Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan in SVChost.exe


  • This topic is locked This topic is locked
21 replies to this topic

#1 BlackRainZ

BlackRainZ

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 12 August 2012 - 11:34 PM

Malwarebytes anti malware program is detecting a Trojan in SVChost.exe. I tried removing it, rebooted, and it still detects it. Previously, I got viruses on the PC and it made it so I couldn't get into windows, even in safe mode. So I just reinstalled windows 7 without formatting and deleted the old windows installs with disk cleanup. Need help getting rid of this virus.




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by BlackRain at 0:28:52 on 2012-08-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.5774 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Avira\AntiVir Desktop\avguard.exe
C:\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\nvvsvc.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\avira\antivir desktop\avcenter.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\avira\antivir desktop\avscan.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [avgnt] "C:\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: C:\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.137.1
TCP: Interfaces\{5FB60CDE-EEDF-4C00-84A5-6CE97F53FF6A} : DhcpNameServer = 192.168.137.1
BHO-X64: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
TB-X64: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [avgnt] "C:\Avira\AntiVir Desktop\avgnt.exe" /min
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Avira\AntiVir Desktop\sched.exe [2012-8-12 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Avira\AntiVir Desktop\avguard.exe [2012-8-12 110032]
R2 AntiVirWebService;Avira Web Protection;C:\Avira\AntiVir Desktop\avwebgrd.exe [2012-8-12 465360]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 MBAMService;MBAMService;C:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-12 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-11 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-11 136176]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-11 136176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTCore64;RTCore64;C:\EVGA Precision X\RTCore64.sys [2012-6-29 15176]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-13 04:17:28 20480 ------w- C:\Windows\svchost.exe
2012-08-12 21:41:35 -------- d-----w- C:\Users\BlackRain\AppData\Roaming\Avira
2012-08-12 21:35:51 -------- d-----w- C:\Users\BlackRain\AppData\Local\AskToolbar
2012-08-12 21:35:34 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-08-12 21:35:25 -------- d-----w- C:\Users\BlackRain\AppData\Local\APN
2012-08-12 21:35:20 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-08-12 21:35:20 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-08-12 21:35:20 -------- d-----w- C:\ProgramData\Avira
2012-08-12 21:35:20 -------- d-----w- C:\Avira
2012-08-12 21:32:45 -------- d-----w- C:\Program Files\CCleaner
2012-08-12 21:29:04 -------- d-----w- C:\Users\BlackRain\AppData\Roaming\Malwarebytes
2012-08-12 21:28:56 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-12 21:28:55 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-12 21:28:55 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-08-12 16:48:01 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-08-12 16:48:01 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-08-12 16:48:01 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-08-12 16:48:01 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-08-12 16:48:01 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-08-12 16:48:01 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-08-12 16:48:01 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-08-12 16:47:56 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-08-12 16:47:56 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-08-12 16:47:56 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-08-12 16:47:56 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-08-12 16:47:56 2565632 ----a-w- C:\Windows\System32\esent.dll
2012-08-12 16:47:56 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-08-12 16:47:56 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2012-08-12 16:47:56 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-08-12 16:47:56 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-12 16:47:56 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-08-12 16:47:56 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-08-12 16:33:05 -------- d-----w- C:\EVGA Precision X
2012-08-12 13:36:39 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2012-08-12 13:36:39 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2012-08-12 13:36:39 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2012-08-12 13:36:18 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2012-08-12 13:36:18 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2012-08-12 13:36:18 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2012-08-12 13:35:35 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-08-12 13:35:35 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-08-12 13:35:26 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-08-12 13:35:17 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-08-12 13:35:10 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-08-12 13:35:10 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-08-12 13:33:21 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-08-12 13:33:21 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-08-12 13:33:21 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-08-11 23:48:34 -------- d-----w- C:\Windows\Panther
2012-08-11 23:13:14 -------- d-----w- C:\Windows\SysWow64\Wat
2012-08-11 23:13:14 -------- d-----w- C:\Windows\System32\Wat
2012-08-11 23:10:42 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-11 23:01:36 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-08-11 23:01:36 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-08-11 23:01:36 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-08-11 23:01:36 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-08-11 23:01:36 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-11 23:01:36 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-11 23:01:36 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-08-11 22:34:18 -------- d-----w- C:\Temp
2012-08-11 20:46:57 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-08-11 20:45:41 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-08-11 20:44:43 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-08-11 20:43:40 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-08-11 20:40:56 -------- d-----w- C:\Users\BlackRain\AppData\Local\Skyrim
2012-08-11 20:39:59 72200 ----a-w- C:\Windows\System32\XAPOFX1_1.dll
2012-08-11 20:32:12 -------- d-----w- C:\WinRAR
2012-08-11 20:29:43 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-11 20:29:42 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{79095BED-F014-4429-815E-E992E127932A}\mpengine.dll
2012-08-11 20:16:09 -------- d-----w- C:\CPU-Z
2012-08-11 20:16:07 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-08-11 20:16:07 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-08-11 20:16:06 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-08-11 20:13:55 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-08-11 20:11:28 -------- d-----w- C:\Users\BlackRain\AppData\Roaming\Systweak
2012-08-11 20:11:27 18856 ----a-w- C:\Windows\System32\roboot64.exe
2012-08-11 20:02:11 -------- d-sh--w- C:\Windows\Installer
2012-08-11 20:00:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-08-06 22:30:05 -------- d-----w- C:\meshes
2012-08-06 17:29:48 5371904 ----a-w- C:\BOSS GUI.exe
2012-08-06 17:26:28 2457088 ----a-w- C:\BOSS.exe
2012-08-05 04:28:20 -------- d-----w- C:\roms
2012-07-19 23:52:01 -------- d-----w- C:\Battle of Red Cliffs
.
==================== Find3M ====================
.
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH: 0:29:21.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:10 AM

Posted 13 August 2012 - 04:00 AM

Greetings and Welcome to The Forums!!


My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 BlackRainZ

BlackRainZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 13 August 2012 - 07:19 AM

Ran security check and this is what it said (will now do other steps you posted)


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

#4 BlackRainZ

BlackRainZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 13 August 2012 - 07:31 AM

This is the log from combofix:


ComboFix 12-08-10.02 - BlackRain 08/13/2012 8:21.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.6680 [GMT -4:00]
Running from: c:\users\BlackRain\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 12:25 . 2012-08-13 12:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 21:35 . 2012-08-12 21:36 -------- d-----w- c:\program files (x86)\Ask.com
2012-08-12 21:35 . 2012-08-12 21:36 -------- d-----w- c:\programdata\Avira
2012-08-12 21:35 . 2012-08-12 21:35 -------- d-----w- C:\Avira
2012-08-12 21:35 . 2012-07-18 22:05 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-12 21:35 . 2012-07-18 22:05 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-12 21:35 . 2012-07-18 22:05 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-12 21:32 . 2012-08-12 21:32 -------- d-----w- c:\program files\CCleaner
2012-08-12 21:28 . 2012-08-12 21:28 -------- d-----w- c:\programdata\Malwarebytes
2012-08-12 16:48 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-08-12 16:48 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-08-12 16:48 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-08-12 16:48 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-08-12 16:48 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-08-12 16:48 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-08-12 16:48 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-08-12 16:47 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-08-12 16:47 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-08-12 16:47 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-12 16:47 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-08-12 16:47 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-08-12 16:47 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-08-12 16:47 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-08-12 16:47 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-08-12 16:47 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-08-12 16:47 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-08-12 16:47 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-08-12 16:47 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2012-08-12 16:33 . 2012-08-12 19:39 -------- d-----w- C:\EVGA Precision X
2012-08-12 13:37 . 2012-07-03 07:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-08-12 13:36 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-08-12 13:36 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll
2012-08-12 13:36 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-08-12 13:36 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2012-08-12 13:36 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2012-08-12 13:36 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-08-12 13:36 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-08-12 13:35 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-08-12 13:35 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-08-12 13:35 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-08-12 13:35 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-12 13:35 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-08-12 13:35 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-08-12 13:33 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-08-12 13:33 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-08-12 13:33 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-08-12 13:21 . 2012-08-12 13:21 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-08-11 23:48 . 2012-08-12 21:34 -------- d-----w- c:\windows\Panther
2012-08-11 23:13 . 2012-08-11 23:13 -------- d-----w- c:\windows\SysWow64\Wat
2012-08-11 23:13 . 2012-08-11 23:13 -------- d-----w- c:\windows\system32\Wat
2012-08-11 23:10 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-11 23:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-11 23:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-11 23:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-11 23:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-11 23:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-11 23:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-11 23:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-11 22:34 . 2012-08-11 21:18 -------- d-----w- C:\Temp
2012-08-11 20:47 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
2012-08-11 20:46 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-08-11 20:45 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-08-11 20:44 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-08-11 20:43 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-08-11 20:40 . 2010-02-04 14:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-08-11 20:39 . 2008-07-31 14:41 72200 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2012-08-11 20:32 . 2012-08-11 20:32 -------- d-----w- C:\WinRAR
2012-08-11 20:29 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79095BED-F014-4429-815E-E992E127932A}\mpengine.dll
2012-08-11 20:16 . 2012-08-11 20:16 -------- d-----w- c:\users\UpdatusUser
2012-08-11 20:16 . 2012-08-11 20:16 -------- d-----w- C:\CPU-Z
2012-08-11 20:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-11 20:14 . 2012-04-18 17:08 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-08-11 20:13 . 2012-08-11 20:16 -------- d-----w- c:\program files\NVIDIA Corporation
2012-08-11 20:11 . 2012-07-16 18:25 18856 ----a-w- c:\windows\system32\roboot64.exe
2012-08-11 20:02 . 2012-08-11 20:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-08-11 20:02 . 2012-08-13 03:26 -------- d-sh--w- c:\windows\Installer
2012-08-11 20:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-11 20:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-11 20:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-11 20:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-11 19:59 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-11 19:59 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-11 19:59 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-11 19:59 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-11 19:59 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-11 19:59 . 2012-08-11 20:08 -------- d-----w- c:\users\BlackRain
2012-08-06 22:30 . 2012-03-27 03:53 -------- d-----w- C:\meshes
2012-08-06 17:29 . 2012-08-06 17:29 5371904 ----a-w- C:\BOSS GUI.exe
2012-08-06 17:26 . 2012-08-06 17:26 2457088 ----a-w- C:\BOSS.exe
2012-08-05 04:28 . 2012-08-05 04:29 -------- d-----w- C:\roms
2012-07-19 23:52 . 2012-07-25 01:45 -------- d-----w- C:\Battle of Red Cliffs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-05 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-05 00:20 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-05 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-05 1391272]
"avgnt"="c:\avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 136176]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RTCore64;RTCore64;c:\evga precision x\RTCore64.sys [2012-06-29 15176]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-11 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S2 AntiVirSchedulerService;Avira Scheduler;c:\avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 AntiVirWebService;Avira Web Protection;c:\avira\AntiVir Desktop\AVWEBGRD.EXE [2012-07-18 465360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 20:03]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 20:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.137.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-13 08:26:39
ComboFix-quarantined-files.txt 2012-08-13 12:26
.
Pre-Run: 636,393,865,216 bytes free
Post-Run: 636,244,336,640 bytes free
.
- - End Of File - - 3E97B4AA51BA82156F314E710A1CFFA5

#5 BlackRainZ

BlackRainZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 13 August 2012 - 11:12 AM

Well I ran malwarebytes anti malware again and it didn't detect any virus, so I guess it's all clean now. Thanks a lot! I don't know why the antivirus programs can't clean up these viruses, what is the point of having them>

#6 BlackRainZ

BlackRainZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 13 August 2012 - 12:43 PM

Hmm, I was just trying to do a backup on dvd-r's and it didn't work, backup failed for some reason. Tried to redo it and got a blue screen. Restarted and when the computer loaded up malwarebytes detected a trojan again.

Also, what do you think the best anti-virus program is> Should I try running the combofix again>

Edited by BlackRainZ, 13 August 2012 - 12:45 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:10 AM

Posted 13 August 2012 - 12:56 PM

Greetings

virus change everyday so the antiviruses are always playing catchup - please don't run any scans until I ask for them

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 BlackRainZ

BlackRainZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 13 August 2012 - 01:14 PM

Sorry, I should have been more patient. I ended up running combofix again and then after reboot running malwarebytes anti malware, which still detected trojans and tried to remove them. I will follow only your instructions now.

#9 BlackRainZ

BlackRainZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 13 August 2012 - 01:18 PM

TDSKiller report



14:13:50.0523 1588 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:13:50.0789 1588 ============================================================
14:13:50.0789 1588 Current date / time: 2012/08/13 14:13:50.0789
14:13:50.0789 1588 SystemInfo:
14:13:50.0789 1588
14:13:50.0789 1588 OS Version: 6.1.7601 ServicePack: 1.0
14:13:50.0789 1588 Product type: Workstation
14:13:50.0789 1588 ComputerName: BLACKRAIN-PC
14:13:50.0789 1588 UserName: BlackRain
14:13:50.0789 1588 Windows directory: C:\Windows
14:13:50.0789 1588 System windows directory: C:\Windows
14:13:50.0789 1588 Running under WOW64
14:13:50.0789 1588 Processor architecture: Intel x64
14:13:50.0789 1588 Number of processors: 4
14:13:50.0789 1588 Page size: 0x1000
14:13:50.0789 1588 Boot type: Normal boot
14:13:50.0789 1588 ============================================================
14:13:52.0583 1588 Drive \Device\Harddisk0\DR0 - Size: 0xE8E1300000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:13:52.0583 1588 ============================================================
14:13:52.0583 1588 \Device\Harddisk0\DR0:
14:13:52.0598 1588 MBR partitions:
14:13:52.0598 1588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74708800
14:13:52.0598 1588 ============================================================
14:13:52.0614 1588 C: <-> \Device\Harddisk0\DR0\Partition0
14:13:52.0614 1588 ============================================================
14:13:52.0614 1588 Initialize success
14:13:52.0614 1588 ============================================================
14:14:51.0321 3348 ============================================================
14:14:51.0321 3348 Scan started
14:14:51.0321 3348 Mode: Manual;
14:14:51.0321 3348 ============================================================
14:14:52.0476 3348 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
14:14:52.0476 3348 1394ohci - ok
14:14:52.0491 3348 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:14:52.0507 3348 ACPI - ok
14:14:52.0538 3348 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:14:52.0538 3348 AcpiPmi - ok
14:14:52.0601 3348 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:14:52.0601 3348 AdobeARMservice - ok
14:14:52.0647 3348 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:14:52.0647 3348 adp94xx - ok
14:14:52.0679 3348 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:14:52.0679 3348 adpahci - ok
14:14:52.0694 3348 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:14:52.0694 3348 adpu320 - ok
14:14:52.0710 3348 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:14:52.0710 3348 AeLookupSvc - ok
14:14:52.0772 3348 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:14:52.0788 3348 AFD - ok
14:14:52.0803 3348 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:14:52.0803 3348 agp440 - ok
14:14:52.0819 3348 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:14:52.0819 3348 ALG - ok
14:14:52.0850 3348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:14:52.0850 3348 aliide - ok
14:14:52.0866 3348 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:14:52.0866 3348 amdide - ok
14:14:52.0897 3348 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:14:52.0897 3348 AmdK8 - ok
14:14:52.0897 3348 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:14:52.0897 3348 AmdPPM - ok
14:14:52.0944 3348 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:14:52.0944 3348 amdsata - ok
14:14:52.0959 3348 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:14:52.0959 3348 amdsbs - ok
14:14:52.0959 3348 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:14:52.0959 3348 amdxata - ok
14:14:52.0975 3348 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:14:52.0975 3348 AppID - ok
14:14:53.0037 3348 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:14:53.0037 3348 AppIDSvc - ok
14:14:53.0053 3348 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:14:53.0053 3348 Appinfo - ok
14:14:53.0084 3348 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:14:53.0084 3348 AppMgmt - ok
14:14:53.0084 3348 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:14:53.0100 3348 arc - ok
14:14:53.0100 3348 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:14:53.0100 3348 arcsas - ok
14:14:53.0115 3348 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:14:53.0115 3348 AsyncMac - ok
14:14:53.0131 3348 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:14:53.0131 3348 atapi - ok
14:14:53.0162 3348 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:14:53.0178 3348 AudioEndpointBuilder - ok
14:14:53.0178 3348 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:14:53.0178 3348 AudioSrv - ok
14:14:53.0209 3348 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:14:53.0209 3348 AxInstSV - ok
14:14:53.0256 3348 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:14:53.0271 3348 b06bdrv - ok
14:14:53.0334 3348 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:14:53.0349 3348 b57nd60a - ok
14:14:53.0381 3348 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:14:53.0381 3348 BDESVC - ok
14:14:53.0396 3348 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:14:53.0396 3348 Beep - ok
14:14:53.0459 3348 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:14:53.0459 3348 BFE - ok
14:14:53.0490 3348 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:14:53.0505 3348 BITS - ok
14:14:53.0537 3348 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:14:53.0537 3348 blbdrive - ok
14:14:53.0568 3348 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:14:53.0583 3348 bowser - ok
14:14:53.0583 3348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:14:53.0583 3348 BrFiltLo - ok
14:14:53.0599 3348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:14:53.0599 3348 BrFiltUp - ok
14:14:53.0630 3348 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:14:53.0630 3348 BridgeMP - ok
14:14:53.0646 3348 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:14:53.0661 3348 Browser - ok
14:14:53.0677 3348 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:14:53.0677 3348 Brserid - ok
14:14:53.0677 3348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:14:53.0677 3348 BrSerWdm - ok
14:14:53.0693 3348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:14:53.0693 3348 BrUsbMdm - ok
14:14:53.0693 3348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:14:53.0693 3348 BrUsbSer - ok
14:14:53.0693 3348 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:14:53.0708 3348 BTHMODEM - ok
14:14:53.0708 3348 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:14:53.0708 3348 bthserv - ok
14:14:53.0739 3348 catchme - ok
14:14:53.0755 3348 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:14:53.0755 3348 cdfs - ok
14:14:53.0771 3348 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:14:53.0786 3348 cdrom - ok
14:14:53.0802 3348 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:14:53.0802 3348 CertPropSvc - ok
14:14:53.0802 3348 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:14:53.0802 3348 circlass - ok
14:14:53.0833 3348 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:14:53.0833 3348 CLFS - ok
14:14:53.0911 3348 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:14:53.0911 3348 clr_optimization_v2.0.50727_32 - ok
14:14:53.0973 3348 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:14:53.0973 3348 clr_optimization_v2.0.50727_64 - ok
14:14:54.0020 3348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:14:54.0098 3348 clr_optimization_v4.0.30319_32 - ok
14:14:54.0129 3348 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:14:54.0129 3348 clr_optimization_v4.0.30319_64 - ok
14:14:54.0145 3348 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:14:54.0145 3348 CmBatt - ok
14:14:54.0145 3348 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:14:54.0145 3348 cmdide - ok
14:14:54.0192 3348 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:14:54.0207 3348 CNG - ok
14:14:54.0207 3348 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:14:54.0207 3348 Compbatt - ok
14:14:54.0223 3348 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:14:54.0223 3348 CompositeBus - ok
14:14:54.0223 3348 COMSysApp - ok
14:14:54.0239 3348 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:14:54.0239 3348 crcdisk - ok
14:14:54.0285 3348 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:14:54.0285 3348 CryptSvc - ok
14:14:54.0332 3348 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:14:54.0332 3348 CSC - ok
14:14:54.0379 3348 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:14:54.0395 3348 CscService - ok
14:14:54.0426 3348 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:14:54.0426 3348 DcomLaunch - ok
14:14:54.0473 3348 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:14:54.0473 3348 defragsvc - ok
14:14:54.0519 3348 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:14:54.0519 3348 DfsC - ok
14:14:54.0566 3348 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:14:54.0566 3348 Dhcp - ok
14:14:54.0566 3348 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:14:54.0582 3348 discache - ok
14:14:54.0582 3348 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:14:54.0582 3348 Disk - ok
14:14:54.0597 3348 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
14:14:54.0597 3348 dmvsc - ok
14:14:54.0613 3348 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:14:54.0613 3348 Dnscache - ok
14:14:54.0644 3348 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:14:54.0644 3348 dot3svc - ok
14:14:54.0675 3348 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:14:54.0675 3348 DPS - ok
14:14:54.0691 3348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:14:54.0691 3348 drmkaud - ok
14:14:54.0753 3348 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:14:54.0753 3348 DXGKrnl - ok
14:14:54.0800 3348 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:14:54.0800 3348 EapHost - ok
14:14:55.0003 3348 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:14:55.0050 3348 ebdrv - ok
14:14:55.0143 3348 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:14:55.0143 3348 EFS - ok
14:14:55.0221 3348 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:14:55.0221 3348 ehRecvr - ok
14:14:55.0237 3348 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:14:55.0237 3348 ehSched - ok
14:14:55.0284 3348 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:14:55.0284 3348 elxstor - ok
14:14:55.0299 3348 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:14:55.0299 3348 ErrDev - ok
14:14:55.0346 3348 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:14:55.0346 3348 EventSystem - ok
14:14:55.0362 3348 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:14:55.0362 3348 exfat - ok
14:14:55.0377 3348 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:14:55.0393 3348 fastfat - ok
14:14:55.0440 3348 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:14:55.0440 3348 Fax - ok
14:14:55.0455 3348 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:14:55.0455 3348 fdc - ok
14:14:55.0455 3348 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:14:55.0455 3348 fdPHost - ok
14:14:55.0487 3348 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:14:55.0487 3348 FDResPub - ok
14:14:55.0487 3348 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:14:55.0487 3348 FileInfo - ok
14:14:55.0502 3348 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:14:55.0502 3348 Filetrace - ok
14:14:55.0502 3348 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:14:55.0502 3348 flpydisk - ok
14:14:55.0518 3348 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:14:55.0533 3348 FltMgr - ok
14:14:55.0580 3348 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:14:55.0596 3348 FontCache - ok
14:14:55.0643 3348 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:14:55.0643 3348 FontCache3.0.0.0 - ok
14:14:55.0658 3348 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:14:55.0658 3348 FsDepends - ok
14:14:55.0689 3348 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:14:55.0689 3348 Fs_Rec - ok
14:14:55.0705 3348 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:14:55.0705 3348 fvevol - ok
14:14:55.0736 3348 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:14:55.0736 3348 gagp30kx - ok
14:14:55.0783 3348 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:14:55.0799 3348 gpsvc - ok
14:14:55.0892 3348 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:14:55.0892 3348 gupdate - ok
14:14:55.0908 3348 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:14:55.0908 3348 gupdatem - ok
14:14:55.0939 3348 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:14:55.0939 3348 hcw85cir - ok
14:14:56.0001 3348 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:14:56.0001 3348 HdAudAddService - ok
14:14:56.0001 3348 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:14:56.0001 3348 HDAudBus - ok
14:14:56.0017 3348 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:14:56.0017 3348 HidBatt - ok
14:14:56.0033 3348 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:14:56.0033 3348 HidBth - ok
14:14:56.0064 3348 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:14:56.0064 3348 HidIr - ok
14:14:56.0079 3348 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:14:56.0079 3348 hidserv - ok
14:14:56.0111 3348 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:14:56.0111 3348 HidUsb - ok
14:14:56.0126 3348 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:14:56.0126 3348 hkmsvc - ok
14:14:56.0157 3348 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:14:56.0157 3348 HomeGroupListener - ok
14:14:56.0173 3348 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:14:56.0173 3348 HomeGroupProvider - ok
14:14:56.0204 3348 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:14:56.0220 3348 HpSAMD - ok
14:14:56.0251 3348 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:14:56.0267 3348 HTTP - ok
14:14:56.0282 3348 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:14:56.0282 3348 hwpolicy - ok
14:14:56.0298 3348 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:14:56.0298 3348 i8042prt - ok
14:14:56.0345 3348 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:14:56.0345 3348 iaStorV - ok
14:14:56.0423 3348 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:14:56.0423 3348 idsvc - ok
14:14:56.0438 3348 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:14:56.0438 3348 iirsp - ok
14:14:56.0469 3348 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:14:56.0485 3348 IKEEXT - ok
14:14:56.0501 3348 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:14:56.0501 3348 intelide - ok
14:14:56.0501 3348 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:14:56.0501 3348 intelppm - ok
14:14:56.0516 3348 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:14:56.0516 3348 IPBusEnum - ok
14:14:56.0532 3348 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:14:56.0532 3348 IpFilterDriver - ok
14:14:56.0579 3348 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:14:56.0579 3348 iphlpsvc - ok
14:14:56.0610 3348 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:14:56.0610 3348 IPMIDRV - ok
14:14:56.0610 3348 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:14:56.0610 3348 IPNAT - ok
14:14:56.0625 3348 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:14:56.0625 3348 IRENUM - ok
14:14:56.0641 3348 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:14:56.0641 3348 isapnp - ok
14:14:56.0657 3348 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:14:56.0672 3348 iScsiPrt - ok
14:14:56.0703 3348 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:14:56.0703 3348 kbdclass - ok
14:14:56.0703 3348 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:14:56.0703 3348 kbdhid - ok
14:14:56.0735 3348 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:14:56.0735 3348 KeyIso - ok
14:14:56.0750 3348 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:14:56.0750 3348 KSecDD - ok
14:14:56.0766 3348 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:14:56.0766 3348 KSecPkg - ok
14:14:56.0781 3348 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:14:56.0781 3348 ksthunk - ok
14:14:56.0828 3348 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:14:56.0844 3348 KtmRm - ok
14:14:56.0891 3348 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:14:56.0906 3348 LanmanServer - ok
14:14:56.0922 3348 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:14:56.0922 3348 LanmanWorkstation - ok
14:14:56.0937 3348 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:14:56.0937 3348 lltdio - ok
14:14:56.0984 3348 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:14:56.0984 3348 lltdsvc - ok
14:14:57.0000 3348 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:14:57.0000 3348 lmhosts - ok
14:14:57.0015 3348 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:14:57.0015 3348 LSI_FC - ok
14:14:57.0031 3348 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:14:57.0031 3348 LSI_SAS - ok
14:14:57.0031 3348 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:14:57.0031 3348 LSI_SAS2 - ok
14:14:57.0047 3348 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:14:57.0047 3348 LSI_SCSI - ok
14:14:57.0062 3348 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:14:57.0062 3348 luafv - ok
14:14:57.0109 3348 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
14:14:57.0109 3348 MBAMProtector - ok
14:14:57.0156 3348 MBAMService (43683e970f008c93c9429ef428147a54) C:\Malwarebytes' Anti-Malware\mbamservice.exe
14:14:57.0156 3348 MBAMService - ok
14:14:57.0187 3348 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:14:57.0187 3348 Mcx2Svc - ok
14:14:57.0218 3348 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:14:57.0218 3348 megasas - ok
14:14:57.0234 3348 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:14:57.0249 3348 MegaSR - ok
14:14:57.0281 3348 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:14:57.0281 3348 MMCSS - ok
14:14:57.0296 3348 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:14:57.0296 3348 Modem - ok
14:14:57.0296 3348 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:14:57.0296 3348 monitor - ok
14:14:57.0312 3348 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:14:57.0312 3348 mouclass - ok
14:14:57.0312 3348 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:14:57.0312 3348 mouhid - ok
14:14:57.0312 3348 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:14:57.0327 3348 mountmgr - ok
14:14:57.0327 3348 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:14:57.0327 3348 mpio - ok
14:14:57.0343 3348 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:14:57.0343 3348 mpsdrv - ok
14:14:57.0390 3348 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:14:57.0390 3348 MpsSvc - ok
14:14:57.0405 3348 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:14:57.0421 3348 MRxDAV - ok
14:14:57.0468 3348 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:14:57.0483 3348 mrxsmb - ok
14:14:57.0499 3348 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:14:57.0499 3348 mrxsmb10 - ok
14:14:57.0530 3348 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:14:57.0530 3348 mrxsmb20 - ok
14:14:57.0546 3348 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:14:57.0546 3348 msahci - ok
14:14:57.0561 3348 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:14:57.0561 3348 msdsm - ok
14:14:57.0593 3348 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:14:57.0593 3348 MSDTC - ok
14:14:57.0639 3348 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:14:57.0639 3348 Msfs - ok
14:14:57.0639 3348 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:14:57.0655 3348 mshidkmdf - ok
14:14:57.0655 3348 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:14:57.0655 3348 msisadrv - ok
14:14:57.0686 3348 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:14:57.0686 3348 MSiSCSI - ok
14:14:57.0686 3348 msiserver - ok
14:14:57.0717 3348 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:14:57.0717 3348 MSKSSRV - ok
14:14:57.0733 3348 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:14:57.0733 3348 MSPCLOCK - ok
14:14:57.0733 3348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:14:57.0733 3348 MSPQM - ok
14:14:57.0780 3348 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:14:57.0780 3348 MsRPC - ok
14:14:57.0811 3348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:14:57.0811 3348 mssmbios - ok
14:14:57.0811 3348 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:14:57.0811 3348 MSTEE - ok
14:14:57.0827 3348 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:14:57.0827 3348 MTConfig - ok
14:14:57.0873 3348 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
14:14:57.0873 3348 MTsensor - ok
14:14:57.0889 3348 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:14:57.0889 3348 Mup - ok
14:14:57.0920 3348 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:14:57.0920 3348 napagent - ok
14:14:57.0998 3348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:14:57.0998 3348 NativeWifiP - ok
14:14:58.0092 3348 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:14:58.0092 3348 NDIS - ok
14:14:58.0107 3348 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:14:58.0107 3348 NdisCap - ok
14:14:58.0123 3348 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:14:58.0123 3348 NdisTapi - ok
14:14:58.0139 3348 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:14:58.0139 3348 Ndisuio - ok
14:14:58.0154 3348 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:14:58.0154 3348 NdisWan - ok
14:14:58.0154 3348 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:14:58.0154 3348 NDProxy - ok
14:14:58.0170 3348 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:14:58.0170 3348 NetBIOS - ok
14:14:58.0185 3348 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:14:58.0185 3348 NetBT - ok
14:14:58.0201 3348 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:14:58.0201 3348 Netlogon - ok
14:14:58.0248 3348 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:14:58.0248 3348 Netman - ok
14:14:58.0279 3348 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:14:58.0279 3348 netprofm - ok
14:14:58.0341 3348 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:14:58.0357 3348 NetTcpPortSharing - ok
14:14:58.0357 3348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:14:58.0357 3348 nfrd960 - ok
14:14:58.0404 3348 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:14:58.0404 3348 NlaSvc - ok
14:14:58.0404 3348 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:14:58.0404 3348 Npfs - ok
14:14:58.0419 3348 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:14:58.0419 3348 nsi - ok
14:14:58.0435 3348 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:14:58.0435 3348 nsiproxy - ok
14:14:58.0497 3348 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:14:58.0513 3348 Ntfs - ok
14:14:58.0591 3348 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:14:58.0591 3348 Null - ok
14:14:58.0653 3348 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
14:14:58.0653 3348 NVHDA - ok
14:14:59.0106 3348 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:14:59.0153 3348 nvlddmkm - ok
14:14:59.0246 3348 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:14:59.0246 3348 nvraid - ok
14:14:59.0262 3348 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:14:59.0262 3348 nvstor - ok
14:14:59.0324 3348 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
14:14:59.0324 3348 nvsvc - ok
14:14:59.0418 3348 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:14:59.0418 3348 nvUpdatusService - ok
14:14:59.0511 3348 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:14:59.0511 3348 nv_agp - ok
14:14:59.0511 3348 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:14:59.0511 3348 ohci1394 - ok
14:14:59.0558 3348 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:14:59.0558 3348 p2pimsvc - ok
14:14:59.0621 3348 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:14:59.0621 3348 p2psvc - ok
14:14:59.0636 3348 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:14:59.0636 3348 Parport - ok
14:14:59.0683 3348 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:14:59.0683 3348 partmgr - ok
14:14:59.0699 3348 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:14:59.0699 3348 PcaSvc - ok
14:14:59.0730 3348 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:14:59.0730 3348 pci - ok
14:14:59.0745 3348 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:14:59.0745 3348 pciide - ok
14:14:59.0761 3348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:14:59.0761 3348 pcmcia - ok
14:14:59.0777 3348 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:14:59.0777 3348 pcw - ok
14:14:59.0823 3348 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:14:59.0823 3348 PEAUTH - ok
14:14:59.0886 3348 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:14:59.0901 3348 PeerDistSvc - ok
14:14:59.0979 3348 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:14:59.0979 3348 PerfHost - ok
14:15:00.0073 3348 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:15:00.0089 3348 pla - ok
14:15:00.0120 3348 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:15:00.0135 3348 PlugPlay - ok
14:15:00.0135 3348 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:15:00.0135 3348 PNRPAutoReg - ok
14:15:00.0167 3348 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:15:00.0167 3348 PNRPsvc - ok
14:15:00.0229 3348 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:15:00.0229 3348 PolicyAgent - ok
14:15:00.0260 3348 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:15:00.0260 3348 Power - ok
14:15:00.0291 3348 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:15:00.0291 3348 PptpMiniport - ok
14:15:00.0307 3348 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:15:00.0307 3348 Processor - ok
14:15:00.0338 3348 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:15:00.0338 3348 ProfSvc - ok
14:15:00.0369 3348 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:15:00.0369 3348 ProtectedStorage - ok
14:15:00.0416 3348 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:15:00.0416 3348 Psched - ok
14:15:00.0525 3348 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:15:00.0541 3348 ql2300 - ok
14:15:00.0619 3348 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:15:00.0619 3348 ql40xx - ok
14:15:00.0650 3348 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:15:00.0666 3348 QWAVE - ok
14:15:00.0666 3348 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:15:00.0666 3348 QWAVEdrv - ok
14:15:00.0681 3348 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:15:00.0681 3348 RasAcd - ok
14:15:00.0697 3348 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:15:00.0697 3348 RasAgileVpn - ok
14:15:00.0713 3348 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:15:00.0713 3348 RasAuto - ok
14:15:00.0728 3348 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:15:00.0728 3348 Rasl2tp - ok
14:15:00.0759 3348 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:15:00.0759 3348 RasMan - ok
14:15:00.0775 3348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:15:00.0775 3348 RasPppoe - ok
14:15:00.0775 3348 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:15:00.0775 3348 RasSstp - ok
14:15:00.0806 3348 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:15:00.0806 3348 rdbss - ok
14:15:00.0806 3348 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:15:00.0806 3348 rdpbus - ok
14:15:00.0806 3348 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:15:00.0806 3348 RDPCDD - ok
14:15:00.0853 3348 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:15:00.0853 3348 RDPDR - ok
14:15:00.0884 3348 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:15:00.0884 3348 RDPENCDD - ok
14:15:00.0884 3348 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:15:00.0884 3348 RDPREFMP - ok
14:15:00.0915 3348 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:15:00.0915 3348 RdpVideoMiniport - ok
14:15:00.0947 3348 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:15:00.0947 3348 RDPWD - ok
14:15:00.0962 3348 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:15:00.0962 3348 rdyboost - ok
14:15:00.0978 3348 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:15:00.0978 3348 RemoteAccess - ok
14:15:01.0009 3348 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:15:01.0009 3348 RemoteRegistry - ok
14:15:01.0056 3348 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:15:01.0056 3348 RpcEptMapper - ok
14:15:01.0056 3348 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:15:01.0056 3348 RpcLocator - ok
14:15:01.0118 3348 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:15:01.0118 3348 RpcSs - ok
14:15:01.0134 3348 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:15:01.0134 3348 rspndr - ok
14:15:01.0196 3348 RTCore64 (269c9e8b59434c700482c363952d2c38) C:\EVGA Precision X\RTCore64.sys
14:15:01.0196 3348 RTCore64 - ok
14:15:01.0227 3348 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:15:01.0227 3348 s3cap - ok
14:15:01.0243 3348 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:15:01.0243 3348 SamSs - ok
14:15:01.0243 3348 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:15:01.0243 3348 sbp2port - ok
14:15:01.0259 3348 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:15:01.0274 3348 SCardSvr - ok
14:15:01.0274 3348 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:15:01.0290 3348 scfilter - ok
14:15:01.0321 3348 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:15:01.0337 3348 Schedule - ok
14:15:01.0352 3348 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:15:01.0352 3348 SCPolicySvc - ok
14:15:01.0368 3348 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:15:01.0368 3348 SDRSVC - ok
14:15:01.0399 3348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:15:01.0399 3348 secdrv - ok
14:15:01.0399 3348 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:15:01.0399 3348 seclogon - ok
14:15:01.0415 3348 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:15:01.0415 3348 SENS - ok
14:15:01.0430 3348 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:15:01.0430 3348 SensrSvc - ok
14:15:01.0446 3348 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:15:01.0446 3348 Serenum - ok
14:15:01.0446 3348 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:15:01.0446 3348 Serial - ok
14:15:01.0461 3348 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:15:01.0477 3348 sermouse - ok
14:15:01.0508 3348 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:15:01.0508 3348 SessionEnv - ok
14:15:01.0524 3348 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:15:01.0524 3348 sffdisk - ok
14:15:01.0524 3348 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:15:01.0524 3348 sffp_mmc - ok
14:15:01.0524 3348 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:15:01.0524 3348 sffp_sd - ok
14:15:01.0524 3348 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:15:01.0524 3348 sfloppy - ok
14:15:01.0571 3348 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:15:01.0571 3348 SharedAccess - ok
14:15:01.0602 3348 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:15:01.0602 3348 ShellHWDetection - ok
14:15:01.0602 3348 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:15:01.0602 3348 SiSRaid2 - ok
14:15:01.0617 3348 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:15:01.0617 3348 SiSRaid4 - ok
14:15:01.0617 3348 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:15:01.0633 3348 Smb - ok
14:15:01.0633 3348 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:15:01.0633 3348 SNMPTRAP - ok
14:15:01.0680 3348 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:15:01.0680 3348 spldr - ok
14:15:01.0727 3348 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:15:01.0742 3348 Spooler - ok
14:15:01.0851 3348 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:15:01.0898 3348 sppsvc - ok
14:15:01.0961 3348 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:15:01.0976 3348 sppuinotify - ok
14:15:02.0007 3348 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:15:02.0007 3348 srv - ok
14:15:02.0054 3348 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:15:02.0054 3348 srv2 - ok
14:15:02.0070 3348 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:15:02.0070 3348 srvnet - ok
14:15:02.0101 3348 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:15:02.0101 3348 SSDPSRV - ok
14:15:02.0117 3348 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:15:02.0117 3348 SstpSvc - ok
14:15:02.0210 3348 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:15:02.0210 3348 Stereo Service - ok
14:15:02.0210 3348 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:15:02.0210 3348 stexstor - ok
14:15:02.0257 3348 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:15:02.0257 3348 stisvc - ok
14:15:02.0288 3348 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:15:02.0288 3348 storflt - ok
14:15:02.0304 3348 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:15:02.0304 3348 storvsc - ok
14:15:02.0304 3348 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:15:02.0304 3348 swenum - ok
14:15:02.0351 3348 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:15:02.0351 3348 swprv - ok
14:15:02.0366 3348 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
14:15:02.0366 3348 Synth3dVsc - ok
14:15:02.0429 3348 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:15:02.0444 3348 SysMain - ok
14:15:02.0507 3348 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:15:02.0507 3348 TabletInputService - ok
14:15:02.0522 3348 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:15:02.0522 3348 TapiSrv - ok
14:15:02.0538 3348 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:15:02.0538 3348 TBS - ok
14:15:02.0631 3348 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:15:02.0647 3348 Tcpip - ok
14:15:02.0834 3348 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:15:02.0834 3348 TCPIP6 - ok
14:15:02.0897 3348 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:15:02.0897 3348 tcpipreg - ok
14:15:02.0912 3348 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:15:02.0912 3348 TDPIPE - ok
14:15:02.0943 3348 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:15:02.0943 3348 TDTCP - ok
14:15:02.0959 3348 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:15:02.0959 3348 tdx - ok
14:15:02.0975 3348 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:15:02.0975 3348 TermDD - ok
14:15:02.0975 3348 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
14:15:02.0975 3348 terminpt - ok
14:15:03.0021 3348 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:15:03.0021 3348 TermService - ok
14:15:03.0021 3348 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:15:03.0021 3348 Themes - ok
14:15:03.0068 3348 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:15:03.0068 3348 THREADORDER - ok
14:15:03.0099 3348 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:15:03.0099 3348 TrkWks - ok
14:15:03.0146 3348 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:15:03.0146 3348 TrustedInstaller - ok
14:15:03.0162 3348 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:15:03.0162 3348 tssecsrv - ok
14:15:03.0177 3348 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:15:03.0177 3348 TsUsbFlt - ok
14:15:03.0177 3348 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:15:03.0177 3348 TsUsbGD - ok
14:15:03.0224 3348 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
14:15:03.0224 3348 tsusbhub - ok
14:15:03.0240 3348 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:15:03.0240 3348 tunnel - ok
14:15:03.0255 3348 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:15:03.0255 3348 uagp35 - ok
14:15:03.0271 3348 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:15:03.0271 3348 udfs - ok
14:15:03.0287 3348 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:15:03.0287 3348 UI0Detect - ok
14:15:03.0287 3348 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:15:03.0287 3348 uliagpkx - ok
14:15:03.0302 3348 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:15:03.0302 3348 umbus - ok
14:15:03.0302 3348 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:15:03.0302 3348 UmPass - ok
14:15:03.0333 3348 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:15:03.0333 3348 UmRdpService - ok
14:15:03.0365 3348 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:15:03.0365 3348 upnphost - ok
14:15:03.0380 3348 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:15:03.0380 3348 usbccgp - ok
14:15:03.0443 3348 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:15:03.0443 3348 usbcir - ok
14:15:03.0458 3348 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:15:03.0458 3348 usbehci - ok
14:15:03.0489 3348 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:15:03.0489 3348 usbhub - ok
14:15:03.0505 3348 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:15:03.0505 3348 usbohci - ok
14:15:03.0505 3348 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:15:03.0505 3348 usbprint - ok
14:15:03.0536 3348 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
14:15:03.0536 3348 USBSTOR - ok
14:15:03.0552 3348 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:15:03.0552 3348 usbuhci - ok
14:15:03.0583 3348 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:15:03.0583 3348 UxSms - ok
14:15:03.0599 3348 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:15:03.0599 3348 VaultSvc - ok
14:15:03.0599 3348 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:15:03.0599 3348 vdrvroot - ok
14:15:03.0645 3348 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:15:03.0645 3348 vds - ok
14:15:03.0645 3348 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:15:03.0645 3348 vga - ok
14:15:03.0645 3348 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:15:03.0645 3348 VgaSave - ok
14:15:03.0661 3348 VGPU - ok
14:15:03.0692 3348 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:15:03.0692 3348 vhdmp - ok
14:15:03.0708 3348 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:15:03.0708 3348 viaide - ok
14:15:03.0723 3348 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:15:03.0723 3348 vmbus - ok
14:15:03.0739 3348 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:15:03.0739 3348 VMBusHID - ok
14:15:03.0755 3348 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:15:03.0755 3348 volmgr - ok
14:15:03.0770 3348 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:15:03.0786 3348 volmgrx - ok
14:15:03.0801 3348 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:15:03.0801 3348 volsnap - ok
14:15:03.0817 3348 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:15:03.0817 3348 vsmraid - ok
14:15:03.0911 3348 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:15:03.0926 3348 VSS - ok
14:15:04.0035 3348 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:15:04.0035 3348 vwifibus - ok
14:15:04.0067 3348 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:15:04.0067 3348 W32Time - ok
14:15:04.0098 3348 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:15:04.0098 3348 WacomPen - ok
14:15:04.0098 3348 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:15:04.0098 3348 WANARP - ok
14:15:04.0098 3348 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:15:04.0098 3348 Wanarpv6 - ok
14:15:04.0176 3348 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:15:04.0191 3348 WatAdminSvc - ok
14:15:04.0316 3348 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:15:04.0332 3348 wbengine - ok
14:15:04.0394 3348 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:15:04.0394 3348 WbioSrvc - ok
14:15:04.0410 3348 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:15:04.0425 3348 wcncsvc - ok
14:15:04.0425 3348 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:15:04.0425 3348 WcsPlugInService - ok
14:15:04.0441 3348 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:15:04.0441 3348 Wd - ok
14:15:04.0488 3348 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:15:04.0488 3348 Wdf01000 - ok
14:15:04.0503 3348 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:15:04.0503 3348 WdiServiceHost - ok
14:15:04.0503 3348 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:15:04.0503 3348 WdiSystemHost - ok
14:15:04.0519 3348 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:15:04.0519 3348 WebClient - ok
14:15:04.0535 3348 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:15:04.0535 3348 Wecsvc - ok
14:15:04.0535 3348 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:15:04.0550 3348 wercplsupport - ok
14:15:04.0550 3348 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:15:04.0550 3348 WerSvc - ok
14:15:04.0597 3348 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:15:04.0597 3348 WfpLwf - ok
14:15:04.0597 3348 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:15:04.0597 3348 WIMMount - ok
14:15:04.0628 3348 WinDefend - ok
14:15:04.0628 3348 WinHttpAutoProxySvc - ok
14:15:04.0675 3348 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:15:04.0675 3348 Winmgmt - ok
14:15:04.0737 3348 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:15:04.0753 3348 WinRM - ok
14:15:04.0847 3348 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:15:04.0862 3348 Wlansvc - ok
14:15:04.0878 3348 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:15:04.0878 3348 WmiAcpi - ok
14:15:04.0893 3348 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:15:04.0893 3348 wmiApSrv - ok
14:15:04.0909 3348 WMPNetworkSvc - ok
14:15:04.0925 3348 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:15:04.0925 3348 WPCSvc - ok
14:15:04.0956 3348 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:15:04.0956 3348 WPDBusEnum - ok
14:15:04.0956 3348 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:15:04.0956 3348 ws2ifsl - ok
14:15:04.0971 3348 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:15:04.0971 3348 wscsvc - ok
14:15:04.0971 3348 WSearch - ok
14:15:05.0096 3348 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:15:05.0127 3348 wuauserv - ok
14:15:05.0190 3348 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:15:05.0190 3348 WudfPf - ok
14:15:05.0221 3348 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:15:05.0221 3348 wudfsvc - ok
14:15:05.0237 3348 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:15:05.0237 3348 WwanSvc - ok
14:15:05.0283 3348 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
14:15:05.0283 3348 yukonw7 - ok
14:15:05.0283 3348 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:15:05.0315 3348 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:15:05.0315 3348 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:15:05.0315 3348 Boot (0x1200) (a0794433f765194fafd69f0c0f25aa67) \Device\Harddisk0\DR0\Partition0
14:15:05.0315 3348 \Device\Harddisk0\DR0\Partition0 - ok
14:15:05.0315 3348 ============================================================
14:15:05.0315 3348 Scan finished
14:15:05.0315 3348 ============================================================
14:15:05.0315 3360 Detected object count: 1
14:15:05.0315 3360 Actual detected object count: 1
14:15:16.0141 3360 \Device\Harddisk0\DR0\# - copied to quarantine
14:15:16.0141 3360 \Device\Harddisk0\DR0 - copied to quarantine
14:15:16.0250 3360 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:15:16.0250 3360 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:15:16.0266 3360 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:15:16.0266 3360 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:15:16.0297 3360 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:15:16.0297 3360 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:15:16.0313 3360 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:15:16.0313 3360 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:15:16.0313 3360 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:15:16.0313 3360 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:15:16.0313 3360 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:15:16.0313 3360 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:15:16.0313 3360 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:15:16.0313 3360 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:15:16.0313 3360 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:15:16.0328 3360 \Device\Harddisk0\DR0 - ok
14:15:21.0929 3360 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:15:35.0438 3452 Deinitialize success

#10 BlackRainZ

BlackRainZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 13 August 2012 - 01:30 PM

Here is the log from aswMBR. You didn't specify if I should do a quickscan or full scan so i left it on the default which was quick scan:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-13 14:20:23
-----------------------------
14:20:23.515 OS Version: Windows x64 6.1.7601 Service Pack 1
14:20:23.515 Number of processors: 4 586 0x1A05
14:20:23.515 ComputerName: BLACKRAIN-PC UserName: BlackRain
14:20:26.691 Initialize success
14:21:14.532 AVAST engine defs: 12081300
14:21:35.061 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:21:35.061 Disk 0 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8
14:21:35.077 Disk 0 MBR read successfully
14:21:35.077 Disk 0 MBR scan
14:21:35.077 Disk 0 Windows 7 default MBR code
14:21:35.077 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953873 MB offset 2048
14:21:35.092 Disk 0 scanning C:\Windows\system32\drivers
14:21:41.676 Service scanning
14:21:52.828 Modules scanning
14:21:52.828 Disk 0 trace - called modules:
14:21:52.843 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
14:21:52.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e22060]
14:21:52.843 3 CLASSPNP.SYS[fffff88001b6543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b3b050]
14:21:55.402 AVAST engine scan C:\Windows
14:21:57.601 AVAST engine scan C:\Windows\system32
14:24:06.008 AVAST engine scan C:\Windows\system32\drivers
14:24:17.225 AVAST engine scan C:\Users\BlackRain
14:24:42.793 AVAST engine scan C:\ProgramData
14:24:47.972 Scan finished successfully
14:28:47.870 Disk 0 MBR has been saved successfully to "C:\Users\BlackRain\Desktop\MBR.dat"
14:28:47.870 The log file has been saved successfully to "C:\Users\BlackRain\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:10 AM

Posted 13 August 2012 - 02:33 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Edited by gringo_pr, 13 August 2012 - 02:34 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 BlackRainZ

BlackRainZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 13 August 2012 - 02:48 PM

Report from Combofix below. I just ran the flash scan and quick scan with malwarebytes anti malware and it didn't pick up anything. I will run the complete scan. It did this before though and didn't find anything but later the trojan popped up again.



ComboFix 12-08-13.01 - BlackRain 08/13/2012 15:38:24.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.6597 [GMT -4:00]
Running from: c:\users\BlackRain\Downloads\ComboFix.exe
Command switches used :: c:\users\BlackRain\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 19:40 . 2012-08-13 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-13 18:15 . 2012-08-13 18:15 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-13 17:46 . 2012-08-13 17:46 -------- d-----w- c:\windows\system32\appmgmt
2012-08-13 16:19 . 2012-08-13 16:19 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-13 12:34 . 2012-08-13 12:34 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-08-13 12:34 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-12 21:35 . 2012-08-13 17:45 -------- d-----w- c:\programdata\Avira
2012-08-12 21:32 . 2012-08-12 21:32 -------- d-----w- c:\program files\CCleaner
2012-08-12 21:28 . 2012-08-12 21:28 -------- d-----w- c:\programdata\Malwarebytes
2012-08-12 16:48 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-08-12 16:48 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-08-12 16:48 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-08-12 16:48 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-08-12 16:48 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-08-12 16:48 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-08-12 16:48 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-08-12 16:47 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-08-12 16:47 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-08-12 16:47 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-12 16:47 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-08-12 16:47 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-08-12 16:47 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-08-12 16:47 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-08-12 16:47 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-08-12 16:47 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-08-12 16:47 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-08-12 16:47 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-08-12 16:47 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2012-08-12 16:33 . 2012-08-12 19:39 -------- d-----w- C:\EVGA Precision X
2012-08-12 13:37 . 2012-07-03 07:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-08-12 13:36 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-08-12 13:36 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll
2012-08-12 13:36 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-08-12 13:36 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2012-08-12 13:36 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2012-08-12 13:36 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-08-12 13:36 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-08-12 13:35 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-08-12 13:35 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-08-12 13:35 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-08-12 13:35 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-12 13:35 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-08-12 13:35 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-08-12 13:33 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-08-12 13:33 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-08-12 13:33 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-08-12 13:21 . 2012-08-12 13:21 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-08-11 23:48 . 2012-08-12 21:34 -------- d-----w- c:\windows\Panther
2012-08-11 23:13 . 2012-08-11 23:13 -------- d-----w- c:\windows\SysWow64\Wat
2012-08-11 23:13 . 2012-08-11 23:13 -------- d-----w- c:\windows\system32\Wat
2012-08-11 23:10 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-11 23:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-11 23:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-11 23:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-11 23:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-11 23:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-11 23:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-11 23:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-11 22:34 . 2012-08-11 21:18 -------- d-----w- C:\Temp
2012-08-11 20:47 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
2012-08-11 20:46 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-08-11 20:45 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-08-11 20:44 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-08-11 20:43 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-08-11 20:40 . 2010-02-04 14:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-08-11 20:39 . 2008-07-31 14:41 72200 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2012-08-11 20:32 . 2012-08-11 20:32 -------- d-----w- C:\WinRAR
2012-08-11 20:29 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79095BED-F014-4429-815E-E992E127932A}\mpengine.dll
2012-08-11 20:16 . 2012-08-13 17:43 -------- d-----w- c:\users\UpdatusUser
2012-08-11 20:16 . 2012-08-11 20:16 -------- d-----w- C:\CPU-Z
2012-08-11 20:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-11 20:14 . 2012-04-18 17:08 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-08-11 20:13 . 2012-08-11 20:16 -------- d-----w- c:\program files\NVIDIA Corporation
2012-08-11 20:11 . 2012-07-16 18:25 18856 ----a-w- c:\windows\system32\roboot64.exe
2012-08-11 20:02 . 2012-08-11 20:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-08-11 20:02 . 2012-08-13 17:46 -------- d-sh--w- c:\windows\Installer
2012-08-11 20:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-11 20:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-11 20:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-11 20:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-11 19:59 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-11 19:59 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-11 19:59 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-11 19:59 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-11 19:59 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-11 19:59 . 2012-08-11 20:08 -------- d-----w- c:\users\BlackRain
2012-08-06 22:30 . 2012-03-27 03:53 -------- d-----w- C:\meshes
2012-08-06 17:29 . 2012-08-06 17:29 5371904 ----a-w- C:\BOSS GUI.exe
2012-08-06 17:26 . 2012-08-06 17:26 2457088 ----a-w- C:\BOSS.exe
2012-08-05 04:28 . 2012-08-05 04:29 -------- d-----w- C:\roms
2012-07-19 23:52 . 2012-07-25 01:45 -------- d-----w- C:\Battle of Red Cliffs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-13_18.00.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-08-13 18:19 24396 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-13 18:19 31478 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-08-13 18:49 97056 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-08-11 20:10 . 2012-08-13 18:19 4576 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1286304906-524382221-4183396005-1001_UserData.bin
+ 2012-08-13 19:41 . 2012-08-13 19:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-13 17:53 . 2012-08-13 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-08-13 18:12 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-13 17:54 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-08-13 18:21 623940 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-13 17:57 623940 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-13 17:57 106316 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-13 18:21 106316 c:\windows\system32\perfc009.dat
- 2012-08-13 04:08 . 2012-08-13 17:52 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-13 04:08 . 2012-08-13 19:41 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-13 12:13 . 2012-08-13 19:41 539680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1286304906-524382221-4183396005-1001-12288.dat
+ 2009-07-14 04:54 . 2012-08-13 18:12 2818048 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-13 17:54 2818048 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-13 17:54 6963200 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-13 18:12 6963200 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-13 04:08 . 2012-08-13 17:52 1534448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-08-13 04:08 . 2012-08-13 18:15 1534448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Malwarebytes' Anti-Malware"="c:\malwarebytes' anti-malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 136176]
R2 MBAMService;MBAMService;c:\malwarebytes' anti-malware\mbamservice.exe [2012-07-03 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RTCore64;RTCore64;c:\evga precision x\RTCore64.sys [2012-06-29 15176]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-11 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 20:03]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 20:03]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.137.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e3,ed,b1,c8,6a,79,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-13 15:43:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-13 19:43
ComboFix2.txt 2012-08-13 18:01
ComboFix3.txt 2012-08-13 12:26
.
Pre-Run: 634,883,903,488 bytes free
Post-Run: 634,902,323,200 bytes free
.
- - End Of File - - 9F4F9FB5C0BC573BAD560A64479847B4

#13 BlackRainZ

BlackRainZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 13 August 2012 - 04:05 PM

After full scan, it didn't pick up anything so i guess it's okay but I am worried about it coming back.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:10 AM

Posted 13 August 2012 - 05:30 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Ask Toolbar [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 BlackRainZ

BlackRainZ
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 13 August 2012 - 07:01 PM

Report from MBAM


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
BlackRain :: BLACKRAIN-PC [administrator]

Protection: Enabled

8/13/2012 8:00:04 PM
mbam-log-2012-08-13 (20-00-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210067
Time elapsed: 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users