JMP 714F71A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!DialogBoxIndirectParamA 761B847D 5 Bytes JMP 714F726A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!MessageBoxIndirectA 761CD4D9 5 Bytes JMP 714F7139 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!MessageBoxIndirectW 761CD5D3 5 Bytes JMP 714F70CE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!MessageBoxExA 761CD639 5 Bytes JMP 714F706C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!MessageBoxExW 761CD65D 5 Bytes JMP 714F700A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] ole32.dll!OleLoadFromStream 774F1E80 5 Bytes JMP 714F756F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] ole32.dll!CoCreateInstance 77529F3E 5 Bytes JMP 713FDB30 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[5684] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]
.text C:\Tools\gmer.exe[6128] kernel32.dll!GetBinaryTypeW + 70 76062467 1 Byte [62]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)


~~~~~~~~~~~~~~~~~~~~~~~~
so. let the examinations begin? *headache*

Edited by ZT-repairseek, 03 August 2012 - 12:14 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 PM

Posted 07 August 2012 - 11:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463568 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 07 August 2012 - 03:31 PM

okay so. as the first post stated I started getting a mysterious "no framing allowed" error at github.com. now... in the meantime since that post I haven't done anything further trying to fix things myself, but the error isn't coming up when I go to check right this minute. but I'm still paranoid and would appreciate someone examining my logs to make sure there's nothing evil in there that I and MBAM/Avast are not finding.

providing new HJT/DDS logs, but because GMER took so long last time because of various definately-not-malicious stuff I can't relocate, I'd rather not be firing it up again unless an inspection of the above GMER log reveals anything evil-but-incompletely-discovered, unless of course someone can teach me to make it skip things. I know this isn't helping, but... I kinda have work stuff to deal with that can't get done with half the CPU preoccupied, and deadlines being deadlines... without another computer on hand that's up to the task, I've gotta make due or get canned. sorry. :(

working with vista homepremium 32bit SP2. don't have a vista OS disc and currently too tapped-out by bills to go get discs to try to make something of that semi-stealthed recovery partition that emachines left.

~~~~~~~~~~~~~~~~~~~
HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:21:09 PM, on 8/7/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19272)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Windows\system32\conime.exe
C:\Tools\HJT\whatisthismadness.exe

O1 - Hosts: ::1 localhost #[IPv6]
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\FreeDownloadManager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\ZT01\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: PacketiX VPN Client Task Tray.lnk = C:\Program Files\PacketiXVPNClient\vpncmgr.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dllink.htm
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {145C073F-9098-41CA-81E1-295D17CDFD55} (TTS Launcher Class) - https://ta.mk-style.com/weblauncher/common/CnCGameLauncher.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.jp/3drender/renderer/mabiweb.2010.05.24.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab
O16 - DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} (HgTAgent2 Extension Class) - http://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E4BC6F2E-E1BB-4F76-A400-87FF46653A8E} (LovClientLoader.Loader) - http://lov.ujj.co.jp/mypage/activex/LovClientLoader.CAB
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} (PubPlugin Class) - http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi-2.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: PacketiX VPN Client (vpnclient) - SoftEther Corporation - C:\Program Files\PacketiXVPNClient\vpnclient.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4839 bytes

~~~~~~~~~~~~~~~~~~~~~~
DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19272 BrowserJavaVersion: 10.5.1
Run by ZT01 at 16:22:27 on 2012-08-07
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Avast5\AvastSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1307304502&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
uInternet Settings,ProxyOverride = <local>
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast5\aswWebRepIE.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\freedownloadmanager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast5\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "c:\users\zt01\appdata\local\akamai\netsession_win.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avast5] "c:\program files\avast5\avastUI.exe" /nogui
mRun: [LogMeIn Hamachi Ui] "c:\program files\hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\packet~1.lnk - c:\program files\packetixvpnclient\vpncmgr.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\freedownloadmanager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\freedownloadmanager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\freedownloadmanager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\freedownloadmanager\dllink.htm
DPF: {145C073F-9098-41CA-81E1-295D17CDFD55} - hxxps://ta.mk-style.com/weblauncher/common/CnCGameLauncher.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2010.05.24.cab
DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} - hxxps://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab
DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} - hxxp://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E4BC6F2E-E1BB-4F76-A400-87FF46653A8E} - hxxp://lov.ujj.co.jp/mypage/activex/LovClientLoader.CAB
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
TCP: Interfaces\{7FC568D2-FC5A-447B-B854-ACECCEF5A807} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{C723B582-89C9-46B3-BED0-D6447C13A797} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-6 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-6 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-6 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast5\AvastSvc.exe [2011-2-6 44808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2010-4-6 98400]
R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\drivers\Neo_0092.sys [2011-5-23 22000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\hamachi\hamachi-2.exe [2012-2-28 1373576]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]
S3 vpnclient;PacketiX VPN Client;c:\program files\packetixvpnclient\vpnclient.exe [2008-5-15 2478080]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\gamebooster3\driver\WinRing0.sys [2012-6-24 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-17 19:46:01 -------- d-----w- c:\users\zt01\appdata\roaming\GPEXE
2012-07-17 19:45:43 -------- d-----w- c:\program files\Gamepot
2012-07-15 22:05:54 40960 ----a-r- c:\users\zt01\appdata\roaming\microsoft\installer\{57464bb0-495d-42bd-b409-e8db7e24aade}\NewShortcut1_57464BB0495D42BDB409E8DB7E24AADE.exe
2012-07-15 22:05:53 -------- d-----w- C:\JS3_TRY
.
==================== Find3M ====================
.
2012-07-29 14:50:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-29 14:50:54 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-01 19:58:53 68972 ----a-w- c:\windows\system32\nglide_uninst.exe
2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 16:22:54.49 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 PM

Posted 08 August 2012 - 08:00 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 08 August 2012 - 10:29 AM

posting logs:

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
````````Process Check: objlist.exe by Laurent````````
Avast5 AvastUI.exe
Avast5 AvastSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 12-08-07.05 - ZT01 8/2012 Wed 10:50:12.3.2 - x86
Running from: c:\tools\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\Update.bat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 14:56 . 2012-08-08 14:57 -------- d-----w- c:\users\ZT01\AppData\Local\temp
2012-08-08 14:56 . 2012-08-08 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 19:46 . 2012-07-17 23:30 -------- d-----w- c:\users\ZT01\AppData\Roaming\GPEXE
2012-07-17 19:45 . 2012-07-17 19:45 -------- d-----w- c:\program files\Gamepot
2012-07-15 22:05 . 2012-07-15 22:05 40960 ----a-r- c:\users\ZT01\AppData\Roaming\Microsoft\Installer\{57464BB0-495D-42BD-B409-E8DB7E24AADE}\NewShortcut1_57464BB0495D42BDB409E8DB7E24AADE.exe
2012-07-15 22:05 . 2012-07-15 22:05 -------- d-----w- C:\JS3_TRY
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 14:50 . 2012-04-02 14:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-29 14:50 . 2011-06-08 00:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-02-01 01:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2011-03-01 20:16 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-02-06 23:35 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-02-06 23:35 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2011-02-06 23:35 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-02-06 23:35 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-02-06 23:34 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-02-06 23:34 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-02 22:19 . 2012-06-29 17:32 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-29 17:32 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-29 17:32 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-29 17:32 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-29 17:32 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-29 17:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-29 17:32 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-29 17:32 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-29 17:32 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-01 19:58 . 2012-06-01 19:58 68972 ----a-w- c:\windows\system32\nglide_uninst.exe
2012-05-15 19:51 . 2012-06-29 17:50 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 06:37 . 2012-06-29 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32 . 2012-06-29 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32 . 2012-06-29 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31 . 2012-06-29 17:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31 . 2012-06-29 17:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01 . 2012-06-29 17:51 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26 . 2012-06-29 17:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23 . 2012-06-29 17:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\ZT01\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\ZT01\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\ZT01\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\ZT01\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"LogMeIn Hamachi Ui"="c:\program files\Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PacketiX VPN Client Task Tray.lnk - c:\program files\PacketiXVPNClient\vpncmgr.exe [2008-5-15 2682880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3266769259-3880101330-600960622-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1307304502&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
uInternet Settings,ProxyOverride = <local>
IE: Download all with Free Download Manager - file://c:\program files\FreeDownloadManager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\FreeDownloadManager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\FreeDownloadManager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\FreeDownloadManager\dllink.htm
DPF: {145C073F-9098-41CA-81E1-295D17CDFD55} - hxxps://ta.mk-style.com/weblauncher/common/CnCGameLauncher.cab
DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} - hxxps://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab
DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} - hxxp://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
DPF: {E4BC6F2E-E1BB-4F76-A400-87FF46653A8E} - hxxp://lov.ujj.co.jp/mypage/activex/LovClientLoader.CAB
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Akamai NetSession Interface - c:\users\ZT01\AppData\Local\Akamai\netsession_win.exe
AddRemove-uTorrent - c:\utorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-08 10:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3266769259-3880101330-600960622-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*8*瑢ck\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3266769259-3880101330-600960622-1000\Software\「0ラ0・ア0・キ0・・ *ヲ0」0カ0・ノ0g0ubU0・_0・・ォ0・ *「0ラ0・ア0・キ0・・]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\MOSS\W*i*n*d*o*w*s*Hr菇b!\{6A36DFA4-83F5-FC67-DDB2-0AD22AB03E71}]
"DesktopFolder"="c:\\Users\\Public\\Desktop\\"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4808)
c:\users\ZT01\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Avast5\AvastSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-08-08 11:05:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 15:04
ComboFix2.txt 2011-02-21 23:11
ComboFix3.txt 2011-02-20 21:57
.
Pre-Run: 129,332,527,104 bytes free
Post-Run: 130,547,511,296 bytes free
.
- - End Of File - - A9A8D2267670742C253D0510E733931E


~~~~~~~~~~~~~~~~~~~~~~~~~

no issues in that.

as for how the computer's doing, we'll have to see to that through standard use patterns. as I stated above, the initial trigger for this round of "ZT Freaks Out" seemed to have gone away in between time, so it might have been a bug on github's end and not malware, but in this day and age it's better to be safe than sorry. I'll post further if anything blows up in my face, you can be sure of that.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 PM

Posted 08 August 2012 - 10:30 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 08 August 2012 - 02:08 PM

before I get to that I'd like to point out that combofix apparently ate my mIRC registration. kinda irritating, but since the policies of mIRC are such I can fix it without having to buy more licenses, I'll life I guess. pretty sure CF isn't supposed to do that tho, or de-associate jpegs from paint shop pro (tho that was also easily remedied). I hate to doublepost but I'll do so anyway for those logs; this is merely a status update along the way.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 PM

Posted 08 August 2012 - 02:18 PM

Don't fix the mIRC just yet as we will run CF once more


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 08 August 2012 - 02:25 PM

TDSS KILLER


15:23:54.0988 1832 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:23:55.0300 1832 ============================================================
15:23:55.0300 1832 Current date / time: 2012/08/08 15:23:55.0300
15:23:55.0300 1832 SystemInfo:
15:23:55.0300 1832
15:23:55.0300 1832 OS Version: 6.0.6002 ServicePack: 2.0
15:23:55.0300 1832 Product type: Workstation
15:23:55.0300 1832 ComputerName: NEBULUS01
15:23:55.0300 1832 UserName: ZT01
15:23:55.0300 1832 Windows directory: C:\Windows
15:23:55.0300 1832 System windows directory: C:\Windows
15:23:55.0300 1832 Processor architecture: Intel x86
15:23:55.0300 1832 Number of processors: 2
15:23:55.0300 1832 Page size: 0x1000
15:23:55.0300 1832 Boot type: Normal boot
15:23:55.0300 1832 ============================================================
15:23:55.0705 1832 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:23:55.0705 1832 ============================================================
15:23:55.0705 1832 \Device\Harddisk0\DR0:
15:23:55.0705 1832 MBR partitions:
15:23:55.0705 1832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x2402DAB0
15:23:55.0705 1832 ============================================================
15:23:55.0721 1832 C: <-> \Device\Harddisk0\DR0\Partition0
15:23:55.0721 1832 ============================================================
15:23:55.0721 1832 Initialize success
15:23:55.0721 1832 ============================================================
15:24:08.0497 5936 ============================================================
15:24:08.0497 5936 Scan started
15:24:08.0497 5936 Mode: Manual;
15:24:08.0497 5936 ============================================================
15:24:08.0903 5936 Scan interrupted by user!
15:24:08.0903 5936 Scan interrupted by user!
15:24:08.0903 5936 Scan interrupted by user!
15:24:08.0903 5936 ============================================================
15:24:08.0903 5936 Scan finished
15:24:08.0903 5936 ============================================================
15:24:08.0919 5040 Detected object count: 0
15:24:08.0919 5040 Actual detected object count: 0
15:24:10.0089 3964 ============================================================
15:24:10.0089 3964 Scan started
15:24:10.0089 3964 Mode: Manual;
15:24:10.0089 3964 ============================================================
15:24:10.0650 3964 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:24:10.0650 3964 ACPI - ok
15:24:10.0759 3964 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:24:10.0759 3964 adp94xx - ok
15:24:10.0791 3964 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:24:10.0806 3964 adpahci - ok
15:24:10.0822 3964 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:24:10.0822 3964 adpu160m - ok
15:24:10.0853 3964 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:24:10.0853 3964 adpu320 - ok
15:24:10.0931 3964 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:24:10.0931 3964 AeLookupSvc - ok
15:24:11.0009 3964 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:24:11.0009 3964 AFD - ok
15:24:11.0056 3964 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:24:11.0071 3964 agp440 - ok
15:24:11.0087 3964 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:24:11.0087 3964 aic78xx - ok
15:24:11.0103 3964 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:24:11.0103 3964 ALG - ok
15:24:11.0118 3964 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:24:11.0118 3964 aliide - ok
15:24:11.0134 3964 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:24:11.0134 3964 amdagp - ok
15:24:11.0134 3964 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:24:11.0134 3964 amdide - ok
15:24:11.0149 3964 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:24:11.0149 3964 AmdK7 - ok
15:24:11.0165 3964 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
15:24:11.0165 3964 AmdK8 - ok
15:24:11.0243 3964 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:24:11.0243 3964 Appinfo - ok
15:24:11.0305 3964 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:24:11.0305 3964 arc - ok
15:24:11.0368 3964 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:24:11.0368 3964 arcsas - ok
15:24:11.0446 3964 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:24:11.0446 3964 aspnet_state - ok
15:24:11.0477 3964 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
15:24:11.0477 3964 aswFsBlk - ok
15:24:11.0524 3964 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
15:24:11.0524 3964 aswMonFlt - ok
15:24:11.0539 3964 aswRdr (982e275d1c5801042fe94209fb0160fb) C:\Windows\system32\drivers\aswRdr.sys
15:24:11.0539 3964 aswRdr - ok
15:24:11.0664 3964 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
15:24:11.0664 3964 aswSnx - ok
15:24:11.0695 3964 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
15:24:11.0695 3964 aswSP - ok
15:24:11.0711 3964 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:24:11.0727 3964 AsyncMac - ok
15:24:11.0742 3964 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:24:11.0742 3964 atapi - ok
15:24:11.0820 3964 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:24:11.0820 3964 AudioEndpointBuilder - ok
15:24:11.0820 3964 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:24:11.0836 3964 Audiosrv - ok
15:24:11.0898 3964 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Avast5\AvastSvc.exe
15:24:11.0898 3964 avast! Antivirus - ok
15:24:11.0898 3964 AWEAlloc - ok
15:24:11.0961 3964 BazisVirtualCDBus (33ac10402622b7e92ca44075f1bec94b) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
15:24:11.0961 3964 BazisVirtualCDBus - ok
15:24:12.0023 3964 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:24:12.0023 3964 Beep - ok
15:24:12.0117 3964 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:24:12.0117 3964 BFE - ok
15:24:12.0210 3964 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
15:24:12.0226 3964 BITS - ok
15:24:12.0241 3964 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:24:12.0257 3964 blbdrive - ok
15:24:12.0273 3964 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:24:12.0273 3964 bowser - ok
15:24:12.0335 3964 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:24:12.0335 3964 BrFiltLo - ok
15:24:12.0351 3964 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:24:12.0351 3964 BrFiltUp - ok
15:24:12.0366 3964 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:24:12.0366 3964 Browser - ok
15:24:12.0429 3964 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:24:12.0429 3964 Brserid - ok
15:24:12.0444 3964 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:24:12.0444 3964 BrSerWdm - ok
15:24:12.0460 3964 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:24:12.0460 3964 BrUsbMdm - ok
15:24:12.0475 3964 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:24:12.0475 3964 BrUsbSer - ok
15:24:12.0522 3964 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:24:12.0522 3964 BTHMODEM - ok
15:24:12.0569 3964 catchme - ok
15:24:12.0600 3964 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:24:12.0600 3964 cdfs - ok
15:24:12.0663 3964 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:24:12.0663 3964 cdrom - ok
15:24:12.0741 3964 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:24:12.0741 3964 CertPropSvc - ok
15:24:12.0756 3964 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:24:12.0756 3964 circlass - ok
15:24:12.0772 3964 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:24:12.0787 3964 CLFS - ok
15:24:12.0834 3964 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:24:12.0834 3964 clr_optimization_v2.0.50727_32 - ok
15:24:12.0943 3964 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:24:12.0943 3964 clr_optimization_v4.0.30319_32 - ok
15:24:12.0975 3964 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:24:12.0975 3964 cmdide - ok
15:24:12.0990 3964 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
15:24:12.0990 3964 Compbatt - ok
15:24:12.0990 3964 COMSysApp - ok
15:24:13.0006 3964 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:24:13.0006 3964 crcdisk - ok
15:24:13.0021 3964 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:24:13.0037 3964 Crusoe - ok
15:24:13.0099 3964 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
15:24:13.0099 3964 CryptSvc - ok
15:24:13.0193 3964 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:24:13.0209 3964 DcomLaunch - ok
15:24:13.0240 3964 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:24:13.0240 3964 DfsC - ok
15:24:13.0318 3964 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:24:13.0318 3964 Dhcp - ok
15:24:13.0349 3964 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:24:13.0365 3964 disk - ok
15:24:13.0396 3964 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:24:13.0396 3964 Dnscache - ok
15:24:13.0427 3964 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:24:13.0427 3964 dot3svc - ok
15:24:13.0489 3964 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:24:13.0505 3964 DPS - ok
15:24:13.0567 3964 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:24:13.0567 3964 drmkaud - ok
15:24:13.0614 3964 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:24:13.0630 3964 DXGKrnl - ok
15:24:13.0692 3964 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:24:13.0692 3964 E1G60 - ok
15:24:13.0739 3964 EagleNT - ok
15:24:13.0755 3964 EagleXNt - ok
15:24:13.0786 3964 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:24:13.0786 3964 EapHost - ok
15:24:13.0864 3964 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:24:13.0864 3964 Ecache - ok
15:24:13.0895 3964 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
15:24:13.0911 3964 ehRecvr - ok
15:24:13.0926 3964 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
15:24:13.0926 3964 ehSched - ok
15:24:13.0942 3964 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
15:24:13.0942 3964 ehstart - ok
15:24:14.0020 3964 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:24:14.0035 3964 elxstor - ok
15:24:14.0082 3964 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:24:14.0082 3964 EMDMgmt - ok
15:24:14.0145 3964 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:24:14.0145 3964 ErrDev - ok
15:24:14.0176 3964 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:24:14.0176 3964 EventSystem - ok
15:24:14.0238 3964 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:24:14.0238 3964 exfat - ok
15:24:14.0301 3964 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:24:14.0301 3964 fastfat - ok
15:24:14.0332 3964 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:24:14.0332 3964 fdc - ok
15:24:14.0347 3964 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:24:14.0347 3964 fdPHost - ok
15:24:14.0379 3964 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:24:14.0379 3964 FDResPub - ok
15:24:14.0394 3964 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:24:14.0394 3964 FileInfo - ok
15:24:14.0410 3964 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:24:14.0410 3964 Filetrace - ok
15:24:14.0410 3964 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:24:14.0410 3964 flpydisk - ok
15:24:14.0441 3964 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:24:14.0441 3964 FltMgr - ok
15:24:14.0566 3964 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
15:24:14.0581 3964 FontCache - ok
15:24:14.0644 3964 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:24:14.0644 3964 FontCache3.0.0.0 - ok
15:24:14.0675 3964 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
15:24:14.0675 3964 Fs_Rec - ok
15:24:14.0691 3964 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:24:14.0691 3964 gagp30kx - ok
15:24:14.0722 3964 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:24:14.0737 3964 gpsvc - ok
15:24:14.0815 3964 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
15:24:14.0815 3964 hamachi - ok
15:24:14.0987 3964 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\Hamachi\hamachi-2.exe
15:24:15.0018 3964 Hamachi2Svc - ok
15:24:15.0159 3964 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:24:15.0159 3964 HdAudAddService - ok
15:24:15.0205 3964 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:24:15.0205 3964 HDAudBus - ok
15:24:15.0221 3964 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:24:15.0221 3964 HidBth - ok
15:24:15.0221 3964 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:24:15.0221 3964 HidIr - ok
15:24:15.0252 3964 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
15:24:15.0252 3964 hidserv - ok
15:24:15.0283 3964 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:24:15.0283 3964 HidUsb - ok
15:24:15.0299 3964 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:24:15.0315 3964 hkmsvc - ok
15:24:15.0315 3964 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:24:15.0315 3964 HpCISSs - ok
15:24:15.0393 3964 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:24:15.0424 3964 HSF_DPV - ok
15:24:15.0455 3964 HSXHWBS2 (a3077d9ed7ff612a033536a6009dbea5) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
15:24:15.0455 3964 HSXHWBS2 - ok
15:24:15.0486 3964 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:24:15.0502 3964 HTTP - ok
15:24:15.0517 3964 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:24:15.0517 3964 i2omp - ok
15:24:15.0580 3964 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:24:15.0580 3964 i8042prt - ok
15:24:15.0611 3964 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:24:15.0627 3964 iaStorV - ok
15:24:15.0767 3964 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:24:15.0783 3964 idsvc - ok
15:24:15.0829 3964 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:24:15.0829 3964 iirsp - ok
15:24:15.0861 3964 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:24:15.0876 3964 IKEEXT - ok
15:24:16.0048 3964 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys
15:24:16.0079 3964 IntcAzAudAddService - ok
15:24:16.0235 3964 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:24:16.0235 3964 intelide - ok
15:24:16.0251 3964 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:24:16.0251 3964 intelppm - ok
15:24:16.0282 3964 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:24:16.0282 3964 IPBusEnum - ok
15:24:16.0282 3964 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:24:16.0297 3964 IpFilterDriver - ok
15:24:16.0344 3964 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
15:24:16.0344 3964 iphlpsvc - ok
15:24:16.0360 3964 IpInIp - ok
15:24:16.0391 3964 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:24:16.0391 3964 IPMIDRV - ok
15:24:16.0407 3964 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:24:16.0407 3964 IPNAT - ok
15:24:16.0422 3964 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:24:16.0422 3964 IRENUM - ok
15:24:16.0438 3964 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:24:16.0438 3964 isapnp - ok
15:24:16.0500 3964 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:24:16.0516 3964 iScsiPrt - ok
15:24:16.0531 3964 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:24:16.0531 3964 iteatapi - ok
15:24:16.0547 3964 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:24:16.0547 3964 iteraid - ok
15:24:16.0563 3964 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:24:16.0563 3964 kbdclass - ok
15:24:16.0594 3964 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:24:16.0594 3964 kbdhid - ok
15:24:16.0609 3964 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:24:16.0609 3964 KeyIso - ok
15:24:16.0656 3964 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:24:16.0672 3964 KSecDD - ok
15:24:16.0750 3964 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:24:16.0765 3964 KtmRm - ok
15:24:16.0797 3964 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
15:24:16.0797 3964 LanmanServer - ok
15:24:16.0843 3964 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:24:16.0843 3964 LanmanWorkstation - ok
15:24:16.0890 3964 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:24:16.0906 3964 lltdio - ok
15:24:16.0953 3964 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:24:16.0953 3964 lltdsvc - ok
15:24:16.0984 3964 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:24:16.0984 3964 lmhosts - ok
15:24:17.0015 3964 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:24:17.0015 3964 LSI_FC - ok
15:24:17.0015 3964 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:24:17.0015 3964 LSI_SAS - ok
15:24:17.0093 3964 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:24:17.0093 3964 LSI_SCSI - ok
15:24:17.0109 3964 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:24:17.0109 3964 luafv - ok
15:24:17.0124 3964 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
15:24:17.0124 3964 Mcx2Svc - ok
15:24:17.0140 3964 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:24:17.0140 3964 mdmxsdk - ok
15:24:17.0155 3964 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:24:17.0171 3964 megasas - ok
15:24:17.0187 3964 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:24:17.0187 3964 MegaSR - ok
15:24:17.0202 3964 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:24:17.0202 3964 MMCSS - ok
15:24:17.0218 3964 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:24:17.0218 3964 Modem - ok
15:24:17.0218 3964 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:24:17.0218 3964 monitor - ok
15:24:17.0233 3964 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:24:17.0233 3964 mouclass - ok
15:24:17.0249 3964 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:24:17.0249 3964 mouhid - ok
15:24:17.0265 3964 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:24:17.0265 3964 MountMgr - ok
15:24:17.0327 3964 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:24:17.0327 3964 mpio - ok
15:24:17.0343 3964 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:24:17.0343 3964 mpsdrv - ok
15:24:17.0389 3964 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:24:17.0421 3964 MpsSvc - ok
15:24:17.0436 3964 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:24:17.0436 3964 Mraid35x - ok
15:24:17.0452 3964 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:24:17.0452 3964 MRxDAV - ok
15:24:17.0499 3964 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:24:17.0499 3964 mrxsmb - ok
15:24:17.0514 3964 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:24:17.0514 3964 mrxsmb10 - ok
15:24:17.0545 3964 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:24:17.0545 3964 mrxsmb20 - ok
15:24:17.0545 3964 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
15:24:17.0545 3964 msahci - ok
15:24:17.0561 3964 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:24:17.0561 3964 msdsm - ok
15:24:17.0577 3964 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:24:17.0577 3964 MSDTC - ok
15:24:17.0623 3964 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:24:17.0623 3964 Msfs - ok
15:24:17.0670 3964 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:24:17.0670 3964 msisadrv - ok
15:24:17.0701 3964 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:24:17.0701 3964 MSiSCSI - ok
15:24:17.0701 3964 msiserver - ok
15:24:17.0764 3964 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:24:17.0764 3964 MSKSSRV - ok
15:24:17.0779 3964 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:24:17.0779 3964 MSPCLOCK - ok
15:24:17.0779 3964 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:24:17.0779 3964 MSPQM - ok
15:24:17.0811 3964 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:24:17.0826 3964 MsRPC - ok
15:24:17.0842 3964 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:24:17.0842 3964 mssmbios - ok
15:24:17.0873 3964 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:24:17.0873 3964 MSTEE - ok
15:24:17.0873 3964 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:24:17.0873 3964 Mup - ok
15:24:17.0935 3964 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:24:17.0951 3964 napagent - ok
15:24:18.0013 3964 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:24:18.0029 3964 NativeWifiP - ok
15:24:18.0107 3964 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:24:18.0123 3964 NDIS - ok
15:24:18.0123 3964 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:24:18.0123 3964 NdisTapi - ok
15:24:18.0138 3964 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:24:18.0138 3964 Ndisuio - ok
15:24:18.0154 3964 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:24:18.0154 3964 NdisWan - ok
15:24:18.0169 3964 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:24:18.0169 3964 NDProxy - ok
15:24:18.0247 3964 Neo_VPN (78a1eacf8da011715f7e0b3536f9845c) C:\Windows\system32\DRIVERS\Neo_0092.sys
15:24:18.0247 3964 Neo_VPN - ok
15:24:18.0263 3964 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:24:18.0263 3964 NetBIOS - ok
15:24:18.0279 3964 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:24:18.0279 3964 netbt - ok
15:24:18.0294 3964 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:24:18.0294 3964 Netlogon - ok
15:24:18.0325 3964 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:24:18.0341 3964 Netman - ok
15:24:18.0419 3964 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:24:18.0419 3964 NetMsmqActivator - ok
15:24:18.0419 3964 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:24:18.0435 3964 NetPipeActivator - ok
15:24:18.0450 3964 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:24:18.0466 3964 netprofm - ok
15:24:18.0466 3964 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:24:18.0466 3964 NetTcpActivator - ok
15:24:18.0481 3964 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:24:18.0481 3964 NetTcpPortSharing - ok
15:24:18.0513 3964 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:24:18.0513 3964 nfrd960 - ok
15:24:18.0528 3964 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:24:18.0544 3964 NlaSvc - ok
15:24:18.0606 3964 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:24:18.0606 3964 Npfs - ok
15:24:18.0637 3964 npggsvc - ok
15:24:18.0684 3964 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:24:18.0684 3964 nsi - ok
15:24:18.0700 3964 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:24:18.0700 3964 nsiproxy - ok
15:24:18.0778 3964 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:24:18.0809 3964 Ntfs - ok
15:24:18.0825 3964 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:24:18.0825 3964 ntrigdigi - ok
15:24:18.0840 3964 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:24:18.0840 3964 Null - ok
15:24:18.0918 3964 NVENETFD (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
15:24:18.0918 3964 NVENETFD - ok
15:24:19.0464 3964 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:24:19.0636 3964 nvlddmkm - ok
15:24:19.0792 3964 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
15:24:19.0792 3964 NVNET - ok
15:24:19.0823 3964 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:24:19.0823 3964 nvraid - ok
15:24:19.0839 3964 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:24:19.0839 3964 nvstor - ok
15:24:19.0870 3964 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
15:24:19.0870 3964 nvstor32 - ok
15:24:19.0901 3964 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
15:24:19.0917 3964 nvsvc - ok
15:24:19.0948 3964 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:24:19.0948 3964 nv_agp - ok
15:24:19.0948 3964 NwlnkFlt - ok
15:24:19.0963 3964 NwlnkFwd - ok
15:24:19.0995 3964 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
15:24:19.0995 3964 ohci1394 - ok
15:24:20.0041 3964 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:24:20.0057 3964 p2pimsvc - ok
15:24:20.0073 3964 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:24:20.0073 3964 p2psvc - ok
15:24:20.0088 3964 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:24:20.0088 3964 Parport - ok
15:24:20.0135 3964 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
15:24:20.0135 3964 partmgr - ok
15:24:20.0151 3964 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:24:20.0151 3964 Parvdm - ok
15:24:20.0166 3964 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:24:20.0166 3964 PcaSvc - ok
15:24:20.0197 3964 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:24:20.0213 3964 pci - ok
15:24:20.0260 3964 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
15:24:20.0260 3964 pciide - ok
15:24:20.0291 3964 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:24:20.0291 3964 pcmcia - ok
15:24:20.0400 3964 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:24:20.0416 3964 PEAUTH - ok
15:24:20.0525 3964 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:24:20.0556 3964 pla - ok
15:24:20.0650 3964 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:24:20.0650 3964 PlugPlay - ok
15:24:20.0697 3964 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:24:20.0712 3964 PNRPAutoReg - ok
15:24:20.0712 3964 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:24:20.0728 3964 PNRPsvc - ok
15:24:20.0759 3964 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:24:20.0775 3964 PolicyAgent - ok
15:24:20.0821 3964 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:24:20.0821 3964 PptpMiniport - ok
15:24:20.0837 3964 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:24:20.0837 3964 Processor - ok
15:24:20.0868 3964 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:24:20.0884 3964 ProfSvc - ok
15:24:20.0915 3964 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:24:20.0915 3964 ProtectedStorage - ok
15:24:20.0946 3964 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:24:20.0946 3964 PSched - ok
15:24:21.0055 3964 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:24:21.0071 3964 ql2300 - ok
15:24:21.0087 3964 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:24:21.0102 3964 ql40xx - ok
15:24:21.0133 3964 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:24:21.0149 3964 QWAVE - ok
15:24:21.0180 3964 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:24:21.0180 3964 QWAVEdrv - ok
15:24:21.0196 3964 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:24:21.0196 3964 RasAcd - ok
15:24:21.0211 3964 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:24:21.0211 3964 RasAuto - ok
15:24:21.0227 3964 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:24:21.0227 3964 Rasl2tp - ok
15:24:21.0258 3964 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:24:21.0258 3964 RasMan - ok
15:24:21.0274 3964 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:24:21.0274 3964 RasPppoe - ok
15:24:21.0289 3964 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:24:21.0289 3964 RasSstp - ok
15:24:21.0305 3964 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:24:21.0321 3964 rdbss - ok
15:24:21.0321 3964 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:24:21.0321 3964 RDPCDD - ok
15:24:21.0352 3964 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:24:21.0367 3964 rdpdr - ok
15:24:21.0367 3964 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:24:21.0367 3964 RDPENCDD - ok
15:24:21.0430 3964 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
15:24:21.0430 3964 RDPWD - ok
15:24:21.0492 3964 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:24:21.0508 3964 RemoteAccess - ok
15:24:21.0539 3964 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:24:21.0539 3964 RemoteRegistry - ok
15:24:21.0586 3964 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:24:21.0586 3964 RpcLocator - ok
15:24:21.0617 3964 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:24:21.0633 3964 RpcSs - ok
15:24:21.0648 3964 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:24:21.0648 3964 rspndr - ok
15:24:21.0679 3964 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:24:21.0679 3964 SamSs - ok
15:24:21.0726 3964 SbieDrv (2b12749cc05f32d217735770d2eeabe3) C:\Program Files\Sandboxie\SbieDrv.sys
15:24:21.0726 3964 SbieDrv - ok
15:24:21.0742 3964 SbieSvc (226d6068a955635259a3abef2f13827c) C:\Program Files\Sandboxie\SbieSvc.exe
15:24:21.0742 3964 SbieSvc - ok
15:24:21.0757 3964 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:24:21.0757 3964 sbp2port - ok
15:24:21.0835 3964 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:24:21.0835 3964 SCardSvr - ok
15:24:21.0913 3964 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:24:21.0945 3964 Schedule - ok
15:24:21.0976 3964 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:24:21.0976 3964 SCPolicySvc - ok
15:24:21.0991 3964 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:24:22.0007 3964 SDRSVC - ok
15:24:22.0023 3964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:24:22.0023 3964 secdrv - ok
15:24:22.0023 3964 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:24:22.0038 3964 seclogon - ok
15:24:22.0054 3964 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
15:24:22.0054 3964 SENS - ok
15:24:22.0069 3964 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:24:22.0069 3964 Serenum - ok
15:24:22.0085 3964 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:24:22.0101 3964 Serial - ok
15:24:22.0101 3964 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:24:22.0101 3964 sermouse - ok
15:24:22.0132 3964 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:24:22.0147 3964 SessionEnv - ok
15:24:22.0147 3964 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:24:22.0163 3964 sffdisk - ok
15:24:22.0163 3964 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:24:22.0163 3964 sffp_mmc - ok
15:24:22.0179 3964 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:24:22.0179 3964 sffp_sd - ok
15:24:22.0179 3964 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:24:22.0179 3964 sfloppy - ok
15:24:22.0225 3964 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:24:22.0225 3964 SharedAccess - ok
15:24:22.0257 3964 ShellHWDetection (c818c44c201898399bf999bb6b35d4e3) C:\Windows\System32\shsvcs.dll
15:24:22.0272 3964 ShellHWDetection - ok
15:24:22.0288 3964 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:24:22.0288 3964 sisagp - ok
15:24:22.0288 3964 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:24:22.0288 3964 SiSRaid2 - ok
15:24:22.0319 3964 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:24:22.0319 3964 SiSRaid4 - ok
15:24:22.0475 3964 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:24:22.0553 3964 slsvc - ok
15:24:22.0678 3964 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:24:22.0693 3964 SLUINotify - ok
15:24:22.0756 3964 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:24:22.0756 3964 Smb - ok
15:24:22.0834 3964 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:24:22.0834 3964 SNMPTRAP - ok
15:24:22.0849 3964 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:24:22.0849 3964 spldr - ok
15:24:22.0881 3964 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:24:22.0896 3964 Spooler - ok
15:24:22.0927 3964 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:24:22.0943 3964 srv - ok
15:24:22.0974 3964 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:24:22.0974 3964 srv2 - ok
15:24:23.0005 3964 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:24:23.0005 3964 srvnet - ok
15:24:23.0037 3964 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:24:23.0037 3964 SSDPSRV - ok
15:24:23.0099 3964 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:24:23.0099 3964 SstpSvc - ok
15:24:23.0130 3964 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:24:23.0146 3964 stisvc - ok
15:24:23.0177 3964 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:24:23.0177 3964 swenum - ok
15:24:23.0208 3964 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:24:23.0224 3964 swprv - ok
15:24:23.0239 3964 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:24:23.0239 3964 Symc8xx - ok
15:24:23.0255 3964 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:24:23.0255 3964 Sym_hi - ok
15:24:23.0255 3964 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:24:23.0255 3964 Sym_u3 - ok
15:24:23.0302 3964 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:24:23.0317 3964 SysMain - ok
15:24:23.0333 3964 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:24:23.0333 3964 TabletInputService - ok
15:24:23.0364 3964 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:24:23.0380 3964 TapiSrv - ok
15:24:23.0395 3964 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:24:23.0411 3964 TBS - ok
15:24:23.0520 3964 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
15:24:23.0536 3964 Tcpip - ok
15:24:23.0551 3964 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
15:24:23.0567 3964 Tcpip6 - ok
15:24:23.0583 3964 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:24:23.0583 3964 tcpipreg - ok
15:24:23.0614 3964 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:24:23.0614 3964 TDPIPE - ok
15:24:23.0629 3964 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:24:23.0629 3964 TDTCP - ok
15:24:23.0645 3964 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:24:23.0645 3964 tdx - ok
15:24:23.0676 3964 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:24:23.0676 3964 TermDD - ok
15:24:23.0707 3964 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:24:23.0723 3964 TermService - ok
15:24:23.0739 3964 Themes (c818c44c201898399bf999bb6b35d4e3) C:\Windows\system32\shsvcs.dll
15:24:23.0754 3964 Themes - ok
15:24:23.0770 3964 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:24:23.0785 3964 THREADORDER - ok
15:24:23.0801 3964 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:24:23.0801 3964 TrkWks - ok
15:24:23.0832 3964 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:24:23.0832 3964 TrustedInstaller - ok
15:24:23.0863 3964 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:24:23.0863 3964 tssecsrv - ok
15:24:23.0910 3964 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:24:23.0910 3964 tunmp - ok
15:24:23.0941 3964 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:24:23.0941 3964 tunnel - ok
15:24:23.0957 3964 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:24:23.0957 3964 uagp35 - ok
15:24:23.0988 3964 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:24:24.0004 3964 udfs - ok
15:24:24.0035 3964 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:24:24.0035 3964 UI0Detect - ok
15:24:24.0051 3964 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:24:24.0051 3964 uliagpkx - ok
15:24:24.0066 3964 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:24:24.0082 3964 uliahci - ok
15:24:24.0097 3964 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:24:24.0097 3964 UlSata - ok
15:24:24.0113 3964 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:24:24.0113 3964 ulsata2 - ok
15:24:24.0129 3964 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:24:24.0129 3964 umbus - ok
15:24:24.0160 3964 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:24:24.0175 3964 upnphost - ok
15:24:24.0191 3964 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:24:24.0191 3964 usbccgp - ok
15:24:24.0207 3964 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:24:24.0207 3964 usbcir - ok
15:24:24.0269 3964 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:24:24.0269 3964 usbehci - ok
15:24:24.0300 3964 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:24:24.0300 3964 usbhub - ok
15:24:24.0316 3964 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
15:24:24.0316 3964 usbohci - ok
15:24:24.0331 3964 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
15:24:24.0331 3964 usbprint - ok
15:24:24.0347 3964 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:24:24.0347 3964 USBSTOR - ok
15:24:24.0347 3964 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:24:24.0363 3964 usbuhci - ok
15:24:24.0378 3964 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:24:24.0394 3964 UxSms - ok
15:24:24.0425 3964 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:24:24.0441 3964 vds - ok
15:24:24.0472 3964 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:24:24.0472 3964 vga - ok
15:24:24.0472 3964 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:24:24.0487 3964 VgaSave - ok
15:24:24.0503 3964 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:24:24.0503 3964 viaagp - ok
15:24:24.0519 3964 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:24:24.0519 3964 ViaC7 - ok
15:24:24.0534 3964 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:24:24.0534 3964 viaide - ok
15:24:24.0550 3964 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:24:24.0550 3964 volmgr - ok
15:24:24.0581 3964 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:24:24.0597 3964 volmgrx - ok
15:24:24.0628 3964 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:24:24.0628 3964 volsnap - ok
15:24:24.0846 3964 vpnclient (5f7f4a2a6c6aec60b6e7af34454c03a4) C:\Program Files\PacketiXVPNClient\vpnclient.exe
15:24:24.0909 3964 vpnclient - ok
15:24:25.0049 3964 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:24:25.0049 3964 vsmraid - ok
15:24:25.0174 3964 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:24:25.0252 3964 VSS - ok
15:24:25.0299 3964 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:24:25.0314 3964 W32Time - ok
15:24:25.0345 3964 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:24:25.0361 3964 WacomPen - ok
15:24:25.0377 3964 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:24:25.0377 3964 Wanarp - ok
15:24:25.0377 3964 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:24:25.0377 3964 Wanarpv6 - ok
15:24:25.0423 3964 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:24:25.0423 3964 wcncsvc - ok
15:24:25.0470 3964 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:24:25.0470 3964 WcsPlugInService - ok
15:24:25.0501 3964 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:24:25.0501 3964 Wd - ok
15:24:25.0548 3964 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:24:25.0548 3964 Wdf01000 - ok
15:24:25.0579 3964 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:24:25.0579 3964 WdiServiceHost - ok
15:24:25.0579 3964 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:24:25.0595 3964 WdiSystemHost - ok
15:24:25.0657 3964 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:24:25.0657 3964 WebClient - ok
15:24:25.0673 3964 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
15:24:25.0689 3964 Wecsvc - ok
15:24:25.0704 3964 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:24:25.0704 3964 wercplsupport - ok
15:24:25.0735 3964 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:24:25.0735 3964 WerSvc - ok
15:24:25.0782 3964 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:24:25.0798 3964 winachsf - ok
15:24:25.0860 3964 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:24:25.0876 3964 WinDefend - ok
15:24:25.0876 3964 WinHttpAutoProxySvc - ok
15:24:25.0923 3964 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:24:25.0938 3964 Winmgmt - ok
15:24:26.0032 3964 WinRing0_1_2_0 (845af1ba23c8d5e64def61bcc441604c) C:\Program Files\GameBooster3\Driver\WinRing0.sys
15:24:26.0032 3964 WinRing0_1_2_0 - ok
15:24:26.0094 3964 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
15:24:26.0110 3964 WinRM - ok
15:24:26.0172 3964 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:24:26.0188 3964 Wlansvc - ok
15:24:26.0235 3964 WLSetupSvc (f7753932bc154cb1eb76f3cd1db693fb) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
15:24:26.0235 3964 WLSetupSvc - ok
15:24:26.0281 3964 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
15:24:26.0281 3964 WmiAcpi - ok
15:24:26.0328 3964 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:24:26.0328 3964 wmiApSrv - ok
15:24:26.0422 3964 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:24:26.0437 3964 WMPNetworkSvc - ok
15:24:26.0484 3964 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
15:24:26.0484 3964 WPCSvc - ok
15:24:26.0531 3964 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
15:24:26.0547 3964 WPDBusEnum - ok
15:24:26.0687 3964 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:24:26.0703 3964 WPFFontCache_v0400 - ok
15:24:26.0749 3964 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:24:26.0749 3964 ws2ifsl - ok
15:24:26.0781 3964 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
15:24:26.0781 3964 wscsvc - ok
15:24:26.0781 3964 WSearch - ok
15:24:26.0905 3964 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
15:24:26.0968 3964 wuauserv - ok
15:24:27.0108 3964 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:24:27.0108 3964 WUDFRd - ok
15:24:27.0139 3964 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:24:27.0139 3964 wudfsvc - ok
15:24:27.0171 3964 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
15:24:27.0171 3964 XAudio - ok
15:24:27.0217 3964 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
15:24:27.0233 3964 XAudioService - ok
15:24:27.0264 3964 XDva285 - ok
15:24:27.0280 3964 XDva370 - ok
15:24:27.0295 3964 XDva383 - ok
15:24:27.0311 3964 XDva385 - ok
15:24:27.0327 3964 XDva387 - ok
15:24:27.0342 3964 XDva391 - ok
15:24:27.0358 3964 XDva392 - ok
15:24:27.0358 3964 XDva393 - ok
15:24:27.0373 3964 XDva397 - ok
15:24:27.0389 3964 XDva398 - ok
15:24:27.0436 3964 MBR (0x1B8) (8c9f9e03865c35f0f3829a23cda42f5d) \Device\Harddisk0\DR0
15:24:30.0228 3964 \Device\Harddisk0\DR0 - ok
15:24:30.0244 3964 Boot (0x1200) (2bc8ecaf1ad1bd3c2414de963df4a3ed) \Device\Harddisk0\DR0\Partition0
15:24:30.0244 3964 \Device\Harddisk0\DR0\Partition0 - ok
15:24:30.0244 3964 ============================================================
15:24:30.0244 3964 Scan finished
15:24:30.0244 3964 ============================================================
15:24:30.0259 6760 Detected object count: 0
15:24:30.0259 6760 Actual detected object count: 0

~~~~~~~~~~~~~~~~~~~~~

aswMBR


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-08 15:14:11
-----------------------------
15:14:11.239 OS Version: Windows 6.0.6002 Service Pack 2
15:14:11.239 Number of processors: 2 586 0x6B02
15:14:11.239 ComputerName: NEBULUS01 UserName: ZT01
15:14:29.163 Initialize success
15:14:32.595 AVAST engine defs: 12080800
15:15:13.899 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
15:15:13.899 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 6
15:15:13.899 Disk 0 MBR read successfully
15:15:13.899 Disk 0 MBR scan
15:15:13.914 Disk 0 unknown MBR code
15:15:13.914 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
15:15:13.930 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295003 MB offset 20973568
15:15:13.930 Disk 0 scanning sectors +625140400
15:15:14.008 Disk 0 scanning C:\Windows\system32\drivers
15:15:22.213 Service scanning
15:15:35.115 Modules scanning
15:15:38.032 Disk 0 trace - called modules:
15:15:38.079 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
15:15:38.079 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868b9620]
15:15:38.094 3 CLASSPNP.SYS[8a79e8b3] -> nt!IofCallDriver -> [0x85a614f0]
15:15:38.094 5 acpi.sys[8060e6bc] -> nt!IofCallDriver -> \Device\0000005f[0x85a796a0]
15:15:39.077 AVAST engine scan C:\Windows
15:15:42.603 AVAST engine scan C:\Windows\system32
15:17:42.379 AVAST engine scan C:\Windows\system32\drivers
15:17:52.285 AVAST engine scan C:\Users\ZT01
15:22:58.155 AVAST engine scan C:\ProgramData
15:23:25.689 Scan finished successfully
15:23:41.689 Disk 0 MBR has been saved successfully to "C:\Tools\MBR.dat"
15:23:41.689 The log file has been saved successfully to "C:\Tools\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 PM

Posted 08 August 2012 - 02:27 PM

decided to leave CF alone and use this for any leftovers I find



Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 08 August 2012 - 06:03 PM

okay, additional issue; somewhere along the line one of these scans (probably combofix since other stuff has been mostly passive?) messed with whatever it is that reports openGL version stuff and has it reporting null, which crashes minecraft. it was fine last night, which was before running combofix et al.


OTL logfile created on: 8/8/2012 6:53:44 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Tools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 45.05% Memory free
5.98 Gb Paging File | 3.87 Gb Available in Paging File | 64.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 120.76 Gb Free Space | 41.92% Space Free | Partition Type: NTFS

Computer Name: NEBULUS01 | User Name: ZT01 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Sleipnir\bin\Sleipnir.exe (Fenrir Inc.)
PRC - C:\Program Files\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Java\jre7\bin\javaw.exe (Oracle Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\dxdiag.exe (Microsoft Corporation)
PRC - C:\sysreset\mirc.exe (mIRC Co. Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Winamp\winamp.exe (Nullsoft)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Sleipnir\plugins\browser\IEBrowser.fx ()
MOD - C:\Program Files\Sleipnir\bin\FenrirLib.fx ()
MOD - C:\Program Files\Sleipnir\plugins\toolbar\SearchBar.fx ()
MOD - C:\Program Files\Sleipnir\plugins\action\StdActions.fx ()
MOD - C:\Program Files\Sleipnir\plugins\toolbar\AddressBar.fx ()
MOD - C:\Program Files\Sleipnir\plugins\panel\BookmarkPanel.fx ()
MOD - C:\Program Files\Sleipnir\plugins\browser\FavoritesEditor.fx ()
MOD - C:\Program Files\Sleipnir\plugins\extension\MouseExtension.fx ()
MOD - C:\Program Files\Sleipnir\plugins\dock\SearchDock.fx ()
MOD - C:\Program Files\Sleipnir\plugins\extension\BookmarkGroup.fx ()
MOD - C:\Program Files\Sleipnir\plugins\toolbar\PersonalBar.fx ()
MOD - C:\Program Files\Sleipnir\plugins\panel\WindowListPanel.fx ()
MOD - C:\Program Files\Sleipnir\plugins\panel\HistoryPanel.fx ()
MOD - C:\Program Files\Sleipnir\plugins\extension\MenuEditorExtension.fx ()
MOD - C:\Program Files\Sleipnir\plugins\dock\InformationDock.fx ()
MOD - C:\Program Files\Sleipnir\plugins\extension\RecentlyHistoryExtention.fx ()
MOD - C:\Program Files\Sleipnir\plugins\toolbar\RoboformAdaptor.fx ()
MOD - C:\Program Files\Sleipnir\plugins\extension\ProxyExtension.fx ()
MOD - C:\Program Files\Sleipnir\plugins\dynfolder\RssDynamicFolder.fx ()
MOD - C:\Program Files\Sleipnir\plugins\statusbar\RssAutoDiscovery.fx ()
MOD - C:\Program Files\Sleipnir\plugins\statusbar\QuickSecurity.fx ()
MOD - C:\Program Files\Sleipnir\plugins\extension\JumpListExtension.fx ()
MOD - C:\Program Files\Sleipnir\plugins\dock\OutputDock.fx ()
MOD - C:\Program Files\Sleipnir\plugins\extension\PersonalInfoExtention.fx ()
MOD - C:\Program Files\Sleipnir\plugins\menu\ScriptMenu.fx ()
MOD - C:\Program Files\Sleipnir\plugins\statusbar\PopupBlock.fx ()
MOD - C:\Program Files\Sleipnir\plugins\menu\BookmarkMenu.fx ()
MOD - C:\Program Files\Sleipnir\plugins\menu\BookmarkGroupMenu.fx ()
MOD - C:\Program Files\Sleipnir\plugins\statusbar\SslState.fx ()
MOD - C:\Program Files\Sleipnir\plugins\statusbar\ZoomControl.fx ()
MOD - C:\Program Files\Sleipnir\plugins\statusbar\PrivacyReport.fx ()
MOD - C:\Program Files\Sleipnir\plugins\menu\GoUpMenu.fx ()
MOD - C:\Program Files\Sleipnir\plugins\menu\StyleSheetMenu.fx ()
MOD - C:\Program Files\Sleipnir\plugins\menu\DockMenu.fx ()
MOD - C:\Program Files\Sleipnir\plugins\menu\RecentlyHistoryMenu.fx ()
MOD - C:\Program Files\Sleipnir\plugins\menu\ProxyMenu.fx ()
MOD - C:\Program Files\Sleipnir\plugins\menu\PanelMenu.fx ()
MOD - C:\Program Files\Sleipnir\plugins\menu\GoForwardMenu.fx ()
MOD - C:\Program Files\Sleipnir\plugins\menu\GoBackMenu.fx ()
MOD - C:\Program Files\Sleipnir\plugins\menu\ToolBarMenu.fx ()
MOD - C:\Program Files\Sleipnir\plugins\menu\SkinMenu.fx ()
MOD - C:\Program Files\Sleipnir\bin\sqlite3.dll ()
MOD - C:\Users\ZT01\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_vgm.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_psf.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_vio2sf.dll ()
MOD - C:\Program Files\FreeDownloadManager\iefdm2.dll ()
MOD - C:\Program Files\Winamp\Plugins\unrar.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_adlib.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_gsf.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_NotSoFatso.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_ml.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_nsv.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_wm.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mp3.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_midi.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_vorbis.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mod.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_cdda.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_ds.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_wave.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_wave.dll ()
MOD - C:\Program Files\Winamp\Plugins\read_file.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_ym.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_wm.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\Avast5\AvastSvc.exe (AVAST Software)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Hamachi2Svc) -- C:\Program Files\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (vpnclient) -- C:\Program Files\PacketiXVPNClient\vpnclient.exe (SoftEther Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (XDva398) -- C:\Windows\system32\XDva398.sys File not found
DRV - (XDva397) -- C:\Windows\system32\XDva397.sys File not found
DRV - (XDva393) -- C:\Windows\system32\XDva393.sys File not found
DRV - (XDva392) -- C:\Windows\system32\XDva392.sys File not found
DRV - (XDva391) -- C:\Windows\system32\XDva391.sys File not found
DRV - (XDva387) -- C:\Windows\system32\XDva387.sys File not found
DRV - (XDva385) -- C:\Windows\system32\XDva385.sys File not found
DRV - (XDva383) -- C:\Windows\system32\XDva383.sys File not found
DRV - (XDva370) -- C:\Windows\system32\XDva370.sys File not found
DRV - (XDva285) -- C:\Windows\system32\XDva285.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (AWEAlloc) -- system32\DRIVERS\awealloc.sys File not found
DRV - (aswMBR) -- C:\Users\ZT01\AppData\Local\Temp\aswMBR.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (Neo_VPN) -- C:\Windows\System32\drivers\Neo_0092.sys (SoftEther Corporation)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (WinRing0_1_2_0) -- C:\Program Files\GameBooster3\Driver\WinRing0.sys (OpenLibSys.org)
DRV - (BazisVirtualCDBus) -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys (SysProgs.org)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3266769259-3880101330-600960622-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3266769259-3880101330-600960622-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1307304502&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
IE - HKU\S-1-5-21-3266769259-3880101330-600960622-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3266769259-3880101330-600960622-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3266769259-3880101330-600960622-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKU\S-1-5-21-3266769259-3880101330-600960622-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3266769259-3880101330-600960622-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\FoxitReader\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@gamepot.co.jp/GamepotEXeEnvCtrl;version=1: C:\Program Files\Gamepot\GPEXE\\npGPEXE.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ZT01\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



O1 HOSTS File: ([2012/07/03 10:11:28 | 000,601,803 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16149 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\FreeDownloadManager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3266769259-3880101330-600960622-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3266769259-3880101330-600960622-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\FreeDownloadManager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\FreeDownloadManager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\FreeDownloadManager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\FreeDownloadManager\dllink.htm ()
O16 - DPF: {145C073F-9098-41CA-81E1-295D17CDFD55} https://ta.mk-style.com/weblauncher/common/CnCGameLauncher.cab (TTS Launcher Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabinogi.jp/3drender/renderer/mabiweb.2010.05.24.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} https://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab (Game Starter Control)
O16 - DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} http://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab (HgTAgent2 Extension Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E4BC6F2E-E1BB-4F76-A400-87FF46653A8E} http://lov.ujj.co.jp/mypage/activex/LovClientLoader.CAB (LovClientLoader.Loader)
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab (PubPlugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FC568D2-FC5A-447B-B854-ACECCEF5A807}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C723B582-89C9-46B3-BED0-D6447C13A797}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Wallpaper\Rena-TR.bmp
O24 - Desktop BackupWallPaper: C:\Wallpaper\Rena-TR.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 11:05:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/08 11:05:06 | 000,000,000 | ---D | C] -- C:\Users\ZT01\AppData\Local\temp
[2012/08/08 11:04:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/17 15:46:01 | 000,000,000 | ---D | C] -- C:\Users\ZT01\AppData\Roaming\GPEXE
[2012/07/17 15:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Gamepot
[2012/07/15 18:05:53 | 000,000,000 | ---D | C] -- C:\JS3_TRY

========== Files - Modified Within 30 Days ==========

[2012/08/08 17:21:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 17:21:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 12:01:20 | 000,000,095 | ---- | M] () -- C:\Windows\winamp.ini
[2012/08/08 11:26:40 | 000,631,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/08 11:26:40 | 000,118,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/08 11:21:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/08 10:57:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP
[2012/08/07 16:34:50 | 000,000,534 | ---- | M] () -- C:\Users\ZT01\Documents\My Sharing Folders.lnk
[2012/08/02 18:08:28 | 000,002,347 | ---- | M] () -- C:\Users\Public\Desktop\Jasc Paint Shop Pro 9.lnk
[2012/08/02 18:08:18 | 000,001,825 | ---- | M] () -- C:\pspbrwse.jbf
[2012/08/02 12:45:31 | 000,000,000 | ---- | M] () -- C:\Users\ZT01\defogger_reenable
[2012/07/29 10:50:54 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/29 10:50:54 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/25 01:06:33 | 000,000,847 | ---- | M] () -- C:\Users\ZT01\.recently-used.xbel

========== Files Created - No Company Name ==========

[2012/08/02 18:08:18 | 000,001,825 | ---- | C] () -- C:\pspbrwse.jbf
[2012/08/02 12:45:31 | 000,000,000 | ---- | C] () -- C:\Users\ZT01\defogger_reenable
[2012/07/25 01:06:33 | 000,000,847 | ---- | C] () -- C:\Users\ZT01\.recently-used.xbel
[2012/06/28 01:16:30 | 000,000,029 | ---- | C] () -- C:\Windows\Index.ini
[2012/06/19 00:10:11 | 000,000,004 | ---- | C] () -- C:\Windows\storedt.ini
[2012/06/01 15:58:53 | 000,068,972 | ---- | C] () -- C:\Windows\System32\nglide_uninst.exe
[2012/05/08 21:53:14 | 001,294,336 | ---- | C] () -- C:\Windows\System32\glide3x.dll
[2012/04/27 09:56:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\nglide_config.exe
[2012/04/26 11:00:05 | 006,948,203 | ---- | C] () -- C:\Program Files\Avant Browser.zip
[2012/04/02 17:49:21 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/03/04 15:08:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cid_store.dat
[2012/03/03 20:20:52 | 000,220,220 | ---- | C] () -- C:\Users\ZT01\AppData\Roaming\Fenrir Inc.zip
[2012/02/27 18:53:19 | 130,591,970 | ---- | C] () -- C:\Users\ZT01\AppData\Roaming\.minecraft.zip
[2011/05/23 16:18:49 | 000,002,488 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/05/15 14:48:39 | 000,040,960 | ---- | C] () -- C:\Windows\DelPiv.exe
[2011/04/04 19:40:06 | 000,000,054 | ---- | C] () -- C:\Windows\JascCmdFile.INI
[2011/03/16 20:38:55 | 000,128,080 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/02/20 17:51:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/20 17:51:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/20 17:51:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/20 17:51:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/20 17:51:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/01 23:15:52 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2011/02/01 21:27:26 | 000,062,208 | ---- | C] () -- C:\Windows\iun1401.exe
[2011/02/01 20:48:40 | 000,000,126 | ---- | C] () -- C:\Windows\wininit.ini
[2011/02/01 20:45:06 | 000,000,393 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/02/01 20:43:43 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2011/02/01 20:43:43 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe
[2011/02/01 20:29:04 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2011/01/31 21:07:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/31 21:07:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/31 21:07:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 PM

Posted 08 August 2012 - 06:23 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\FoxitReader\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5C321E34  
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 08 August 2012 - 06:30 PM

okay, in between my last post and yours, I rebooted and that resolved minecraft's choking on it's tongue, though it seems like in the wake of combofix, avast's tray icon isn't showing up straightaways like it should; I'm gonna reboot again and wait longer to see if it's just dragging it's heels... here's the log from your script, which didn't ask for a reboot.



========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Tools\cmd.bat deleted successfully.
C:\Tools\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: ZT01
->Java cache emptied: 676597 bytes

Total Java Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: ZT01
->Flash cache emptied: 140245 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08082012_192812

#14 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 08 August 2012 - 06:35 PM

-the hated doublepost*

nnnope. the tray icon isn't showing up on it's own now. I'm having to go into my toolbox and invoke avast by hand. that's... not how it's supposed to behave.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 PM

Posted 08 August 2012 - 07:33 PM

Hello

right now Avast is the only thing not working?

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users