Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected ?


  • This topic is locked This topic is locked
22 replies to this topic

#1 guitarman77

guitarman77

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 13 August 2012 - 11:59 PM

Earlier I was online and suddenly my AVAST started warning me with these messages


URL: hxxp://37.220.36.44/x/
Process: C:\Windows\System32\svchost.exe
Infection: URL:Mal

URL: hxxp://espeak911.com/x/
Process: C:\Windows\System32\svchost.exe
Infection: URL:Mal

URL: hxxp://colexity777.com/x/
Process: C:\Windows\System32\svchost.exe
Infection: URL:Mal


I decided to reboot my computer since the messages kept popping up every few seconds.
As I rebooted and the desktop was loading the screen turned black and can only see cursor then all of the sudden a blue screen appears and computer restarts. I am only able to boot it up in Safe Mode and I also got this message

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 8410D487
BCP3: A56C773C
BCP4: 00000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\081312-26348-01.dmp
C:\Users\Circuit City\AppData\Local\Temp\WER-61589-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt



__________________________________________________________________________________________

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Circuit City at 20:51:37 on 2012-08-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.1173 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WerFault.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 200.53.119.154:8080
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Gif Animator Toolbar Helper: {96372ab6-15eb-4316-b497-71c741bc548c} - c:\program files\easy gif animator extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Easy Gif Animator Toolbar: {35065594-9169-4a34-b167-fc4865038e53} - c:\program files\easy gif animator extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Facebook Update] "c:\users\circuit city\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [aswAhAScr.dll] "c:\program files\alwil software\avast5\aswregsvr.exe" "c:\program files\alwil software\avast5\AhAScr.dll"
mRunOnce: [aswasOutExt.dll] "c:\program files\alwil software\avast5\aswregsvr.exe" "c:\program files\alwil software\avast5\asOutExt.dll"
mRunOnce: [aswaswOtl.dll] "c:\program files\alwil software\avast5\aswregsvr.exe" "c:\program files\alwil software\avast5\aswOtl.dll"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\circui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C2679871-9BB6-4CB7-BE1B-E5E96CF5905B} : NameServer = 209.18.47.62,68.94.156.1
TCP: Interfaces\{C2679871-9BB6-4CB7-BE1B-E5E96CF5905B} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\circuit city\appdata\roaming\mozilla\firefox\profiles\v1ehr1uh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
FF - prefs.js: network.proxy.ftp - 200.53.119.154
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 200.53.119.154
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 200.53.119.154
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 200.53.119.154
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\circuit city\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\circuit city\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-21 64288]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-13 721000]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-2 353688]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2007-4-16 266343]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-2 21256]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-1-2 57656]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-8-13 44808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
S2 gupdate1c990874c293ef0;Google Update Service (gupdate1c990874c293ef0);c:\program files\google\update\GoogleUpdate.exe [2009-2-16 133104]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
S2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-3-9 2296696]
S2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-3-19 2666880]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-3-9 14336]
S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-3-9 20864]
S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-3-9 19968]
S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-3-9 24960]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2011-6-25 25728]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-16 133104]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-3-11 28672]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-23 39984]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [2011-6-25 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2011-6-25 108032]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-12 1343400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2011-8-31 16640]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
.
=============== Created Last 30 ================
.
2071-07-25 17:13:30 203576 ----a-w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
2012-08-14 01:51:18 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-14 01:51:02 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-14 01:38:16 124416 ----a-w- c:\programdata\microsoft\windows\drm\2AB8.tmp
2012-07-30 00:13:08 -------- d-----w- c:\users\circuit city\appdata\local\{771B9C14-19F7-4FB9-A0F4-B51BF520853D}
2012-07-30 00:12:29 -------- d-----w- c:\users\circuit city\appdata\local\{1AD778A6-02AF-467C-9B11-EAD21F49BFF9}
2012-07-26 04:00:19 -------- d-----w- c:\users\circuit city\appdata\roaming\Mp3tag
2012-07-26 03:59:49 -------- d-----w- c:\program files\Mp3tag
2012-07-18 02:59:13 -------- d-----w- c:\users\circuit city\appdata\local\{36DCEAFB-8B65-4F3C-9DCD-F2A287810419}
2012-07-18 02:59:08 -------- d-----w- c:\users\circuit city\appdata\local\{9E354C0F-A0DD-46FF-BA0F-99305D3B83AE}
2012-07-18 02:55:03 -------- d-----w- c:\windows\en
2012-07-18 02:46:04 -------- d-----w- c:\users\circuit city\appdata\local\{845D4721-549F-449A-AF0A-BA79231A7E49}
2012-07-18 02:45:48 -------- d-----w- c:\users\circuit city\appdata\local\{90CBE9AD-DDC6-42AC-8791-32928EA5F30A}
2012-07-18 02:05:57 -------- d-----w- c:\users\circuit city\appdata\local\{AC17F93B-5619-4141-9230-B86388DB4C5A}
2012-07-18 02:05:52 -------- d-----w- c:\users\circuit city\appdata\local\{258D6BB9-DDDE-4D17-AE7D-92DA541E910F}
.
==================== Find3M ====================
.
2012-08-04 15:31:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-04 15:31:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-12 02:40:48 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 20:54:16.31 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 AM

Posted 17 August 2012 - 11:44 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 guitarman77

guitarman77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 18 August 2012 - 01:21 PM

Hello Gringo,

Thank you for replying

I was able to run Security check but no luck with Combo Fix, while its running blue screen appears and computer restarts, I have tried 3 times and no luck, last program I remember installing was an AVAST update , before that I never had blue screen :(



Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
SpywareBlaster 4.4
CCleaner (remove only)
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.3.300.270
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 AM

Posted 18 August 2012 - 01:55 PM

Greetings guitarman77

Lets see if this will run



tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 guitarman77

guitarman77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 18 August 2012 - 04:04 PM

I was able to run both with no problems



12:03:38.0816 2084 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
12:03:39.0487 2084 ============================================================
12:03:39.0487 2084 Current date / time: 2012/08/18 12:03:39.0487
12:03:39.0487 2084 SystemInfo:
12:03:39.0487 2084
12:03:39.0487 2084 OS Version: 6.1.7601 ServicePack: 1.0
12:03:39.0487 2084 Product type: Workstation
12:03:39.0487 2084 ComputerName: CIRCUITCITY-PC
12:03:39.0488 2084 UserName: Circuit City
12:03:39.0488 2084 Windows directory: C:\Windows
12:03:39.0488 2084 System windows directory: C:\Windows
12:03:39.0488 2084 Processor architecture: Intel x86
12:03:39.0488 2084 Number of processors: 2
12:03:39.0488 2084 Page size: 0x1000
12:03:39.0488 2084 Boot type: Safe boot with network
12:03:39.0488 2084 ============================================================
12:03:40.0191 2084 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:03:40.0249 2084 ============================================================
12:03:40.0249 2084 \Device\Harddisk0\DR0:
12:03:40.0249 2084 MBR partitions:
12:03:40.0249 2084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x1384C7A, BlocksNum 0x12098F55
12:03:40.0249 2084 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1341DBCF, BlocksNum 0x1200FAF2
12:03:40.0249 2084 ============================================================
12:03:40.0295 2084 C: <-> \Device\Harddisk0\DR0\Partition1
12:03:40.0335 2084 D: <-> \Device\Harddisk0\DR0\Partition2
12:03:40.0335 2084 ============================================================
12:03:40.0335 2084 Initialize success
12:03:40.0335 2084 ============================================================
12:03:42.0156 1648 ============================================================
12:03:42.0156 1648 Scan started
12:03:42.0156 1648 Mode: Manual;
12:03:42.0156 1648 ============================================================
12:03:45.0032 1648 ================ Scan services =============================
12:03:45.0220 1648 [ 1b133875b8aa8ac48969bd3458afe9f5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:03:45.0224 1648 1394ohci - ok
12:03:45.0398 1648 [ a5f948a07b69401683bd809eea3dc34b ] Acer HomeMedia Connect Service C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
12:03:45.0405 1648 Acer HomeMedia Connect Service - ok
12:03:45.0463 1648 [ 509980831739ed65e173ec6cab056b5b ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
12:03:45.0480 1648 AcerMemUsageCheckService - ok
12:03:45.0522 1648 [ cea80c80bed809aa0da6febc04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:03:45.0527 1648 ACPI - ok
12:03:45.0547 1648 [ 1efbc664abff416d1d07db115dcb264f ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:03:45.0557 1648 AcpiPmi - ok
12:03:45.0669 1648 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:03:45.0673 1648 AdobeARMservice - ok
12:03:45.0753 1648 [ 6c40d5ed8951ab7b90d08af655224ee4 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:03:45.0757 1648 AdobeFlashPlayerUpdateSvc - ok
12:03:45.0802 1648 [ 21e785ebd7dc90a06391141aac7892fb ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:03:45.0808 1648 adp94xx - ok
12:03:45.0837 1648 [ 0c676bc278d5b59ff5abd57bbe9123f2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:03:45.0842 1648 adpahci - ok
12:03:45.0886 1648 [ 7c7b5ee4b7b822ec85321fe23a27db33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:03:45.0889 1648 adpu320 - ok
12:03:45.0936 1648 [ 8b5eefeec1e6d1a72a06c526628ad161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:03:45.0944 1648 AeLookupSvc - ok
12:03:45.0985 1648 [ 9ebbba55060f786f0fcaa3893bfa2806 ] AFD C:\Windows\system32\drivers\afd.sys
12:03:45.0991 1648 AFD - ok
12:03:46.0022 1648 [ 507812c3054c21cef746b6ee3d04dd6e ] agp440 C:\Windows\system32\drivers\agp440.sys
12:03:46.0024 1648 agp440 - ok
12:03:46.0050 1648 [ 8b30250d573a8f6b4bd23195160d8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:03:46.0064 1648 aic78xx - ok
12:03:46.0107 1648 [ 18a54e132947cd98fea9accc57f98f13 ] ALG C:\Windows\System32\alg.exe
12:03:46.0109 1648 ALG - ok
12:03:46.0149 1648 [ 0d40bcf52ea90fc7df2aeab6503dea44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:03:46.0151 1648 aliide - ok
12:03:46.0198 1648 [ 3c6600a0696e90a463771c7422e23ab5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:03:46.0200 1648 amdagp - ok
12:03:46.0219 1648 [ cd5914170297126b6266860198d1d4f0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:03:46.0221 1648 amdide - ok
12:03:46.0291 1648 [ 00dda200d71bac534bf56a9db5dfd666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:03:46.0294 1648 AmdK8 - ok
12:03:46.0311 1648 [ 3cbf30f5370fda40dd3e87df38ea53b6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:03:46.0313 1648 AmdPPM - ok
12:03:46.0368 1648 [ d320bf87125326f996d4904fe24300fc ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:03:46.0370 1648 amdsata - ok
12:03:46.0410 1648 [ ea43af0c423ff267355f74e7a53bdaba ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:03:46.0414 1648 amdsbs - ok
12:03:46.0447 1648 [ 46387fb17b086d16dea267d5be23a2f2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:03:46.0448 1648 amdxata - ok
12:03:46.0519 1648 [ 45039ad240754b3bd789668c2c986ea7 ] Andbus C:\Windows\system32\DRIVERS\lgandbus.sys
12:03:46.0564 1648 Andbus - ok
12:03:46.0608 1648 [ f7ec18db02c9fb26aed52e0e1bb98960 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag.sys
12:03:46.0636 1648 AndDiag - ok
12:03:46.0708 1648 [ 6d79f0c7f33dd85f50d69c7d7efec9e0 ] AndGps C:\Windows\system32\DRIVERS\lgandgps.sys
12:03:46.0736 1648 AndGps - ok
12:03:46.0758 1648 [ 881837e816b948f7a94098add21afd7c ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem.sys
12:03:46.0760 1648 ANDModem - ok
12:03:46.0786 1648 [ e94e2ea7faaa05c776a711edb198b9fd ] androidusb C:\Windows\system32\Drivers\smhwadb.sys
12:03:46.0789 1648 androidusb - ok
12:03:46.0826 1648 [ aea177f783e20150ace5383ee368da19 ] AppID C:\Windows\system32\drivers\appid.sys
12:03:46.0828 1648 AppID - ok
12:03:46.0872 1648 [ 62a9c86cb6085e20db4823e4e97826f5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:03:46.0885 1648 AppIDSvc - ok
12:03:46.0929 1648 [ fb1959012294d6ad43e5304df65e3c26 ] Appinfo C:\Windows\System32\appinfo.dll
12:03:46.0931 1648 Appinfo - ok
12:03:46.0991 1648 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:03:46.0995 1648 Apple Mobile Device - ok
12:03:47.0061 1648 [ 2932004f49677bd84dbc72edb754ffb3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:03:47.0064 1648 arc - ok
12:03:47.0085 1648 [ 5d6f36c46fd283ae1b57bd2e9feb0bc7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:03:47.0087 1648 arcsas - ok
12:03:47.0167 1648 [ d1677db703c20f5250d1fbe821e14424 ] AresChatServer C:\Program Files\Ares\chatServer.exe
12:03:47.0180 1648 AresChatServer - ok
12:03:47.0275 1648 [ 39cdcb109bf200cc8a05b9c7e6272d11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:03:47.0277 1648 aspnet_state - ok
12:03:47.0329 1648 [ 1c1f3d6dddc046c920c493a779649f66 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
12:03:47.0331 1648 aswFsBlk - ok
12:03:47.0372 1648 [ a48d8015af2a0d8b4937613ffbfd28de ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
12:03:47.0374 1648 aswMonFlt - ok
12:03:47.0450 1648 [ 4a951beba9e49410cde478b6f6abb252 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
12:03:47.0452 1648 aswRdr - ok
12:03:47.0555 1648 [ 73dbcf808e00580f2a47f93dd9b03876 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
12:03:47.0589 1648 aswSnx - ok
12:03:47.0634 1648 [ 6cbd7d3a33f498d09c831cdd732da2e0 ] aswSP C:\Windows\system32\drivers\aswSP.sys
12:03:47.0640 1648 aswSP - ok
12:03:47.0720 1648 [ 7109a9aa551f37cd168c02368465957e ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
12:03:47.0722 1648 aswTdi - ok
12:03:47.0739 1648 [ add2ade1c2b285ab8378d2daaf991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:03:47.0740 1648 AsyncMac - ok
12:03:47.0766 1648 [ 338c86357871c167a96ab976519bf59e ] atapi C:\Windows\system32\drivers\atapi.sys
12:03:47.0766 1648 atapi - ok
12:03:47.0794 1648 Ati External Event Utility - ok
12:03:47.0986 1648 [ 712d8a95e45b070114c5309ada7358ff ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
12:03:48.0097 1648 atikmdag - ok
12:03:48.0136 1648 [ a356e45e8432432c06981ea63a1e0fe8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
12:03:48.0137 1648 AtiPcie - ok
12:03:48.0222 1648 [ ce3b4e731638d2ef62fcb419be0d39f0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:03:48.0240 1648 AudioEndpointBuilder - ok
12:03:48.0263 1648 [ ce3b4e731638d2ef62fcb419be0d39f0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:03:48.0267 1648 Audiosrv - ok
12:03:48.0393 1648 [ 2f7c0f3e39c45e0127fb78b2f18a41f3 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
12:03:48.0396 1648 avast! Antivirus - ok
12:03:48.0433 1648 [ 6e30d02aac9cac84f421622e3a2f6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:03:48.0443 1648 AxInstSV - ok
12:03:48.0484 1648 [ 1a231abec60fd316ec54c66715543cec ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:03:48.0492 1648 b06bdrv - ok
12:03:48.0515 1648 [ bd8869eb9cde6bbe4508d869929869ee ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:03:48.0520 1648 b57nd60x - ok
12:03:48.0574 1648 [ ee1e9c3bb8228ae423dd38db69128e71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:03:48.0576 1648 BDESVC - ok
12:03:48.0631 1648 [ 505506526a9d467307b3c393dedaf858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:03:48.0658 1648 Beep - ok
12:03:48.0671 1648 BFE - ok
12:03:48.0687 1648 [ 2287078ed48fcfc477b05b20cf38f36f ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:03:48.0693 1648 blbdrive - ok
12:03:48.0794 1648 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:03:48.0801 1648 Bonjour Service - ok
12:03:48.0824 1648 [ 8f2da3028d5fcbd1a060a3de64cd6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:03:48.0826 1648 bowser - ok
12:03:48.0871 1648 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:03:48.0873 1648 BrFiltLo - ok
12:03:48.0886 1648 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:03:48.0887 1648 BrFiltUp - ok
12:03:48.0943 1648 [ 6e11f33d14d020f58d5e02e4d67dfa19 ] Browser C:\Windows\System32\browser.dll
12:03:48.0953 1648 Browser - ok
12:03:48.0978 1648 [ 845b8ce732e67f3b4133164868c666ea ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:03:48.0983 1648 Brserid - ok
12:03:49.0000 1648 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:03:49.0002 1648 BrSerWdm - ok
12:03:49.0023 1648 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:03:49.0024 1648 BrUsbMdm - ok
12:03:49.0048 1648 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:03:49.0050 1648 BrUsbSer - ok
12:03:49.0065 1648 [ ed3df7c56ce0084eb2034432fc56565a ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:03:49.0067 1648 BTHMODEM - ok
12:03:49.0112 1648 [ 1df19c96eef6c29d1c3e1a8678e07190 ] bthserv C:\Windows\system32\bthserv.dll
12:03:49.0115 1648 bthserv - ok
12:03:49.0138 1648 [ 77ea11b065e0a8ab902d78145ca51e10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:03:49.0141 1648 cdfs - ok
12:03:49.0175 1648 [ be167ed0fdb9c1fa1133953c18d5a6c9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:03:49.0178 1648 cdrom - ok
12:03:49.0222 1648 [ 319c6b309773d063541d01df8ac6f55f ] CertPropSvc C:\Windows\System32\certprop.dll
12:03:49.0252 1648 CertPropSvc - ok
12:03:49.0325 1648 [ 3fe3fe94a34df6fb06e6418d0f6a0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:03:49.0327 1648 circlass - ok
12:03:49.0368 1648 [ 635181e0e9bbf16871bf5380d71db02d ] CLFS C:\Windows\system32\CLFS.sys
12:03:49.0373 1648 CLFS - ok
12:03:49.0416 1648 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:03:49.0429 1648 clr_optimization_v2.0.50727_32 - ok
12:03:49.0511 1648 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:03:49.0531 1648 clr_optimization_v4.0.30319_32 - ok
12:03:49.0574 1648 [ dea805815e587dad1dd2c502220b5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:03:49.0575 1648 CmBatt - ok
12:03:49.0591 1648 [ c537b1db64d495b9b4717b4d6d9edbf2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:03:49.0592 1648 cmdide - ok
12:03:49.0652 1648 [ 247b4ce2dab1160cd422d532d5241e1f ] CNG C:\Windows\system32\Drivers\cng.sys
12:03:49.0658 1648 CNG - ok
12:03:49.0697 1648 [ a6023d3823c37043986713f118a89bee ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:03:49.0698 1648 Compbatt - ok
12:03:49.0734 1648 [ cbe8c58a8579cfe5fccf809e6f114e89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:03:49.0736 1648 CompositeBus - ok
12:03:49.0759 1648 COMSysApp - ok
12:03:49.0770 1648 [ 2c4ebcfc84a9b44f209dff6c6e6c61d1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:03:49.0772 1648 crcdisk - ok
12:03:49.0811 1648 [ 06e771aa596b8761107ab57e99f128d7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:03:49.0820 1648 CryptSvc - ok
12:03:49.0868 1648 [ 7660f01d3b38aca1747e397d21d790af ] DcomLaunch C:\Windows\system32\rpcss.dll
12:03:49.0929 1648 DcomLaunch - ok
12:03:49.0968 1648 [ 8d6e10a2d9a5eed59562d9b82cf804e1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:03:49.0973 1648 defragsvc - ok
12:03:50.0002 1648 [ f024449c97ec1e464aaffda18593db88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:03:50.0005 1648 DfsC - ok
12:03:50.0075 1648 [ e9e01eb683c132f7fa27cd607b8a2b63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:03:50.0080 1648 Dhcp - ok
12:03:50.0116 1648 [ 1a050b0274bfb3890703d490f330c0da ] discache C:\Windows\system32\drivers\discache.sys
12:03:50.0118 1648 discache - ok
12:03:50.0177 1648 [ 565003f326f99802e68ca78f2a68e9ff ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:03:50.0179 1648 Disk - ok
12:03:50.0200 1648 [ 33ef4861f19a0736b11314aad9ae28d0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:03:50.0204 1648 Dnscache - ok
12:03:50.0282 1648 [ 366ba8fb4b7bb7435e3b9eacb3843f67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:03:50.0287 1648 dot3svc - ok
12:03:50.0330 1648 [ 8ec04ca86f1d68da9e11952eb85973d6 ] DPS C:\Windows\system32\dps.dll
12:03:50.0334 1648 DPS - ok
12:03:50.0383 1648 [ b918e7c5f9bf77202f89e1a9539f2eb4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:03:50.0384 1648 drmkaud - ok
12:03:50.0420 1648 [ 23f5d28378a160352ba8f817bd8c71cb ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:03:50.0432 1648 DXGKrnl - ok
12:03:50.0471 1648 [ 8600142fa91c1b96367d3300ad0f3f3a ] EapHost C:\Windows\System32\eapsvc.dll
12:03:50.0475 1648 EapHost - ok
12:03:50.0587 1648 [ 024e1b5cac09731e4d868e64dbfb4ab0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:03:50.0672 1648 ebdrv - ok
12:03:50.0721 1648 [ f87dde13d57062da8eba2368667d8130 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
12:03:50.0730 1648 eDataSecurity Service - ok
12:03:50.0760 1648 [ 81951f51e318aecc2d68559e47485cc4 ] EFS C:\Windows\System32\lsass.exe
12:03:50.0763 1648 EFS - ok
12:03:50.0839 1648 [ a8c362018efc87beb013ee28f29c0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:03:50.0849 1648 ehRecvr - ok
12:03:50.0881 1648 [ d389bff34f80caede417bf9d1507996a ] ehSched C:\Windows\ehome\ehsched.exe
12:03:50.0883 1648 ehSched - ok
12:03:50.0940 1648 [ 0ed67910c8c326796faa00b2bf6d9d3c ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:03:50.0974 1648 elxstor - ok
12:03:51.0023 1648 [ a2580c15d2664d18c3e140c7f98b366c ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
12:03:51.0030 1648 eRecoveryService - ok
12:03:51.0059 1648 [ 8fc3208352dd3912c94367a206ab3f11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:03:51.0060 1648 ErrDev - ok
12:03:51.0118 1648 [ f6916efc29d9953d5d0df06882ae8e16 ] EventSystem C:\Windows\system32\es.dll
12:03:51.0123 1648 EventSystem - ok
12:03:51.0144 1648 [ 2dc9108d74081149cc8b651d3a26207f ] exfat C:\Windows\system32\drivers\exfat.sys
12:03:51.0147 1648 exfat - ok
12:03:51.0218 1648 Fabs - ok
12:03:51.0247 1648 [ 7e0ab74553476622fb6ae36f73d97d35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:03:51.0250 1648 fastfat - ok
12:03:51.0309 1648 [ 967ea5b213e9984cbe270205df37755b ] Fax C:\Windows\system32\fxssvc.exe
12:03:51.0326 1648 Fax - ok
12:03:51.0362 1648 [ e817a017f82df2a1f8cfdbda29388b29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:03:51.0364 1648 fdc - ok
12:03:51.0408 1648 [ f3222c893bd2f5821a0179e5c71e88fb ] fdPHost C:\Windows\system32\fdPHost.dll
12:03:51.0410 1648 fdPHost - ok
12:03:51.0423 1648 [ 7dbe8cbfe79efbdeb98c9fb08d3a9a5b ] FDResPub C:\Windows\system32\fdrespub.dll
12:03:51.0425 1648 FDResPub - ok
12:03:51.0468 1648 [ 6cf00369c97f3cf563be99be983d13d8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:03:51.0470 1648 FileInfo - ok
12:03:51.0526 1648 [ 42c51dc94c91da21cb9196eb64c45db9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:03:51.0529 1648 Filetrace - ok
12:03:51.0672 1648 [ fff1130f7c9fa01d093a1edfc5cce8fc ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
12:03:51.0779 1648 FirebirdServerMAGIXInstance - ok
12:03:51.0847 1648 [ 227846995afeefa70d328bf5334a86a5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:03:51.0889 1648 FLEXnet Licensing Service - ok
12:03:51.0911 1648 [ 87907aa70cb3c56600f1c2fb8841579b ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:03:51.0913 1648 flpydisk - ok
12:03:51.0956 1648 [ 7520ec808e0c35e0ee6f841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:03:51.0960 1648 FltMgr - ok
12:03:52.0000 1648 [ b3a5ec6b6b6673db7e87c2bcdbddc074 ] FontCache C:\Windows\system32\FntCache.dll
12:03:52.0023 1648 FontCache - ok
12:03:52.0091 1648 [ e56f39f6b7fda0ac77a79b0fd3de1a2f ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:03:52.0095 1648 FontCache3.0.0.0 - ok
12:03:52.0132 1648 [ 1a16b57943853e598cff37fe2b8cbf1d ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:03:52.0134 1648 FsDepends - ok
12:03:52.0170 1648 [ 7dae5ebcc80e45d3253f4923dc424d05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:03:52.0172 1648 Fs_Rec - ok
12:03:52.0218 1648 [ 8a73e79089b282100b9393b644cb853b ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:03:52.0222 1648 fvevol - ok
12:03:52.0240 1648 [ 65ee0c7a58b65e74ae05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:03:52.0242 1648 gagp30kx - ok
12:03:52.0290 1648 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:03:52.0299 1648 GEARAspiWDM - ok
12:03:52.0364 1648 [ e897eaf5ed6ba41e081060c9b447a673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:03:52.0381 1648 gpsvc - ok
12:03:52.0493 1648 [ 626a24ed1228580b9518c01930936df9 ] gupdate1c990874c293ef0 C:\Program Files\Google\Update\GoogleUpdate.exe
12:03:52.0496 1648 gupdate1c990874c293ef0 - ok
12:03:52.0511 1648 [ 626a24ed1228580b9518c01930936df9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:03:52.0512 1648 gupdatem - ok
12:03:52.0596 1648 [ 408ddd80eede47175f6844817b90213e ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:03:52.0600 1648 gusvc - ok
12:03:52.0642 1648 [ c44e3c2bab6837db337ddee7544736db ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:03:52.0643 1648 hcw85cir - ok
12:03:52.0679 1648 [ a5ef29d5315111c80a5c1abad14c8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:03:52.0684 1648 HdAudAddService - ok
12:03:52.0703 1648 [ 9036377b8a6c15dc2eec53e489d159b5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:03:52.0706 1648 HDAudBus - ok
12:03:52.0734 1648 [ 1d58a7f3e11a9731d0eaaaa8405acc36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:03:52.0736 1648 HidBatt - ok
12:03:52.0797 1648 [ 89448f40e6df260c206a193a4683ba78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:03:52.0800 1648 HidBth - ok
12:03:52.0812 1648 [ cf50b4cf4a4f229b9f3c08351f99ca5e ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:03:52.0814 1648 HidIr - ok
12:03:52.0868 1648 [ 2bc6f6a1992b3a77f5f41432ca6b3b6b ] hidserv C:\Windows\System32\hidserv.dll
12:03:52.0870 1648 hidserv - ok
12:03:52.0896 1648 [ 10c19f8290891af023eaec0832e1eb4d ] HidUsb C:\Windows\system32\drivers\hidusb.sys
12:03:52.0898 1648 HidUsb - ok
12:03:52.0945 1648 [ 196b4e3f4cccc24af836ce58facbb699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:03:52.0949 1648 hkmsvc - ok
12:03:52.0992 1648 [ 6658f4404de03d75fe3ba09f7aba6a30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:03:52.0997 1648 HomeGroupListener - ok
12:03:53.0061 1648 [ dbc02d918fff1cad628acbe0c0eaa8e8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:03:53.0066 1648 HomeGroupProvider - ok
12:03:53.0159 1648 [ 5da42d24712e00728cea2342a65009b2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:03:53.0166 1648 hpqcxs08 - ok
12:03:53.0179 1648 [ d86a39bf100069444d026d22d9a6e555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:03:53.0183 1648 hpqddsvc - ok
12:03:53.0206 1648 [ 295fdc419039090eb8b49ffdbb374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:03:53.0208 1648 HpSAMD - ok
12:03:53.0269 1648 [ a04f4ac48895774a2cf9d1c9eaaacef0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
12:03:53.0302 1648 HPSLPSVC - ok
12:03:53.0356 1648 [ 871917b07a141bff43d76d8844d48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:03:53.0374 1648 HTTP - ok
12:03:53.0418 1648 [ 0c4e035c7f105f1299258c90886c64c5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:03:53.0419 1648 hwpolicy - ok
12:03:53.0446 1648 [ f151f0bdc47f4a28b1b20a0818ea36d6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:03:53.0449 1648 i8042prt - ok
12:03:53.0476 1648 [ 5cd5f9a5444e6cdcb0ac89bd62d8b76e ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:03:53.0482 1648 iaStorV - ok
12:03:53.0560 1648 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:03:53.0563 1648 IDriverT - ok
12:03:53.0673 1648 [ c521d7eb6497bb1af6afa89e322fb43c ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:03:53.0698 1648 idsvc - ok
12:03:53.0736 1648 [ 4173ff5708f3236cf25195fecd742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:03:53.0738 1648 iirsp - ok
12:03:53.0798 1648 [ f95622f161474511b8d80d6b093aa610 ] IKEEXT C:\Windows\System32\ikeext.dll
12:03:53.0820 1648 IKEEXT - ok
12:03:53.0883 1648 [ 9d64201c9e5ac8d1f088762ba00ff3ab ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys
12:03:53.0888 1648 int15 - ok
12:03:53.0985 1648 [ 2bd6633db50a98534aa3262e0f9f5a14 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:03:54.0036 1648 IntcAzAudAddService - ok
12:03:54.0065 1648 [ a0f12f2c9ba6c72f3987ce780e77c130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:03:54.0066 1648 intelide - ok
12:03:54.0103 1648 [ 3b514d27bfc4accb4037bc6685f766e0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:03:54.0105 1648 intelppm - ok
12:03:54.0149 1648 [ acb364b9075a45c0736e5c47be5cae19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:03:54.0153 1648 IPBusEnum - ok
12:03:54.0187 1648 [ 709d1761d3b19a932ff0238ea6d50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:03:54.0189 1648 IpFilterDriver - ok
12:03:54.0234 1648 [ 4bd7134618c1d2a27466a099062547bf ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:03:54.0237 1648 IPMIDRV - ok
12:03:54.0280 1648 [ a5fa468d67abcdaa36264e463a7bb0cd ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:03:54.0283 1648 IPNAT - ok
12:03:54.0364 1648 [ 57edb35ea2feca88f8b17c0c095c9a56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:03:54.0389 1648 iPod Service - ok
12:03:54.0431 1648 [ 42996cff20a3084a56017b7902307e9f ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:03:54.0432 1648 IRENUM - ok
12:03:54.0455 1648 [ 1f32bb6b38f62f7df1a7ab7292638a35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:03:54.0456 1648 isapnp - ok
12:03:54.0497 1648 [ cb7a9abb12b8415bce5d74994c7ba3ae ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:03:54.0501 1648 iScsiPrt - ok
12:03:54.0526 1648 [ adef52ca1aeae82b50df86b56413107e ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:03:54.0527 1648 kbdclass - ok
12:03:54.0540 1648 [ 9e3ced91863e6ee98c24794d05e27a71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:03:54.0541 1648 kbdhid - ok
12:03:54.0575 1648 [ 81951f51e318aecc2d68559e47485cc4 ] KeyIso C:\Windows\system32\lsass.exe
12:03:54.0577 1648 KeyIso - ok
12:03:54.0659 1648 [ b7895b4182c0d16f6efadeb8081e8d36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:03:54.0661 1648 KSecDD - ok
12:03:54.0691 1648 [ d30159ac9237519fbc62c6ec247d2d46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:03:54.0694 1648 KSecPkg - ok
12:03:54.0749 1648 [ 89a7b9cc98d0d80c6f31b91c0a310fcd ] KtmRm C:\Windows\system32\msdtckrm.dll
12:03:54.0756 1648 KtmRm - ok
12:03:54.0822 1648 [ d64af876d53eca3668bb97b51b4e70ab ] LanmanServer C:\Windows\System32\srvsvc.dll
12:03:54.0832 1648 LanmanServer - ok
12:03:54.0881 1648 [ 58405e4f68ba8e4057c6e914f326aba2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:03:54.0904 1648 LanmanWorkstation - ok
12:03:54.0967 1648 [ b7c19ec8b0dd7efa58ad41ffeb8b8cda ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys
12:03:54.0969 1648 Lbd - ok
12:03:55.0028 1648 [ 027d03d9d8ab95194a115a999e960ac0 ] LexBceS C:\Windows\System32\LEXBCES.EXE
12:03:55.0062 1648 LexBceS - ok
12:03:55.0109 1648 [ 34d6730e198a5b0fce0790a6b4769ef2 ] libusb0 C:\Windows\system32\drivers\libusb0.sys
12:03:55.0111 1648 libusb0 - ok
12:03:55.0162 1648 [ 793ff718477345cd5d232c50bed1e452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:03:55.0164 1648 LightScribeService - ok
12:03:55.0208 1648 [ f7611ec07349979da9b0ae1f18ccc7a6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:03:55.0210 1648 lltdio - ok
12:03:55.0258 1648 [ 5700673e13a2117fa3b9020c852c01e2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:03:55.0263 1648 lltdsvc - ok
12:03:55.0299 1648 [ 55ca01ba19d0006c8f2639b6c045e08b ] lmhosts C:\Windows\System32\lmhsvc.dll
12:03:55.0301 1648 lmhosts - ok
12:03:55.0356 1648 [ eb119a53ccf2acc000ac71b065b78fef ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:03:55.0358 1648 LSI_FC - ok
12:03:55.0373 1648 [ 8ade1c877256a22e49b75d1cc9161f9c ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:03:55.0376 1648 LSI_SAS - ok
12:03:55.0394 1648 [ dc9dc3d3daa0e276fd2ec262e38b11e9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:03:55.0396 1648 LSI_SAS2 - ok
12:03:55.0434 1648 [ 0a036c7d7cab643a7f07135ac47e0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:03:55.0436 1648 LSI_SCSI - ok
12:03:55.0462 1648 [ 6703e366cc18d3b6e534f5cf7df39cee ] luafv C:\Windows\system32\drivers\luafv.sys
12:03:55.0465 1648 luafv - ok
12:03:55.0496 1648 lxbk_device - ok
12:03:55.0535 1648 [ b309912717c29fc67e1ba4730a82b6dd ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
12:03:55.0537 1648 MBAMSwissArmy - ok
12:03:55.0582 1648 [ 8fd868e32459ece2a1bb0169f513d31e ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
12:03:55.0585 1648 mcdbus - ok
12:03:55.0634 1648 [ bfb9ee8ee977efe85d1a3105abef6dd1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:03:55.0637 1648 Mcx2Svc - ok
12:03:55.0703 1648 [ 0fff5b045293002ab38eb1fd1fc2fb74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:03:55.0705 1648 megasas - ok
12:03:55.0730 1648 [ dcbab2920c75f390caf1d29f675d03d6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:03:55.0735 1648 MegaSR - ok
12:03:55.0835 1648 Microsoft SharePoint Workspace Audit Service - ok
12:03:55.0876 1648 [ 146b6f43a673379a3c670e86d89be5ea ] MMCSS C:\Windows\system32\mmcss.dll
12:03:55.0879 1648 MMCSS - ok
12:03:55.0900 1648 [ f001861e5700ee84e2d4e52c712f4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:03:55.0902 1648 Modem - ok
12:03:55.0952 1648 [ 25483f9d590d5f00bd951e1181453ec2 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
12:03:55.0953 1648 MODEMCSA - ok
12:03:56.0016 1648 [ 79d10964de86b292320e9dfe02282a23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:03:56.0017 1648 monitor - ok
12:03:56.0035 1648 [ fb18cc1d4c2e716b6b903b0ac0cc0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
12:03:56.0037 1648 mouclass - ok
12:03:56.0064 1648 [ 2c388d2cd01c9042596cf3c8f3c7b24d ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:03:56.0066 1648 mouhid - ok
12:03:56.0103 1648 [ fc8771f45ecccfd89684e38842539b9b ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:03:56.0105 1648 mountmgr - ok
12:03:56.0221 1648 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:03:56.0225 1648 MozillaMaintenance - ok
12:03:56.0260 1648 [ 2d699fb6e89ce0d8da14ecc03b3edfe0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:03:56.0263 1648 mpio - ok
12:03:56.0298 1648 [ ad2723a7b53dd1aacae6ad8c0bfbf4d0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:03:56.0300 1648 mpsdrv - ok
12:03:56.0360 1648 [ ceb46ab7c01c9f825f8cc6babc18166a ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:03:56.0363 1648 MRxDAV - ok
12:03:56.0405 1648 [ 5d16c921e3671636c0eba3bbaac5fd25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:03:56.0408 1648 mrxsmb - ok
12:03:56.0438 1648 [ 6d17a4791aca19328c685d256349fefc ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:03:56.0443 1648 mrxsmb10 - ok
12:03:56.0457 1648 [ b81f204d146000be76651a50670a5e9e ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:03:56.0460 1648 mrxsmb20 - ok
12:03:56.0484 1648 [ 012c5f4e9349e711e11e0f19a8589f0a ] msahci C:\Windows\system32\drivers\msahci.sys
12:03:56.0485 1648 msahci - ok
12:03:56.0532 1648 [ 55055f8ad8be27a64c831322a780a228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:03:56.0535 1648 msdsm - ok
12:03:56.0552 1648 [ e1bce74a3bd9902b72599c0192a07e27 ] MSDTC C:\Windows\System32\msdtc.exe
12:03:56.0556 1648 MSDTC - ok
12:03:56.0609 1648 [ daefb28e3af5a76abcc2c3078c07327f ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:03:56.0611 1648 Msfs - ok
12:03:56.0658 1648 [ 3e1e5767043c5af9367f0056295e9f84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:03:56.0659 1648 mshidkmdf - ok
12:03:56.0680 1648 [ 0a4e5757ae09fa9622e3158cc1aef114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:03:56.0681 1648 msisadrv - ok
12:03:56.0736 1648 [ 90f7d9e6b6f27e1a707d4a297f077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:03:56.0740 1648 MSiSCSI - ok
12:03:56.0791 1648 msiserver - ok
12:03:56.0824 1648 [ 8c0860d6366aaffb6c5bb9df9448e631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:03:56.0826 1648 MSKSSRV - ok
12:03:56.0852 1648 [ 3ea8b949f963562cedbb549eac0c11ce ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:03:56.0854 1648 MSPCLOCK - ok
12:03:56.0874 1648 [ f456e973590d663b1073e9c463b40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:03:56.0875 1648 MSPQM - ok
12:03:56.0900 1648 [ 0e008fc4819d238c51d7c93e7b41e560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:03:56.0904 1648 MsRPC - ok
12:03:56.0936 1648 [ fc6b9ff600cc585ea38b12589bd4e246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:03:56.0938 1648 mssmbios - ok
12:03:56.0951 1648 [ b42c6b921f61a6e55159b8be6cd54a36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:03:56.0952 1648 MSTEE - ok
12:03:56.0986 1648 [ 33599130f44e1f34631cea241de8ac84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:03:56.0988 1648 MTConfig - ok
12:03:57.0029 1648 [ 159fad02f64e6381758c990f753bcc80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:03:57.0031 1648 Mup - ok
12:03:57.0078 1648 [ 61d57a5d7c6d9afe10e77dae6e1b445e ] napagent C:\Windows\system32\qagentRT.dll
12:03:57.0085 1648 napagent - ok
12:03:57.0128 1648 [ 26384429fcd85d83746f63e798ab1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:03:57.0133 1648 NativeWifiP - ok
12:03:57.0215 1648 [ e4534bccdd1ea7a7a256bb9d6688a5fc ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
12:03:57.0223 1648 NAUpdate - ok
12:03:57.0281 1648 [ e7c54812a2aaf43316eb6930c1ffa108 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:03:57.0293 1648 NDIS - ok
12:03:57.0310 1648 [ 0e1787aa6c9191d3d319e8bafe86f80c ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:03:57.0312 1648 NdisCap - ok
12:03:57.0348 1648 [ e4a8aec125a2e43a9e32afeea7c9c888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:03:57.0349 1648 NdisTapi - ok
12:03:57.0407 1648 [ d8a65dafb3eb41cbb622745676fcd072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:03:57.0409 1648 Ndisuio - ok
12:03:57.0468 1648 [ 38fbe267e7e6983311179230facb1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:03:57.0471 1648 NdisWan - ok
12:03:57.0505 1648 [ a4bdc541e69674fbff1a8ff00be913f2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:03:57.0507 1648 NDProxy - ok
12:03:57.0599 1648 [ a081cb6fb9a12668f233eb5414be3a0e ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:03:57.0601 1648 Net Driver HPZ12 - ok
12:03:57.0634 1648 [ 80b275b1ce3b0e79909db7b39af74d51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:03:57.0636 1648 NetBIOS - ok
12:03:57.0660 1648 [ 280122ddcf04b378edd1ad54d71c1e54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:03:57.0664 1648 NetBT - ok
12:03:57.0672 1648 [ 81951f51e318aecc2d68559e47485cc4 ] Netlogon C:\Windows\system32\lsass.exe
12:03:57.0673 1648 Netlogon - ok
12:03:57.0714 1648 [ 7cccfca7510684768da22092d1fa4db2 ] Netman C:\Windows\System32\netman.dll
12:03:57.0720 1648 Netman - ok
12:03:57.0737 1648 [ 8c338238c16777a802d6a9211eb2ba50 ] netprofm C:\Windows\System32\netprofm.dll
12:03:57.0745 1648 netprofm - ok
12:03:57.0819 1648 [ f476ec40033cdb91efbe73eb99b8362d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:03:57.0822 1648 NetTcpPortSharing - ok
12:03:57.0878 1648 [ 1d85c4b390b0ee09c7a46b91efb2c097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:03:57.0880 1648 nfrd960 - ok
12:03:57.0922 1648 [ 912084381d30d8b89ec4e293053f4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:03:57.0927 1648 NlaSvc - ok
12:03:57.0973 1648 [ b48dc6abcd3aeff8618350ccbdc6b09a ] NPF C:\Windows\system32\drivers\npf.sys
12:03:57.0975 1648 NPF - ok
12:03:57.0995 1648 [ 1db262a9f8c087e8153d89bef3d2235f ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:03:57.0997 1648 Npfs - ok
12:03:58.0074 1648 [ ba387e955e890c8a88306d9b8d06bf17 ] nsi C:\Windows\system32\nsisvc.dll
12:03:58.0076 1648 nsi - ok
12:03:58.0111 1648 [ e9a0a4d07e53d8fea2bb8387a3293c58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:03:58.0113 1648 nsiproxy - ok
12:03:58.0178 1648 [ 81189c3d7763838e55c397759d49007a ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:03:58.0204 1648 Ntfs - ok
12:03:58.0233 1648 [ 7f1c1f78d709c4a54cbb46ede7e0b48d ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
12:03:58.0234 1648 NTIDrvr - ok
12:03:58.0249 1648 [ f9756a98d69098dca8945d62858a812c ] Null C:\Windows\system32\drivers\Null.sys
12:03:58.0250 1648 Null - ok
12:03:58.0284 1648 [ b3e25ee28883877076e0e1ff877d02e0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:03:58.0287 1648 nvraid - ok
12:03:58.0308 1648 [ 4380e59a170d88c4f1022eff6719a8a4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:03:58.0311 1648 nvstor - ok
12:03:58.0333 1648 [ 5a0983915f02bae73267cc2a041f717d ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:03:58.0336 1648 nv_agp - ok
12:03:58.0374 1648 [ 08a70a1f2cdde9bb49b885cb817a66eb ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:03:58.0377 1648 ohci1394 - ok
12:03:58.0463 1648 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:03:58.0466 1648 ose - ok
12:03:58.0670 1648 [ 358a9cca612c68eb2f07ddad4ce1d8d7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:03:58.0786 1648 osppsvc - ok
12:03:58.0837 1648 [ 82a8521ddc60710c3d3d3e7325209bec ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:03:58.0843 1648 p2pimsvc - ok
12:03:58.0903 1648 [ 59c3ddd501e39e006dac31bf55150d91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:03:58.0910 1648 p2psvc - ok
12:03:58.0953 1648 [ 2ea877ed5dd9713c5ac74e8ea7348d14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:03:58.0956 1648 Parport - ok
12:03:59.0009 1648 [ 3f34a1b4c5f6475f320c275e63afce9b ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:03:59.0011 1648 partmgr - ok
12:03:59.0036 1648 [ eb0a59f29c19b86479d36b35983daadc ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:03:59.0037 1648 Parvdm - ok
12:03:59.0095 1648 [ 358ab7956d3160000726574083dfc8a6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:03:59.0100 1648 PcaSvc - ok
12:03:59.0136 1648 [ 673e55c3498eb970088e812ea820aa8f ] pci C:\Windows\system32\drivers\pci.sys
12:03:59.0140 1648 pci - ok
12:03:59.0199 1648 [ afe86f419014db4e5593f69ffe26ce0a ] pciide C:\Windows\system32\drivers\pciide.sys
12:03:59.0200 1648 pciide - ok
12:03:59.0239 1648 [ f396431b31693e71e8a80687ef523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:03:59.0243 1648 pcmcia - ok
12:03:59.0270 1648 [ 250f6b43d2b613172035c6747aeeb19f ] pcw C:\Windows\system32\drivers\pcw.sys
12:03:59.0272 1648 pcw - ok
12:03:59.0294 1648 [ 9e0104ba49f4e6973749a02bf41344ed ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:03:59.0303 1648 PEAUTH - ok
12:03:59.0456 1648 [ 414bba67a3ded1d28437eb66aeb8a720 ] pla C:\Windows\system32\pla.dll
12:03:59.0491 1648 pla - ok
12:03:59.0543 1648 [ ec7bc28d207da09e79b3e9faf8b232ca ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:03:59.0551 1648 PlugPlay - ok
12:03:59.0623 1648 [ 65bc271f337637731d3c71455ae1f476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:03:59.0626 1648 Pml Driver HPZ12 - ok
12:03:59.0670 1648 [ a9d6b1e7ef097c7f3b5dc4f56c0e7386 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
12:03:59.0674 1648 PnkBstrA - ok
12:03:59.0708 1648 [ 63ff8572611249931eb16bb8eed6afc8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:03:59.0711 1648 PNRPAutoReg - ok
12:03:59.0744 1648 [ 82a8521ddc60710c3d3d3e7325209bec ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:03:59.0748 1648 PNRPsvc - ok
12:03:59.0806 1648 [ 53946b69ba0836bd95b03759530c81ec ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:03:59.0813 1648 PolicyAgent - ok
12:03:59.0876 1648 [ f87d30e72e03d579a5199ccb3831d6ea ] Power C:\Windows\system32\umpo.dll
12:03:59.0880 1648 Power - ok
12:03:59.0920 1648 [ 631e3e205ad6d86f2aed6a4a8e69f2db ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:03:59.0923 1648 PptpMiniport - ok
12:03:59.0957 1648 [ 85b1e3a0c7585bc4aae6899ec6fcf011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:03:59.0959 1648 Processor - ok
12:04:00.0022 1648 [ cadefac453040e370a1bdff3973be00d ] ProfSvc C:\Windows\system32\profsvc.dll
12:04:00.0027 1648 ProfSvc - ok
12:04:00.0039 1648 [ 81951f51e318aecc2d68559e47485cc4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:04:00.0041 1648 ProtectedStorage - ok
12:04:00.0055 1648 [ 6270ccae2a86de6d146529fe55b3246a ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:04:00.0058 1648 Psched - ok
12:04:00.0084 1648 [ c2821f33b846a52fdc25ff554acf11f2 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
12:04:00.0086 1648 PSDFilter - ok
12:04:00.0107 1648 [ 28d3a91fe7791b970e6b15c88f98dfbd ] PSDNServ C:\Windows\system32\drivers\PSDNServ.sys
12:04:00.0143 1648 PSDNServ - ok
12:04:00.0182 1648 [ 3a66f69459052de13ef8a0f77d728a73 ] psdvdisk C:\Windows\system32\drivers\psdvdisk.sys
12:04:00.0184 1648 psdvdisk - ok
12:04:00.0246 1648 [ ab95ecf1f6659a60ddc166d8315b0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:04:00.0280 1648 ql2300 - ok
12:04:00.0323 1648 [ b4dd51dd25182244b86737dc51af2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:04:00.0326 1648 ql40xx - ok
12:04:00.0390 1648 [ 31ac809e7707eb580b2bdb760390765a ] QWAVE C:\Windows\system32\qwave.dll
12:04:00.0396 1648 QWAVE - ok
12:04:00.0415 1648 [ 584078ca1b95ca72df2a27c336f9719d ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:04:00.0417 1648 QWAVEdrv - ok
12:04:00.0467 1648 [ 30a81b53c766d0133bb86d234e5556ab ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:04:00.0468 1648 RasAcd - ok
12:04:00.0533 1648 [ 57ec4aef73660166074d8f7f31c0d4fd ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:04:00.0536 1648 RasAgileVpn - ok
12:04:00.0601 1648 [ a60f1839849c0c00739787fd5ec03f13 ] RasAuto C:\Windows\System32\rasauto.dll
12:04:00.0605 1648 RasAuto - ok
12:04:00.0630 1648 [ d9f91eafec2815365cbe6d167e4e332a ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:04:00.0636 1648 Rasl2tp - ok
12:04:00.0699 1648 [ cb9e04dc05eacf5b9a36ca276d475006 ] RasMan C:\Windows\System32\rasmans.dll
12:04:00.0707 1648 RasMan - ok
12:04:00.0726 1648 [ 0fe8b15916307a6ac12bfb6a63e45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:04:00.0728 1648 RasPppoe - ok
12:04:00.0756 1648 [ 44101f495a83ea6401d886e7fd70096b ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:04:00.0758 1648 RasSstp - ok
12:04:00.0797 1648 [ d528bc58a489409ba40334ebf96a311b ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:04:00.0802 1648 rdbss - ok
12:04:00.0822 1648 [ 0d8f05481cb76e70e1da06ee9f0da9df ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:04:00.0823 1648 rdpbus - ok
12:04:00.0861 1648 [ 23dae03f29d253ae74c44f99e515f9a1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:04:00.0862 1648 RDPCDD - ok
12:04:00.0885 1648 [ 5a53ca1598dd4156d44196d200c94b8a ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:04:00.0887 1648 RDPENCDD - ok
12:04:00.0954 1648 [ 44b0a53cd4f27d50ed461dae0c0b4e1f ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:04:00.0955 1648 RDPREFMP - ok
12:04:00.0998 1648 [ f031683e6d1fea157abb2ff260b51e61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:04:01.0002 1648 RDPWD - ok
12:04:01.0063 1648 [ 518395321dc96fe2c9f0e96ac743b656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:04:01.0067 1648 rdyboost - ok
12:04:01.0126 1648 [ 7b5e1419717fac363a31cc302895217a ] RemoteAccess C:\Windows\System32\mprdim.dll
12:04:01.0129 1648 RemoteAccess - ok
12:04:01.0191 1648 [ cb9a8683f4ef2bf99e123d79950d7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:04:01.0196 1648 RemoteRegistry - ok
12:04:01.0261 1648 [ a76cddb6d1f25797843e2557a2118e2e ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
12:04:01.0265 1648 RichVideo - ok
12:04:01.0326 1648 [ b60f58f175de20a6739194e85b035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
12:04:01.0329 1648 rpcapd - ok
12:04:01.0368 1648 [ 78d072f35bc45d9e4e1b61895c152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:04:01.0371 1648 RpcEptMapper - ok
12:04:01.0425 1648 [ 94d36c0e44677dd26981d2bfeef2a29d ] RpcLocator C:\Windows\system32\locator.exe
12:04:01.0427 1648 RpcLocator - ok
12:04:01.0470 1648 [ 7660f01d3b38aca1747e397d21d790af ] RpcSs C:\Windows\system32\rpcss.dll
12:04:01.0475 1648 RpcSs - ok
12:04:01.0523 1648 [ 032b0d36ad92b582d869879f5af5b928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:04:01.0526 1648 rspndr - ok
12:04:01.0552 1648 [ c5008a19f63439aef8ceedb0263dc592 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
12:04:01.0558 1648 RTHDMIAzAudService - ok
12:04:01.0580 1648 [ 81951f51e318aecc2d68559e47485cc4 ] SamSs C:\Windows\system32\lsass.exe
12:04:01.0582 1648 SamSs - ok
12:04:01.0638 1648 [ 05d860da1040f111503ac416ccef2bca ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:04:01.0641 1648 sbp2port - ok
12:04:01.0687 1648 [ 8fc518ffe9519c2631d37515a68009c4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:04:01.0692 1648 SCardSvr - ok
12:04:01.0724 1648 [ 0693b5ec673e34dc147e195779a4dcf6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:04:01.0725 1648 scfilter - ok
12:04:01.0780 1648 [ a04bb13f8a72f8b6e8b4071723e4e336 ] Schedule C:\Windows\system32\schedsvc.dll
12:04:01.0806 1648 Schedule - ok
12:04:01.0849 1648 [ 319c6b309773d063541d01df8ac6f55f ] SCPolicySvc C:\Windows\System32\certprop.dll
12:04:01.0850 1648 SCPolicySvc - ok
12:04:01.0865 1648 [ 08236c4bce5edd0a0318a438af28e0f7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:04:01.0870 1648 SDRSVC - ok
12:04:01.0929 1648 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:04:01.0941 1648 secdrv - ok
12:04:01.0998 1648 [ a59b3a4442c52060cc7a85293aa3546f ] seclogon C:\Windows\system32\seclogon.dll
12:04:02.0002 1648 seclogon - ok
12:04:02.0015 1648 [ dcb7fcdcc97f87360f75d77425b81737 ] SENS C:\Windows\system32\sens.dll
12:04:02.0019 1648 SENS - ok
12:04:02.0094 1648 [ 50087fe1ee447009c9cc2997b90de53f ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:04:02.0097 1648 SensrSvc - ok
12:04:02.0104 1648 [ 9ad8b8b515e3df6acd4212ef465de2d1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:04:02.0105 1648 Serenum - ok
12:04:02.0126 1648 [ 5fb7fcea0490d821f26f39cc5ea3d1e2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:04:02.0128 1648 Serial - ok
12:04:02.0152 1648 [ 79bffb520327ff916a582dfea17aa813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:04:02.0153 1648 sermouse - ok
12:04:02.0226 1648 [ 4ae380f39a0032eab7dd953030b26d28 ] SessionEnv C:\Windows\system32\sessenv.dll
12:04:02.0231 1648 SessionEnv - ok
12:04:02.0284 1648 [ 9f976e1eb233df46fce808d9dea3eb9c ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:04:02.0286 1648 sffdisk - ok
12:04:02.0323 1648 [ 932a68ee27833cfd57c1639d375f2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:04:02.0325 1648 sffp_mmc - ok
12:04:02.0351 1648 [ 6d4ccaedc018f1cf52866bbbaa235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:04:02.0353 1648 sffp_sd - ok
12:04:02.0396 1648 [ db96666cc8312ebc45032f30b007a547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:04:02.0409 1648 sfloppy - ok
12:04:02.0471 1648 [ 414da952a35bf5d50192e28263b40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:04:02.0479 1648 ShellHWDetection - ok
12:04:02.0501 1648 [ 2565cac0dc9fe0371bdce60832582b2e ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:04:02.0507 1648 sisagp - ok
12:04:02.0548 1648 [ a9f0486851becb6dda1d89d381e71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:04:02.0553 1648 SiSRaid2 - ok
12:04:02.0596 1648 [ 3727097b55738e2f554972c3be5bc1aa ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:04:02.0598 1648 SiSRaid4 - ok
12:04:02.0623 1648 [ 3e21c083b8a01cb70ba1f09303010fce ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:04:02.0626 1648 Smb - ok
12:04:02.0674 1648 [ 2a0bde6dd58ac2935a80f984b3af0b0e ] smhwdev C:\Windows\system32\DRIVERS\smhwdev.sys
12:04:02.0677 1648 smhwdev - ok
12:04:02.0708 1648 [ 54b5dd15eef72aee8d1c765ab2235610 ] smhwser C:\Windows\system32\DRIVERS\smhwser.sys
12:04:02.0711 1648 smhwser - ok
12:04:02.0787 1648 [ 859e3adc59d1c89a66aa6492c14d379e ] smserial C:\Windows\system32\DRIVERS\smserial.sys
12:04:02.0822 1648 smserial - ok
12:04:02.0911 1648 [ 6a984831644eca1a33ffeae4126f4f37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:04:02.0914 1648 SNMPTRAP - ok
12:04:02.0951 1648 [ 95cf1ae7527fb70f7816563cbc09d942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:04:02.0953 1648 spldr - ok
12:04:02.0989 1648 [ 866a43013535dc8587c258e43579c764 ] Spooler C:\Windows\System32\spoolsv.exe
12:04:02.0998 1648 Spooler - ok
12:04:03.0146 1648 [ cf87a1de791347e75b98885214ced2b8 ] sppsvc C:\Windows\system32\sppsvc.exe
12:04:03.0224 1648 sppsvc - ok
12:04:03.0270 1648 [ b0180b20b065d89232a78a40fe56eaa6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:04:03.0274 1648 sppuinotify - ok
12:04:03.0322 1648 [ e4c2764065d66ea1d2d3ebc28fe99c46 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:04:03.0327 1648 srv - ok
12:04:03.0357 1648 [ 03f0545bd8d4c77fa0ae1ceedfcc71ab ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:04:03.0363 1648 srv2 - ok
12:04:03.0379 1648 [ be6bd660caa6f291ae06a718a4fa8abc ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:04:03.0382 1648 srvnet - ok
12:04:03.0447 1648 [ d887c9fd02ac9fa880f6e5027a43e118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:04:03.0453 1648 SSDPSRV - ok
12:04:03.0467 1648 [ d318f23be45d5e3a107469eb64815b50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:04:03.0472 1648 SstpSvc - ok
12:04:03.0488 1648 Steam Client Service - ok
12:04:03.0554 1648 [ db32d325c192b801df274bfd12a7e72b ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:04:03.0556 1648 stexstor - ok
12:04:03.0626 1648 [ e1fb3706030fb4578a0d72c2fc3689e4 ] StiSvc C:\Windows\System32\wiaservc.dll
12:04:03.0648 1648 StiSvc - ok
12:04:03.0678 1648 [ e58c78a848add9610a4db6d214af5224 ] swenum C:\Windows\system32\drivers\swenum.sys
12:04:03.0689 1648 swenum - ok
12:04:03.0738 1648 [ a28bd92df340e57b024ba433165d34d7 ] swprv C:\Windows\System32\swprv.dll
12:04:03.0757 1648 swprv - ok
12:04:03.0831 1648 [ 36650d618ca34c9d357dfd3d89b2c56f ] SysMain C:\Windows\system32\sysmain.dll
12:04:03.0866 1648 SysMain - ok
12:04:03.0902 1648 [ 763fecdc3d30c815fe72dd57936c6cd1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:04:03.0906 1648 TabletInputService - ok
12:04:03.0950 1648 [ 613bf4820361543956909043a265c6ac ] TapiSrv C:\Windows\System32\tapisrv.dll
12:04:03.0957 1648 TapiSrv - ok
12:04:04.0010 1648 [ b799d9fdb26111737f58288d8dc172d9 ] TBS C:\Windows\System32\tbssvc.dll
12:04:04.0014 1648 TBS - ok
12:04:04.0102 1648 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:04:04.0137 1648 Tcpip - ok
12:04:04.0178 1648 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:04:04.0187 1648 TCPIP6 - ok
12:04:04.0226 1648 [ cca24162e055c3714ce5a88b100c64ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:04:04.0228 1648 tcpipreg - ok
12:04:04.0288 1648 [ 1cb91b2bd8f6dd367dfc2ef26fd751b2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:04:04.0290 1648 TDPIPE - ok
12:04:04.0333 1648 [ 2c2c5afe7ee4f620d69c23c0617651a8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:04:04.0334 1648 TDTCP - ok
12:04:04.0362 1648 [ b459575348c20e8121d6039da063c704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:04:04.0364 1648 tdx - ok
12:04:04.0511 1648 [ c314391535b8bba4238c13d663b07f83 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
12:04:04.0563 1648 TeamViewer6 - ok
12:04:04.0723 1648 [ a4d2ce94b028ef1e437cf4ac3d8ff26c ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
12:04:04.0800 1648 TeamViewer7 - ok
12:04:04.0816 1648 [ 04dbf4b01ea4bf25a9a3e84affac9b20 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:04:04.0818 1648 TermDD - ok
12:04:04.0873 1648 [ 382c804c92811be57829d8e550a900e2 ] TermService C:\Windows\System32\termsrv.dll
12:04:04.0883 1648 TermService - ok
12:04:04.0919 1648 [ 42fb6afd6b79d9fe07381609172e7ca4 ] Themes C:\Windows\system32\themeservice.dll
12:04:04.0923 1648 Themes - ok
12:04:04.0962 1648 [ 146b6f43a673379a3c670e86d89be5ea ] THREADORDER C:\Windows\system32\mmcss.dll
12:04:04.0964 1648 THREADORDER - ok
12:04:05.0005 1648 [ 4792c0378db99a9bc2ae2de6cfff0c3a ] TrkWks C:\Windows\System32\trkwks.dll
12:04:05.0010 1648 TrkWks - ok
12:04:05.0077 1648 [ 2c49b175aee1d4364b91b531417fe583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:04:05.0095 1648 TrustedInstaller - ok
12:04:05.0140 1648 [ 254bb140eee3c59d6114c1a86b636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:04:05.0142 1648 tssecsrv - ok
12:04:05.0186 1648 [ fd1d6c73e6333be727cbcc6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:04:05.0188 1648 TsUsbFlt - ok
12:04:05.0223 1648 [ b2fa25d9b17a68bb93d58b0556e8c90d ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:04:05.0226 1648 tunnel - ok
12:04:05.0288 1648 [ 750fbcb269f4d7dd2e420c56b795db6d ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:04:05.0291 1648 uagp35 - ok
12:04:05.0333 1648 [ ee43346c7e4b5e63e54f927babbb32ff ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:04:05.0338 1648 udfs - ok
12:04:05.0389 1648 [ 8344fd4fce927880aa1aa7681d4927e5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:04:05.0392 1648 UI0Detect - ok
12:04:05.0418 1648 [ 44e8048ace47befbfdc2e9be4cbc8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:04:05.0420 1648 uliagpkx - ok
12:04:05.0457 1648 [ d295bed4b898f0fd999fcfa9b32b071b ] umbus C:\Windows\system32\drivers\umbus.sys
12:04:05.0465 1648 umbus - ok
12:04:05.0488 1648 [ 7550ad0c6998ba1cb4843e920ee0feac ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:04:05.0489 1648 UmPass - ok
12:04:05.0550 1648 [ 833fbb672460efce8011d262175fad33 ] upnphost C:\Windows\System32\upnphost.dll
12:04:05.0557 1648 upnphost - ok
12:04:05.0594 1648 [ eafe1e00739afe6c51487a050e772e17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
12:04:05.0596 1648 USBAAPL - ok
12:04:05.0622 1648 [ bd9c55d7023c5de374507acc7a14e2ac ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:04:05.0624 1648 usbccgp - ok
12:04:05.0663 1648 [ 04ec7cec62ec3b6d9354eee93327fc82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:04:05.0666 1648 usbcir - ok
12:04:05.0688 1648 [ f92de757e4b7ce9c07c5e65423f3ae3b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:04:05.0690 1648 usbehci - ok
12:04:05.0733 1648 [ 8dc94aec6a7e644a06135ae7506dc2e9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:04:05.0738 1648 usbhub - ok
12:04:05.0749 1648 [ e185d44fac515a18d9deddc23c2cdf44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:04:05.0751 1648 usbohci - ok
12:04:05.0829 1648 [ 797d862fe0875e75c7cc4c1ad7b30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:04:05.0831 1648 usbprint - ok
12:04:05.0864 1648 [ f991ab9cc6b908db552166768176896a ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:04:05.0867 1648 USBSTOR - ok
12:04:05.0899 1648 [ 68df884cf41cdada664beb01daf67e3d ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:04:05.0908 1648 usbuhci - ok
12:04:05.0959 1648 [ 081e6e1c91aec36758902a9f727cd23c ] UxSms C:\Windows\System32\uxsms.dll
12:04:05.0962 1648 UxSms - ok
12:04:05.0986 1648 [ 81951f51e318aecc2d68559e47485cc4 ] VaultSvc C:\Windows\system32\lsass.exe
12:04:05.0988 1648 VaultSvc - ok
12:04:06.0030 1648 [ a059c4c3edb09e07d21a8e5c0aabd3cb ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:04:06.0032 1648 vdrvroot - ok
12:04:06.0103 1648 [ c3cd30495687c2a2f66a65ca6fd89be9 ] vds C:\Windows\System32\vds.exe
12:04:06.0112 1648 vds - ok
12:04:06.0155 1648 [ 17c408214ea61696cec9c66e388b14f3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:04:06.0157 1648 vga - ok
12:04:06.0216 1648 [ 8e38096ad5c8570a6f1570a61e251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:04:06.0217 1648 VgaSave - ok
12:04:06.0251 1648 [ 5461686cca2fda57b024547733ab42e3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:04:06.0255 1648 vhdmp - ok
12:04:06.0275 1648 [ c829317a37b4bea8f39735d4b076e923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:04:06.0278 1648 viaagp - ok
12:04:06.0304 1648 [ e02f079a6aa107f06b16549c6e5c7b74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:04:06.0307 1648 ViaC7 - ok
12:04:06.0332 1648 [ e43574f6a56a0ee11809b48c09e4fd3c ] viaide C:\Windows\system32\drivers\viaide.sys
12:04:06.0334 1648 viaide - ok
12:04:06.0361 1648 [ 4c63e00f2f4b5f86ab48a58cd990f212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:04:06.0364 1648 volmgr - ok
12:04:06.0386 1648 [ b5bb72067ddddbbfb04b2f89ff8c3c87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:04:06.0392 1648 volmgrx - ok
12:04:06.0410 1648 [ f497f67932c6fa693d7de2780631cfe7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:04:06.0415 1648 volsnap - ok
12:04:06.0431 1648 [ 9dfa0cc2f8855a04816729651175b631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:04:06.0435 1648 vsmraid - ok
12:04:06.0525 1648 [ 209a3b1901b83aeb8527ed211cce9e4c ] VSS C:\Windows\system32\vssvc.exe
12:04:06.0561 1648 VSS - ok
12:04:06.0578 1648 [ 90567b1e658001e79d7c8bbd3dde5aa6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:04:06.0579 1648 vwifibus - ok
12:04:06.0623 1648 [ 55187fd710e27d5095d10a472c8baf1c ] W32Time C:\Windows\system32\w32time.dll
12:04:06.0631 1648 W32Time - ok
12:04:06.0667 1648 [ de3721e89c653aa281428c8a69745d90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:04:06.0669 1648 WacomPen - ok
12:04:06.0699 1648 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:04:06.0702 1648 WANARP - ok
12:04:06.0711 1648 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:04:06.0712 1648 Wanarpv6 - ok
12:04:06.0818 1648 [ 353a04c273ec58475d8633e75ccd5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:04:06.0852 1648 WatAdminSvc - ok
12:04:06.0908 1648 [ 691e3285e53dca558e1a84667f13e15a ] wbengine C:\Windows\system32\wbengine.exe
12:04:06.0942 1648 wbengine - ok
12:04:06.0978 1648 [ 9614b5d29dc76ac3c29f6d2d3aa70e67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:04:06.0984 1648 WbioSrvc - ok
12:04:07.0028 1648 [ 34eee0dfaadb4f691d6d5308a51315dc ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:04:07.0035 1648 wcncsvc - ok
12:04:07.0066 1648 [ 5d930b6357a6d2af4d7653bdabbf352f ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:04:07.0070 1648 WcsPlugInService - ok
12:04:07.0117 1648 [ 1112a9badacb47b7c0bb0392e3158dff ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:04:07.0118 1648 Wd - ok
12:04:07.0148 1648 [ 9950e3d0f08141c7e89e64456ae7dc73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:04:07.0160 1648 Wdf01000 - ok
12:04:07.0208 1648 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:04:07.0212 1648 WdiServiceHost - ok
12:04:07.0218 1648 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:04:07.0221 1648 WdiSystemHost - ok
12:04:07.0288 1648 [ a9d880f97530d5b8fee278923349929d ] WebClient C:\Windows\System32\webclnt.dll
12:04:07.0296 1648 WebClient - ok
12:04:07.0360 1648 [ 760f0afe937a77cff27153206534f275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:04:07.0366 1648 Wecsvc - ok
12:04:07.0429 1648 [ ac804569bb2364fb6017370258a4091b ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:04:07.0433 1648 wercplsupport - ok
12:04:07.0457 1648 [ 08e420d873e4fd85241ee2421b02c4a4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:04:07.0461 1648 WerSvc - ok
12:04:07.0499 1648 [ 8b9a943f3b53861f2bfaf6c186168f79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:04:07.0509 1648 WfpLwf - ok
12:04:07.0542 1648 [ 5cf95b35e59e2a38023836fff31be64c ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:04:07.0543 1648 WIMMount - ok
12:04:07.0601 1648 WinHttpAutoProxySvc - ok
12:04:07.0685 1648 [ f62e510b6ad4c21eb9fe8668ed251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:04:07.0692 1648 Winmgmt - ok
12:04:07.0762 1648 [ 1b91cd34ea3a90ab6a4ef0550174f4cc ] WinRM C:\Windows\system32\WsmSvc.dll
12:04:07.0804 1648 WinRM - ok
12:04:07.0861 1648 [ a67e5f9a400f3bd1be3d80613b45f708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:04:07.0863 1648 WinUsb - ok
12:04:07.0938 1648 [ 16935c98ff639d185086a3529b1f2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:04:07.0963 1648 Wlansvc - ok
12:04:08.0095 1648 [ fb01d4ae207b9efdbabfc55dc95c7e31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:04:08.0138 1648 wlidsvc - ok
12:04:08.0177 1648 [ 0217679b8fca58714c3bf2726d2ca84e ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:04:08.0178 1648 WmiAcpi - ok
12:04:08.0251 1648 [ 6eb6b66517b048d87dc1856ddf1f4c3f ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:04:08.0254 1648 wmiApSrv - ok
12:04:08.0329 1648 [ 3b40d3a61aa8c21b88ae57c58ab3122e ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:04:08.0356 1648 WMPNetworkSvc - ok
12:04:08.0398 1648 [ a2f0ec770a92f2b3f9de6d518e11409c ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:04:08.0402 1648 WPCSvc - ok
12:04:08.0448 1648 [ aa53356d60af47eacc85bc617a4f3f66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:04:08.0453 1648 WPDBusEnum - ok
12:04:08.0542 1648 WPFFontCache_v0400 - ok
12:04:08.0582 1648 [ 6db3276587b853bf886b69528fdb048c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:04:08.0583 1648 ws2ifsl - ok
12:04:08.0627 1648 [ 85ece26f326c2d07ba77a60343468272 ] WsAudioDevice_383 C:\Windows\system32\drivers\WsAudioDevice_383.sys
12:04:08.0629 1648 WsAudioDevice_383 - ok
12:04:08.0689 1648 [ 553f6ccd7c58eb98d4a8fbdaf283d7a9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
12:04:08.0690 1648 WSDPrintDevice - ok
12:04:08.0699 1648 WSearch - ok
12:04:08.0750 1648 [ e714a1c0354636837e20ccbf00888ee7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:04:08.0753 1648 WudfPf - ok
12:04:08.0820 1648 [ 1023ee888c9b47178c5293ed5336ab69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:04:08.0824 1648 WUDFRd - ok
12:04:08.0861 1648 [ 8d1e1e529a2c9e9b6a85b55a345f7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:04:08.0865 1648 wudfsvc - ok
12:04:08.0908 1648 [ ff2d745b560f7c71b31f30f4d49f73d2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:04:08.0918 1648 WwanSvc - ok
12:04:08.0990 1648 [ b07c5b7efdf936ff93d4f540938725be ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
12:04:08.0997 1648 yukonw7 - ok
12:04:09.0003 1648 ================ Scan global ===============================
12:04:09.0057 1648 (dab748ae0439955ed2fa22357533dddb) C:\Windows\system32\basesrv.dll
12:04:09.0087 1648 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
12:04:09.0112 1648 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
12:04:09.0150 1648 (364455805e64882844ee9acb72522830) C:\Windows\system32\sxssrv.dll
12:04:09.0191 1648 (a302bbff2a7278c0e239ee5d471d86a9) C:\Windows\system32\services.exe
12:04:09.0201 1648 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected
12:04:09.0201 1648 C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)
12:04:09.0202 1648 ================ Scan MBR ==================================
12:04:09.0247 1648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:04:09.0248 1648 Suspicious mbr (Forged): \Device\Harddisk0\DR0
12:04:09.0299 1648 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
12:04:09.0299 1648 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
12:04:09.0300 1648 ================ Scan VBR ==================================
12:04:09.0304 1648 Boot (0x1200) (df046ca81778008af97fe266474a5329) \Device\Harddisk0\DR0\Partition1
12:04:09.0306 1648 \Device\Harddisk0\DR0\Partition1 - ok
12:04:09.0328 1648 Boot (0x1200) (b79ed95fd643cf283e0b27caa8c1d0c7) \Device\Harddisk0\DR0\Partition2
12:04:09.0330 1648 \Device\Harddisk0\DR0\Partition2 - ok
12:04:09.0350 1648 ============================================================
12:04:09.0350 1648 Scan finished
12:04:09.0350 1648 ============================================================
12:04:09.0386 3472 Detected object count: 2
12:04:09.0386 3472 Actual detected object count: 2
12:04:46.0963 3472 C:\Windows\system32\services.exe - copied to quarantine
12:04:48.0998 3472 C:\Windows\assembly\GAC\desktop.ini - copied to quarantine
12:04:49.0728 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\@ - copied to quarantine
12:04:49.0740 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\L\00000004.@ - copied to quarantine
12:04:49.0741 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\L\201d3dde - copied to quarantine
12:04:49.0758 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\n - copied to quarantine
12:04:49.0759 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\U\00000004.@ - copied to quarantine
12:04:49.0762 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\U\00000008.@ - copied to quarantine
12:04:49.0763 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\U\000000cb.@ - copied to quarantine
12:04:49.0764 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\U\80000000.@ - copied to quarantine
12:04:49.0766 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\U\80000032.@ - copied to quarantine
12:05:13.0217 3472 Backup copy found, using it..
12:05:13.0428 3472 C:\Windows\$NtUninstallKB38064$\802142468 - will be deleted on reboot
12:05:13.0429 3472 C:\Windows\assembly\GAC\desktop.ini - will be deleted on reboot
12:05:13.0445 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\@ - will be deleted on reboot
12:05:13.0503 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\n - will be deleted on reboot
12:05:13.0503 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\U\00000004.@ - will be deleted on reboot
12:05:13.0504 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\U\00000008.@ - will be deleted on reboot
12:05:13.0504 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\U\000000cb.@ - will be deleted on reboot
12:05:13.0504 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\U\80000000.@ - will be deleted on reboot
12:05:13.0504 3472 C:\Windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\U\80000032.@ - will be deleted on reboot
12:05:13.0535 3472 C:\Windows\system32\services.exe - will be cured on reboot
12:05:13.0535 3472 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Cure
12:05:15.0658 3472 \Device\Harddisk0\DR0\# - copied to quarantine
12:05:15.0660 3472 \Device\Harddisk0\DR0 - copied to quarantine
12:05:15.0685 3472 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
12:05:15.0693 3472 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:05:15.0696 3472 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:05:15.0699 3472 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:05:15.0703 3472 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:05:15.0712 3472 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:05:15.0716 3472 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:05:15.0718 3472 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
12:05:15.0719 3472 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:05:15.0721 3472 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:05:15.0723 3472 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:05:15.0725 3472 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:05:15.0726 3472 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
12:05:15.0728 3472 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
12:05:15.0771 3472 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
12:05:15.0772 3472 \Device\Harddisk0\DR0 - ok
12:05:15.0936 3472 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
12:06:39.0850 3848 Deinitialize success









aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-18 12:14:37
-----------------------------
12:14:37.148 OS Version: Windows 6.1.7601 Service Pack 1
12:14:37.148 Number of processors: 2 586 0x6B01
12:14:37.148 ComputerName: CIRCUITCITY-PC UserName: Circuit City
12:14:56.024 Initialize success
12:14:57.584 AVAST engine defs: 12081301
12:15:12.061 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:15:12.061 Disk 0 Vendor: ST3320820AS 3.AAD Size: 305245MB BusType: 3
12:15:12.077 Disk 0 MBR read successfully
12:15:12.123 Disk 0 MBR scan
12:15:12.513 Disk 0 Windows 7 default MBR code
12:15:12.529 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9993 MB offset 63
12:15:13.059 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 147761 MB offset 20466810
12:15:13.262 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147487 MB offset 323083215
12:15:13.325 Disk 0 scanning sectors +625137345
12:15:13.621 Disk 0 scanning C:\Windows\system32\drivers
12:15:31.093 Service scanning
12:15:58.814 Modules scanning
12:16:32.118 Disk 0 trace - called modules:
12:16:32.140 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:16:32.201 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85861ac8]
12:16:32.210 3 CLASSPNP.SYS[885a959e] -> nt!IofCallDriver -> [0x85855898]
12:16:32.219 5 ACPI.sys[833b03d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85853030]
12:16:32.706 AVAST engine scan C:\Windows
12:16:36.063 AVAST engine scan C:\Windows\system32
12:19:55.718 AVAST engine scan C:\Windows\system32\drivers
12:20:07.650 AVAST engine scan C:\Users\Circuit City
12:20:09.140 File: C:\Users\Circuit City\AppData\Local\268fb23f\trz41DF.tmp **INFECTED** Win32:Sirefef-IB [Trj]
12:20:09.222 File: C:\Users\Circuit City\AppData\Local\268fb23f\U\00000001.@ **INFECTED** Win32:Sirefef-PF [Trj]
12:20:09.290 File: C:\Users\Circuit City\AppData\Local\268fb23f\U\000000c0.@ **INFECTED** Other:Malware-gen [Trj]
12:20:09.326 File: C:\Users\Circuit City\AppData\Local\268fb23f\U\000000cb.@ **INFECTED** Other:Malware-gen [Trj]
12:20:09.445 File: C:\Users\Circuit City\AppData\Local\268fb23f\U\80000000.@ **INFECTED** Win64:Sirefef-A [Trj]
12:20:09.507 File: C:\Users\Circuit City\AppData\Local\268fb23f\U\800000c0.@ **INFECTED** Win32:Sirefef-PL [Rtk]
12:20:09.587 File: C:\Users\Circuit City\AppData\Local\268fb23f\U\800000cb.@ **INFECTED** Win32:Sirefef-AO [Rtk]
12:20:09.659 File: C:\Users\Circuit City\AppData\Local\268fb23f\U\800000cf.@ **INFECTED** Win32:Sirefef-PF [Trj]
12:20:09.751 File: C:\Users\Circuit City\AppData\Local\268fb23f\U\trz57E3.tmp **INFECTED** Win64:Sirefef-A [Trj]
12:20:09.858 File: C:\Users\Circuit City\AppData\Local\268fb23f\U\trz8D93.tmp **INFECTED** Win32:Sirefef-AO [Rtk]
12:20:09.934 File: C:\Users\Circuit City\AppData\Local\268fb23f\U\trz8DD3.tmp **INFECTED** Win32:Sirefef-PF [Trj]
12:25:52.770 File: C:\Users\Circuit City\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\3f45ff54-5fbe6e32 **INFECTED** Win32:MalOb-IA [Cryp]
12:56:09.397 File: C:\Users\Circuit City\Downloads\Programs\XvidSetup.exe **INFECTED** Win32:HotBar-BL [Adw]
12:58:45.243 AVAST engine scan C:\ProgramData
13:11:38.617 Scan finished successfully
14:00:04.334 Disk 0 MBR has been saved successfully to "C:\Users\Circuit City\Desktop\MBR.dat"
14:00:04.345 The log file has been saved successfully to "C:\Users\Circuit City\Desktop\aswMBR.txt"

Edited by guitarman77, 18 August 2012 - 04:05 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 AM

Posted 18 August 2012 - 04:26 PM

try and run combofix now please
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 guitarman77

guitarman77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 18 August 2012 - 04:43 PM

I ran combo fix then it restarted my pc but it tried booting up regular and still black screen with cursor. So I had to restart and boot it in safe mode. Should I run combox fix again and if it restarts boot it to safe mode ?

Edited by guitarman77, 18 August 2012 - 04:50 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 AM

Posted 18 August 2012 - 04:57 PM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 guitarman77

guitarman77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 18 August 2012 - 05:06 PM

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User: Circuit City [Admin rights]
Mode: Scan -- Date: 08/18/2012 15:05:35

Bad processes: 0

Registry Entries: 9
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (200.53.119.154:8080) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{C2679871-9BB6-4CB7-BE1B-E5E96CF5905B} : NameServer (209.18.47.62,68.94.156.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{C2679871-9BB6-4CB7-BE1B-E5E96CF5905B} : NameServer (209.18.47.62,68.94.156.1) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:
[ZeroAccess][FOLDER] U : c:\windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\L --> FOUND
[ZeroAccess][FILE] @ : c:\windows\system32\config\systemprofile\local settings\application data\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\@ --> FOUND
[ZeroAccess][FILE] n : c:\windows\system32\config\systemprofile\local settings\application data\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\n --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\system32\config\systemprofile\local settings\application data\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\system32\config\systemprofile\local settings\application data\{c36e10d3-1b9b-26b9-ba14-08adcdad506e}\L --> FOUND

Driver: [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: ST3320820AS ATA Device +++++
--- User ---
[MBR] eea0486ff803f3fa6f043552dca06593
[BSP] 032b1f513ebd0d6aef566c382683956e : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 20466810 | Size: 147761 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 323083215 | Size: 147487 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 AM

Posted 18 August 2012 - 05:14 PM

--Run RogueKiller--

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • then click on "DNS fix"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 guitarman77

guitarman77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 18 August 2012 - 06:02 PM

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User: Circuit City [Admin rights]
Mode: DNSFix -- Date: 08/18/2012 16:01:44

Bad processes: 0

Driver: [NOT LOADED]

Registry Entries: 2
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{C2679871-9BB6-4CB7-BE1B-E5E96CF5905B} : NameServer (209.18.47.62,68.94.156.1) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{C2679871-9BB6-4CB7-BE1B-E5E96CF5905B} : NameServer (209.18.47.62,68.94.156.1) -> REPLACED ()

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 AM

Posted 18 August 2012 - 06:21 PM

I would like you to try and run combofix again for me now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 guitarman77

guitarman77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 18 August 2012 - 07:16 PM

GENIAL GRINGO ! :thumbsup: I AM ABLE TO BOOT UP REGULAR NOW!


ComboFix 12-08-18.03 - Circuit City 08/18/2012 16:34:51.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.1056 [GMT -7:00]
Running from: c:\users\Circuit City\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\34135816
c:\users\Circuit City\AppData\Local\268fb23f\U\00000001.@
c:\users\Circuit City\AppData\Local\268fb23f\U\000000c0.@
c:\users\Circuit City\AppData\Local\268fb23f\U\000000cb.@
c:\users\Circuit City\AppData\Local\268fb23f\U\000000cf.@
c:\users\Circuit City\AppData\Local\268fb23f\U\80000000.@
c:\users\Circuit City\AppData\Local\268fb23f\U\800000c0.@
c:\users\Circuit City\AppData\Local\268fb23f\U\800000cb.@
c:\users\Circuit City\AppData\Local\268fb23f\U\800000cf.@
c:\users\Circuit City\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1F09809C-303F-4072-8B85-1579293BB5C4}.xps
c:\users\Circuit City\AppData\Local\Microsoft\Windows\Temporary Internet Files\{514C9433-90A5-4BCE-80C9-4BDEC2BFAAE9}.xps
c:\users\Circuit City\AppData\Local\Microsoft\Windows\Temporary Internet Files\{604FF2FC-AAF0-4A6E-9305-79C4C83C6E19}.xps
c:\users\Circuit City\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9C7AF07D-9965-40D8-9FC7-C7126693A4F1}.xps
c:\users\Circuit City\AppData\Roaming\122E.3D0
c:\windows\$NtUninstallKB38064$
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
.
.
2071-07-25 17:13 . 2006-11-22 04:48 203576 ----a-w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-08-18 23:51 . 2012-08-18 23:56 -------- d-----w- c:\users\Circuit City\AppData\Local\temp
2012-08-18 23:51 . 2012-08-18 23:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-18 23:51 . 2012-08-18 23:51 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-08-18 23:51 . 2012-08-18 23:51 -------- d-----w- c:\users\Documets\AppData\Local\temp
2012-08-18 23:51 . 2012-08-18 23:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-18 21:39 . 2012-08-18 21:39 9232584 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-18 19:04 . 2012-08-18 19:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-14 05:16 . 2012-08-14 05:16 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-14 01:51 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-14 01:51 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-14 01:38 . 2012-08-14 01:38 124416 ----a-w- c:\programdata\Microsoft\Windows\DRM\2AB8.tmp
2012-07-26 04:00 . 2012-07-26 04:22 -------- d-----w- c:\users\Circuit City\AppData\Roaming\Mp3tag
2012-07-26 03:59 . 2012-07-26 03:59 -------- d-----w- c:\program files\Mp3tag
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-18 21:40 . 2012-04-03 01:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-18 21:40 . 2011-05-18 17:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-18 19:07 . 2009-07-13 23:11 259072 ----a-w- c:\windows\system32\services.exe
2012-07-03 16:21 . 2011-01-03 02:26 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-01-03 02:26 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-01-03 02:26 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-01-03 02:26 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-01-03 02:25 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-01-03 02:25 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-12 02:40 . 2012-07-11 06:39 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-11 01:33 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 01:33 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 01:33 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-22 01:45 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 01:46 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:46 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:45 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:45 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 01:45 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 01:46 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 01:45 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-22 01:45 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33 . 2012-07-11 06:44 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 06:44 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 06:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 06:44 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 06:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-11 01:33 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 01:33 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 01:33 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 01:33 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 01:33 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-25 01:52 . 2012-05-25 01:52 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-07-20 01:58 . 2011-06-06 03:14 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-10-03 107000]
"Facebook Update"="c:\users\Circuit City\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Circuit City\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-2-24 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2012-3-8 1169920]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk]
backup=c:\windows\pss\PCM Media Sharing.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PCM Media Sharing.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-02-02 18:05 1261568 ----a-w- c:\program files\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-01-24 17:27 319488 ---ha-w- c:\acer\Empowering Technology\SysMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-02-02 19:24 3383296 ----a-w- c:\program files\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-02-16 01:39 151552 ---ha-w- c:\acer\AcerTour\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-02-07 07:04 464168 ---ha-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-23 11:04 4423680 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 21:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2010-11-20 12:20 859648 ----a-w- c:\windows\System32\OobeFldr.dll
.
R2 gupdate1c990874c293ef0;Google Update Service (gupdate1c990874c293ef0);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Andbus;LGE Android Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]
R3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]
R3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]
R3 ANDModem;LGE Android USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\smhwadb.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\DRIVERS\smhwdev.sys [x]
R3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\DRIVERS\smhwser.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:40]
.
2012-08-18 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-01-14 18:36]
.
2012-08-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1133032559-2019188934-82881796-1000Core.job
- c:\users\Circuit City\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 03:58]
.
2012-08-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1133032559-2019188934-82881796-1000UA.job
- c:\users\Circuit City\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 03:58]
.
2012-08-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-01 22:12]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 22:38]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 22:38]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 200.53.119.154:8080
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Circuit City\AppData\Roaming\Mozilla\Firefox\Profiles\v1ehr1uh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
FF - prefs.js: network.proxy.ftp - 200.53.119.154
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 200.53.119.154
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 200.53.119.154
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 200.53.119.154
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{90eee664-34b1-422a-a782-779af65cdf6d} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
SafeBoot-29877803.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1133032559-2019188934-82881796-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):06,4b,b3,34,8d,5f,9a,56,21,d1,93,b9,4a,f5,6d,59,36,69,b6,fe,3c,
92,55,cb,7f,eb,4d,da,6c,17,31,14,cf,e6,15,3f,93,0a,3e,86,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1133032559-2019188934-82881796-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f6,62,d4,b1,7a,a9,24,ca,c4,0a,2d,f4,fa,1c,a5,06,b2,23,6e,dc,c7,
c0,6c,36,27,66,02,43,78,e2,9b,db,d6,09,c4,a3,a1,c4,77,d7,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1724)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\system32\taskhost.exe
c:\windows\System32\LEXPPS.EXE
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\RunDll32.exe
.
**************************************************************************
.
Completion time: 2012-08-18 17:14:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-19 00:14
.
Pre-Run: 16,177,008,640 bytes free
Post-Run: 16,497,086,464 bytes free
.
- - End Of File - - F15898ABE1837A0C672074DBD48B5CF0

Edited by guitarman77, 18 August 2012 - 07:16 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 AM

Posted 18 August 2012 - 10:53 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 guitarman77

guitarman77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 19 August 2012 - 02:18 AM

Computer is running good .



ComboFix 12-08-18.03 - Circuit City 08/18/2012 23:48:17.7.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.1049 [GMT -7:00]
Running from: c:\users\Circuit City\Desktop\ComboFix.exe
Command switches used :: c:\users\Circuit City\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2071-07-25 17:13 . 2006-11-22 04:48 203576 ----a-w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-08-19 07:03 . 2012-08-19 07:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-19 07:03 . 2012-08-19 07:03 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-08-19 07:03 . 2012-08-19 07:03 -------- d-----w- c:\users\Documets\AppData\Local\temp
2012-08-19 07:03 . 2012-08-19 07:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-19 06:56 . 2012-08-19 06:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FB52E76-6F4E-4706-935C-2CDBBE1DD5C8}\offreg.dll
2012-08-19 00:11 . 2012-07-16 09:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FB52E76-6F4E-4706-935C-2CDBBE1DD5C8}\mpengine.dll
2012-08-18 23:51 . 2012-08-19 07:03 -------- d-----w- c:\users\Circuit City\AppData\Local\temp
2012-08-18 19:04 . 2012-08-18 19:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-14 05:16 . 2012-08-14 05:16 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-14 01:51 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-14 01:51 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-14 01:38 . 2012-08-14 01:38 124416 ----a-w- c:\programdata\Microsoft\Windows\DRM\2AB8.tmp
2012-07-26 04:00 . 2012-07-26 04:22 -------- d-----w- c:\users\Circuit City\AppData\Roaming\Mp3tag
2012-07-26 03:59 . 2012-07-26 03:59 -------- d-----w- c:\program files\Mp3tag
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-19 06:44 . 2012-04-03 01:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-19 06:44 . 2011-05-18 17:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-18 19:07 . 2009-07-13 23:11 259072 ----a-w- c:\windows\system32\services.exe
2012-07-03 16:21 . 2011-01-03 02:26 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-01-03 02:26 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-01-03 02:26 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-01-03 02:26 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-01-03 02:25 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-01-03 02:25 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-12 02:40 . 2012-07-11 06:39 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-11 01:33 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 01:33 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 01:33 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-22 01:45 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 01:46 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:46 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:45 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:45 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 01:45 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 01:46 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 01:45 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-22 01:45 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33 . 2012-07-11 06:44 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 06:44 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 06:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 06:44 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 06:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-11 01:33 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 01:33 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 01:33 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 01:33 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 01:33 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-25 01:52 . 2012-05-25 01:52 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-07-20 01:58 . 2011-06-06 03:14 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-10-03 107000]
"Facebook Update"="c:\users\Circuit City\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Circuit City\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-2-24 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2012-3-8 1169920]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk]
backup=c:\windows\pss\PCM Media Sharing.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PCM Media Sharing.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-02-02 18:05 1261568 ----a-w- c:\program files\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-01-24 17:27 319488 ---ha-w- c:\acer\Empowering Technology\SysMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-02-02 19:24 3383296 ----a-w- c:\program files\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-02-16 01:39 151552 ---ha-w- c:\acer\AcerTour\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-02-07 07:04 464168 ---ha-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-23 11:04 4423680 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 21:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2010-11-20 12:20 859648 ----a-w- c:\windows\System32\OobeFldr.dll
.
R2 gupdate1c990874c293ef0;Google Update Service (gupdate1c990874c293ef0);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Andbus;LGE Android Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]
R3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]
R3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]
R3 ANDModem;LGE Android USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\smhwadb.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\DRIVERS\smhwdev.sys [x]
R3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\DRIVERS\smhwser.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 06:44]
.
2012-08-18 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-01-14 18:36]
.
2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1133032559-2019188934-82881796-1000Core.job
- c:\users\Circuit City\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 03:58]
.
2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1133032559-2019188934-82881796-1000UA.job
- c:\users\Circuit City\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 03:58]
.
2012-08-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-01 22:12]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 22:38]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 22:38]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 200.53.119.154:8080
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Circuit City\AppData\Roaming\Mozilla\Firefox\Profiles\v1ehr1uh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
FF - prefs.js: network.proxy.ftp - 200.53.119.154
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 200.53.119.154
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 200.53.119.154
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 200.53.119.154
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1133032559-2019188934-82881796-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):06,4b,b3,34,8d,5f,9a,56,21,d1,93,b9,4a,f5,6d,59,36,69,b6,fe,3c,
92,55,cb,7f,eb,4d,da,6c,17,31,14,cf,e6,15,3f,93,0a,3e,86,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1133032559-2019188934-82881796-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f6,62,d4,b1,7a,a9,24,ca,c4,0a,2d,f4,fa,1c,a5,06,b2,23,6e,dc,c7,
c0,6c,36,27,66,02,43,78,e2,9b,db,d6,09,c4,a3,a1,c4,77,d7,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-19 00:17:10
ComboFix-quarantined-files.txt 2012-08-19 07:17
ComboFix2.txt 2012-08-19 00:14
.
Pre-Run: 17,902,256,128 bytes free
Post-Run: 17,559,572,480 bytes free
.
- - End Of File - - 691A73C5231947CF1DFAE9221220FC2C




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users