Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 coolshyguy

coolshyguy

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cali
  • Local time:10:24 AM

Posted 15 August 2012 - 04:58 PM

Hello!

Unfortunately I've been hit with this nasty Sirefif virus. Judging by this weeks activity, it seems a lot of users have been hit by this virus. My OS is Windows 7 and continuously reboots itself after every minute with the virus. I have read up some about the virus requiring a few logs from Farbar, ComboFix, and a few others. Here is my Farbar log:

!-------FSRT.exe--------!

can result of Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 15-08-2012 14:27:55
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [335976 2011-08-03] (NVIDIA Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Owner\...\Run: [Soonr] "C:\Program Files (x86)\Soonr\Soonr Desktop Client\SoonrClient.exe" -boot [6410648 2012-01-23] (Soonr, Inc.)
HKU\Owner\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 OEM02Dev; C:\Windows\System32\Drivers\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
3 OEM02Vfx; C:\Windows\System32\Drivers\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-15 14:26 - 2012-08-15 14:27 - 00000000 ____D C:\FRST
2012-08-15 12:55 - 2012-08-15 12:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9406239DFB544698
2012-08-15 12:49 - 2012-08-15 12:52 - 00001820 ____A C:\Users\Owner\Desktop\Rkill.txt
2012-08-15 12:49 - 2012-08-15 12:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29304271E5E6265C
2012-08-15 12:49 - 2012-08-15 12:21 - 01051552 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2012-08-15 12:48 - 2012-08-15 12:48 - 00000616 ____A C:\Users\Owner\Desktop\iExplore.exe - Shortcut.lnk
2012-08-15 12:46 - 2012-08-15 12:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56DA0F445CE4E471
2012-08-15 12:43 - 2012-08-15 12:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF18643D4C16F641
2012-08-15 12:33 - 2012-08-15 12:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59674DD1AE81BE32
2012-08-15 12:30 - 2012-08-15 12:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.88682655D7061C8C
2012-08-15 12:01 - 2012-08-15 12:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CC7103C20A02E913
2012-08-15 11:56 - 2012-08-15 11:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D2169202E72B2121
2012-08-15 11:52 - 2012-08-15 11:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5CB431E0A2DA70A3
2012-08-15 11:46 - 2012-08-15 11:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.91B57A2DCC6330D0
2012-08-15 11:43 - 2012-08-15 11:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A021504D03AF3C47
2012-08-15 11:32 - 2012-08-15 11:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7173DC0ADBF3E695
2012-08-15 11:27 - 2012-08-15 11:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F256051CC96E2829
2012-08-15 11:25 - 2012-08-15 11:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C0485E2BE6CAEBF5
2012-08-15 11:09 - 2012-08-15 11:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6C5262898B8B9B26
2012-08-15 11:04 - 2012-08-15 11:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D3181917190C065
2012-08-15 11:01 - 2012-08-15 11:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6F784C05A9B249A7
2012-08-15 10:55 - 2012-08-15 10:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DAD235EDD549DE5B
2012-08-15 10:52 - 2012-08-15 10:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BBAE53AEA2910DE3
2012-08-15 10:43 - 2012-08-15 10:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8E4B142C18AFE63
2012-08-15 10:38 - 2012-08-15 10:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0533D0FB6BBAF14F
2012-08-15 10:33 - 2012-08-15 10:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.668AEA55BEC7CB92
2012-08-15 10:27 - 2012-08-15 10:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-15 10:27 - 2012-08-15 10:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-15 10:27 - 2012-08-15 10:27 - 12621696 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
2012-08-14 17:15 - 2012-08-14 17:15 - 00017324 ____A C:\Users\Owner\.recently-used.xbel
2012-08-11 00:09 - 2012-08-11 00:09 - 00000000 __SHD C:\Windows\System32\%APPDATA%

============ 3 Months Modified Files ========================

2012-08-15 13:18 - 2009-07-13 21:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-15 13:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-15 13:18 - 2009-07-13 20:51 - 00032388 ____A C:\Windows\setupact.log
2012-08-15 12:55 - 2012-08-15 12:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9406239DFB544698
2012-08-15 12:52 - 2012-08-15 12:49 - 00001820 ____A C:\Users\Owner\Desktop\Rkill.txt
2012-08-15 12:49 - 2012-08-15 12:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29304271E5E6265C
2012-08-15 12:48 - 2012-08-15 12:48 - 00000616 ____A C:\Users\Owner\Desktop\iExplore.exe - Shortcut.lnk
2012-08-15 12:46 - 2012-08-15 12:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56DA0F445CE4E471
2012-08-15 12:43 - 2012-08-15 12:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF18643D4C16F641
2012-08-15 12:36 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-15 12:34 - 2009-07-13 21:13 - 00729706 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-15 12:33 - 2012-08-15 12:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59674DD1AE81BE32
2012-08-15 12:30 - 2012-08-15 12:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.88682655D7061C8C
2012-08-15 12:21 - 2012-08-15 12:49 - 01051552 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2012-08-15 12:02 - 2011-09-29 15:14 - 00002243 ____A C:\Windows\epplauncher.mif
2012-08-15 12:01 - 2012-08-15 12:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CC7103C20A02E913
2012-08-15 11:56 - 2012-08-15 11:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D2169202E72B2121
2012-08-15 11:52 - 2012-08-15 11:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5CB431E0A2DA70A3
2012-08-15 11:46 - 2012-08-15 11:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.91B57A2DCC6330D0
2012-08-15 11:43 - 2012-08-15 11:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A021504D03AF3C47
2012-08-15 11:32 - 2012-08-15 11:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7173DC0ADBF3E695
2012-08-15 11:27 - 2012-08-15 11:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F256051CC96E2829
2012-08-15 11:25 - 2012-08-15 11:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C0485E2BE6CAEBF5
2012-08-15 11:09 - 2012-08-15 11:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6C5262898B8B9B26
2012-08-15 11:04 - 2012-08-15 11:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D3181917190C065
2012-08-15 11:01 - 2012-08-15 11:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6F784C05A9B249A7
2012-08-15 10:55 - 2012-08-15 10:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DAD235EDD549DE5B
2012-08-15 10:52 - 2012-08-15 10:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BBAE53AEA2910DE3
2012-08-15 10:43 - 2012-08-15 10:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8E4B142C18AFE63
2012-08-15 10:38 - 2012-08-15 10:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0533D0FB6BBAF14F
2012-08-15 10:33 - 2012-08-15 10:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.668AEA55BEC7CB92
2012-08-15 10:31 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-15 10:31 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-15 10:28 - 2011-09-29 15:14 - 00743856 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-15 10:28 - 2011-09-28 17:28 - 01374664 ____A C:\Windows\WindowsUpdate.log
2012-08-15 10:27 - 2012-08-15 10:27 - 12621696 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
2012-08-15 09:58 - 2011-09-29 12:41 - 00007600 ____A C:\Windows\PFRO.log
2012-08-15 09:46 - 2012-07-10 15:40 - 00000163 ____A C:\Users\Owner\Desktop\bleep.txt
2012-08-14 17:15 - 2012-08-14 17:15 - 00017324 ____A C:\Users\Owner\.recently-used.xbel
2012-08-01 10:01 - 2012-05-10 09:23 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-01 10:01 - 2011-09-29 14:14 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 18:50 - 2009-07-13 20:45 - 00305856 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 08:26 - 2011-09-29 09:40 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 12:46 - 2012-04-13 23:15 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-28 14:00 - 2012-06-28 14:00 - 00000014 ____A C:\Users\Owner\Documents\that_one_guy_named_martin.txt
2012-06-14 13:22 - 2012-06-14 13:22 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Owner\Downloads\SkypeSetup.exe
2012-06-12 13:41 - 2012-06-12 13:41 - 00000009 ____A C:\Users\Owner\Documents\IRCPASS.txt
2012-06-12 08:31 - 2012-06-12 08:31 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-12 08:31 - 2012-06-12 08:31 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-12 08:31 - 2012-06-12 08:31 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-12 08:31 - 2012-06-12 08:31 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-12 08:31 - 2012-01-18 00:55 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-06-11 19:08 - 2012-07-11 08:30 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 22:52 - 2012-06-08 22:52 - 388863001 ____A C:\Windows\MEMORY.DMP
2012-06-08 22:52 - 2012-06-08 22:52 - 00752640 ____A C:\Windows\Minidump\060812-19468-01.dmp
2012-06-08 21:43 - 2012-07-10 20:16 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 20:16 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 20:16 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 20:16 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 20:15 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 20:16 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 20:16 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 20:15 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-21 10:24 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 10:24 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 10:24 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-21 10:24 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 10:24 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 10:24 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 10:24 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 10:24 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-21 10:24 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 08:24 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 08:24 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 08:25 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 08:25 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 08:25 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 08:25 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 08:25 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 08:25 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 08:25 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 08:25 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 08:25 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 08:25 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 08:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 08:25 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 08:25 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 08:24 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 08:25 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 08:25 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 08:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 08:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 08:25 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 08:25 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 08:25 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 08:25 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 08:25 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 08:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 08:25 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 08:25 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 20:16 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 20:16 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 20:16 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 20:16 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 20:16 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 20:16 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 20:16 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 20:16 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 20:16 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll


ZeroAccess:
C:\Windows\Installer\{ee5bfb89-8ba6-df69-ce22-7db80da8e5c2}
C:\Windows\Installer\{ee5bfb89-8ba6-df69-ce22-7db80da8e5c2}\@
C:\Windows\Installer\{ee5bfb89-8ba6-df69-ce22-7db80da8e5c2}\L
C:\Windows\Installer\{ee5bfb89-8ba6-df69-ce22-7db80da8e5c2}\U

ZeroAccess:
C:\Users\Owner\AppData\Local\{ee5bfb89-8ba6-df69-ce22-7db80da8e5c2}
C:\Users\Owner\AppData\Local\{ee5bfb89-8ba6-df69-ce22-7db80da8e5c2}\@
C:\Users\Owner\AppData\Local\{ee5bfb89-8ba6-df69-ce22-7db80da8e5c2}\L
C:\Users\Owner\AppData\Local\{ee5bfb89-8ba6-df69-ce22-7db80da8e5c2}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 4094.06 MB
Available physical RAM: 3539.68 MB
Total Pagefile: 4092.21 MB
Available Pagefile: 3539.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:440.58 GB) (Free:357.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:0.94 GB) (Free:0.88 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 2048 KB
Disk 1 Online 961 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 440 GB 31 KB
Partition 0 Extended 25 GB 440 GB
Partition 2 Logical 25 GB 440 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 440 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : BC
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 960 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT Removable 960 MB Healthy

==================================================================================

Last Boot: 2012-08-02 20:17

======================= End Of Log ==========================

!--------search.txt---------!

Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 2012-08-15 14:29:59
Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-08-15 12:36] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

I just need help creating a fixit.txt file since I'm assuming the script is different for every system? Well anyways, please and thank you in advance :)

Edited by coolshyguy, 15 August 2012 - 04:59 PM.


BC AdBot (Login to Remove)

 


#2 coolshyguy

coolshyguy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cali
  • Local time:10:24 AM

Posted 15 August 2012 - 05:54 PM

Standing by for a fixit.txt

#3 coolshyguy

coolshyguy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cali
  • Local time:10:24 AM

Posted 16 August 2012 - 10:31 AM

Still need help please .

#4 coolshyguy

coolshyguy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cali
  • Local time:10:24 AM

Posted 16 August 2012 - 11:29 AM

edit: it's not. Still could use help please =(

Edited by coolshyguy, 16 August 2012 - 12:08 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 16 August 2012 - 12:51 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC\Desktop.ini 
C:\Windows\Installer\{ee5bfb89-8ba6-df69-ce22-7db80da8e5c2}
C:\Users\Owner\AppData\Local\{ee5bfb89-8ba6-df69-ce22-7db80da8e5c2}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 coolshyguy

coolshyguy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cali
  • Local time:10:24 AM

Posted 16 August 2012 - 01:23 PM

Thank you so much gringo!

Here is my fixlog:

ix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-08-2012
Ran by SYSTEM at 2012-08-16 11:22:16 Run:1
Running from E:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Windows\assembly\GAC\Desktop.ini not found.
C:\Windows\Installer\{ee5bfb89-8ba6-df69-ce22-7db80da8e5c2} moved successfully.
C:\Users\Owner\AppData\Local\{ee5bfb89-8ba6-df69-ce22-7db80da8e5c2} moved successfully.

==== End of Fixlog ====

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 16 August 2012 - 02:29 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 coolshyguy

coolshyguy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cali
  • Local time:10:24 AM

Posted 16 August 2012 - 04:20 PM

Here is the log:

ComboFix 12-08-16.01 - Owner 08/16/2012 13:41:40.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2962 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\assembly\tmp
c:\users\Owner\AppData\Local\att.exe
c:\users\Owner\AppData\Local\dep.exe
c:\users\Owner\AppData\Local\hnpdk455onbm7h4186gu11ph7620
c:\users\Owner\AppData\Local\ibc.exe
c:\users\Owner\AppData\Local\rtc.exe
c:\users\Owner\AppData\Local\sqv.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Templates\hnpdk455onbm7h4186gu11ph7620
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{135da384-f227-48a0-88e7-22e43771ba0f}
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{135da384-f227-48a0-88e7-22e43771ba0f}\chrome.manifest
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{135da384-f227-48a0-88e7-22e43771ba0f}\chrome\xulcache.jar
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{135da384-f227-48a0-88e7-22e43771ba0f}\install.rdf
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{253326cf-5804-4827-a7bd-aa6977cc81b5}
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{253326cf-5804-4827-a7bd-aa6977cc81b5}\chrome.manifest
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{253326cf-5804-4827-a7bd-aa6977cc81b5}\chrome\xulcache.jar
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{253326cf-5804-4827-a7bd-aa6977cc81b5}\install.rdf
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{59a30a25-976b-41c4-8c8c-5e00678c45a8}
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{59a30a25-976b-41c4-8c8c-5e00678c45a8}\chrome.manifest
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{59a30a25-976b-41c4-8c8c-5e00678c45a8}\chrome\xulcache.jar
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{59a30a25-976b-41c4-8c8c-5e00678c45a8}\install.rdf
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{a28dfd2b-45c0-4252-b2ec-8aa564f12461}
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{a28dfd2b-45c0-4252-b2ec-8aa564f12461}\chrome.manifest
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{a28dfd2b-45c0-4252-b2ec-8aa564f12461}\chrome\xulcache.jar
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{a28dfd2b-45c0-4252-b2ec-8aa564f12461}\install.rdf
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{a4eb5e66-2aa7-48e1-89da-e7f253c3779d}
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{a4eb5e66-2aa7-48e1-89da-e7f253c3779d}\chrome.manifest
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{a4eb5e66-2aa7-48e1-89da-e7f253c3779d}\chrome\xulcache.jar
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{a4eb5e66-2aa7-48e1-89da-e7f253c3779d}\install.rdf
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{bf21ee66-29a0-40f7-8eec-3b640f257588}
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{bf21ee66-29a0-40f7-8eec-3b640f257588}\chrome.manifest
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{bf21ee66-29a0-40f7-8eec-3b640f257588}\chrome\xulcache.jar
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\extensions\{bf21ee66-29a0-40f7-8eec-3b640f257588}\install.rdf
c:\users\Owner\Documents\~WRL2413.tmp
c:\users\Owner\Documents\~WRL2481.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-15 22:26 . 2012-08-15 22:27 -------- d-----w- C:\FRST
2012-08-15 21:47 . 2012-08-15 21:47 328704 ----a-w- c:\windows\system32\services.exe.0EA50CC3E1CF85FF
2012-08-15 21:45 . 2012-08-15 21:45 328704 ----a-w- c:\windows\system32\services.exe.347879DA7DFF8422
2012-08-15 21:42 . 2012-08-15 21:42 328704 ----a-w- c:\windows\system32\services.exe.776DDB6D08F46CB8
2012-08-15 20:55 . 2012-08-15 20:55 328704 ----a-w- c:\windows\system32\services.exe.9406239DFB544698
2012-08-15 20:49 . 2012-08-15 20:49 328704 ----a-w- c:\windows\system32\services.exe.29304271E5E6265C
2012-08-15 20:46 . 2012-08-15 20:46 328704 ----a-w- c:\windows\system32\services.exe.56DA0F445CE4E471
2012-08-15 20:43 . 2012-08-15 20:43 328704 ----a-w- c:\windows\system32\services.exe.CF18643D4C16F641
2012-08-15 20:33 . 2012-08-15 20:33 328704 ----a-w- c:\windows\system32\services.exe.59674DD1AE81BE32
2012-08-15 20:30 . 2012-08-15 20:30 328704 ----a-w- c:\windows\system32\services.exe.88682655D7061C8C
2012-08-15 20:01 . 2012-08-15 20:01 328704 ----a-w- c:\windows\system32\services.exe.CC7103C20A02E913
2012-08-15 19:56 . 2012-08-15 19:56 328704 ----a-w- c:\windows\system32\services.exe.D2169202E72B2121
2012-08-15 19:52 . 2012-08-15 19:52 328704 ----a-w- c:\windows\system32\services.exe.5CB431E0A2DA70A3
2012-08-15 19:46 . 2012-08-15 19:46 328704 ----a-w- c:\windows\system32\services.exe.91B57A2DCC6330D0
2012-08-15 19:43 . 2012-08-15 19:43 328704 ----a-w- c:\windows\system32\services.exe.A021504D03AF3C47
2012-08-15 19:32 . 2012-08-15 19:32 328704 ----a-w- c:\windows\system32\services.exe.7173DC0ADBF3E695
2012-08-15 19:27 . 2012-08-15 19:27 328704 ----a-w- c:\windows\system32\services.exe.F256051CC96E2829
2012-08-15 19:25 . 2012-08-15 19:25 328704 ----a-w- c:\windows\system32\services.exe.C0485E2BE6CAEBF5
2012-08-15 19:09 . 2012-08-15 19:09 328704 ----a-w- c:\windows\system32\services.exe.6C5262898B8B9B26
2012-08-15 19:04 . 2012-08-15 19:04 328704 ----a-w- c:\windows\system32\services.exe.9D3181917190C065
2012-08-15 19:01 . 2012-08-15 19:01 328704 ----a-w- c:\windows\system32\services.exe.6F784C05A9B249A7
2012-08-15 18:55 . 2012-08-15 18:55 328704 ----a-w- c:\windows\system32\services.exe.DAD235EDD549DE5B
2012-08-15 18:52 . 2012-08-15 18:52 328704 ----a-w- c:\windows\system32\services.exe.BBAE53AEA2910DE3
2012-08-15 18:43 . 2012-08-15 18:43 328704 ----a-w- c:\windows\system32\services.exe.F8E4B142C18AFE63
2012-08-15 18:38 . 2012-08-15 18:38 328704 ----a-w- c:\windows\system32\services.exe.0533D0FB6BBAF14F
2012-08-15 18:33 . 2012-08-15 18:33 328704 ----a-w- c:\windows\system32\services.exe.668AEA55BEC7CB92
2012-08-15 18:29 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FC0778A-4EE7-43B1-B127-E14CCC0BF4DB}\gapaengine.dll
2012-08-15 18:29 . 2012-07-16 09:40 9133488 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83CC4EFF-26E1-4E2B-ADCA-1BE6EA0D3851}\mpengine.dll
2012-08-15 18:27 . 2012-08-15 18:28 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-15 18:27 . 2012-08-15 18:28 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-11 08:09 . 2012-08-11 08:09 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 18:01 . 2012-05-10 17:23 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-01 18:01 . 2011-09-29 22:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 16:26 . 2011-09-29 17:40 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 20:46 . 2012-04-14 07:15 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 16:31 . 2012-06-12 16:31 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-12 16:31 . 2012-01-18 08:55 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-12 03:08 . 2012-07-11 16:30 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 04:16 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 04:16 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 04:16 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 04:15 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 04:16 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 04:16 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 04:15 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 18:24 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 18:24 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 18:24 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 18:24 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 18:24 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 18:24 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 18:24 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 18:24 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 18:24 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-11 16:24 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 16:24 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 16:25 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 16:25 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 16:25 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 16:25 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 16:25 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 16:25 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 16:25 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 16:25 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 16:25 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 16:25 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 16:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 16:25 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 16:25 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 16:25 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 16:25 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 16:25 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 16:25 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 04:16 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 04:16 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 04:16 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 04:16 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 04:16 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 04:16 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 04:16 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 04:16 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 04:16 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Soonr"="c:\program files (x86)\Soonr\Soonr Desktop Client\SoonrClient.exe" [2012-01-23 6410648]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-29 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
AeLookupSvc
AppInfo
AppMgmt
AudioSrv
BITS
browser
CertPropSvc
EapHost
FastUserSwitchingCompatibility
gpsvc
helpsvc
hkmsvc
Ias
IKEEXT
iphlpsvc
Irmon
lanmanserver
LogonHours
MMCSS
msiscsi
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
PCAudit
ProfSvc
Rasauto
Rasman
Remoteaccess
schedule
SCPolicySvc
seclogon
SENS
SessionEnv
Sharedaccess
ShellHWDetection
SRService
Tapisrv
TermService
Themes
uploadmgr
wercplsupport
winmgmt
WmdmPmSp
Wmi
wuauserv
BDESVC
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 1
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-16 14:08:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 21:08
.
Pre-Run: 383,943,733,248 bytes free
Post-Run: 384,703,836,160 bytes free
.
- - End Of File - - A575DF0D682B575E733B2ACD83186B97

ComboFix definitely deleted a lot of malicious files and folders. The computer however is still not normal. As reading other people's issue with this malware, I noticed they couldn't run a Windows Update (which I believe prevents this [hopefully]). I too can't run a Windows Update on my machine.

Edited by coolshyguy, 16 August 2012 - 05:15 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 17 August 2012 - 07:08 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 coolshyguy

coolshyguy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cali
  • Local time:10:24 AM

Posted 17 August 2012 - 12:26 PM

09:56:10.0698 4356 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
09:56:12.0726 4356 ============================================================
09:56:12.0726 4356 Current date / time: 2012/08/17 09:56:12.0726
09:56:12.0726 4356 SystemInfo:
09:56:12.0726 4356
09:56:12.0726 4356 OS Version: 6.1.7601 ServicePack: 1.0
09:56:12.0726 4356 Product type: Workstation
09:56:12.0726 4356 ComputerName: OWNER-PC
09:56:12.0726 4356 UserName: Owner
09:56:12.0726 4356 Windows directory: C:\Windows
09:56:12.0726 4356 System windows directory: C:\Windows
09:56:12.0726 4356 Running under WOW64
09:56:12.0726 4356 Processor architecture: Intel x64
09:56:12.0726 4356 Number of processors: 2
09:56:12.0726 4356 Page size: 0x1000
09:56:12.0726 4356 Boot type: Normal boot
09:56:12.0726 4356 ============================================================
09:56:15.0066 4356 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:56:15.0082 4356 ============================================================
09:56:15.0082 4356 \Device\Harddisk0\DR0:
09:56:15.0082 4356 MBR partitions:
09:56:15.0082 4356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37128BEB
09:56:15.0113 4356 ============================================================
09:56:15.0175 4356 C: <-> \Device\Harddisk0\DR0\Partition1
09:56:15.0175 4356 ============================================================
09:56:15.0175 4356 Initialize success
09:56:15.0175 4356 ============================================================
09:56:19.0356 4684 ============================================================
09:56:19.0356 4684 Scan started
09:56:19.0356 4684 Mode: Manual;
09:56:19.0356 4684 ============================================================
09:56:19.0621 4684 ================ Scan services =============================
09:56:19.0762 4684 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:56:19.0762 4684 1394ohci - ok
09:56:19.0824 4684 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:56:19.0824 4684 ACPI - ok
09:56:19.0855 4684 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:56:19.0871 4684 AcpiPmi - ok
09:56:19.0964 4684 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:56:19.0964 4684 AdobeARMservice - ok
09:56:20.0027 4684 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:56:20.0027 4684 adp94xx - ok
09:56:20.0120 4684 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:56:20.0120 4684 adpahci - ok
09:56:20.0152 4684 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:56:20.0152 4684 adpu320 - ok
09:56:20.0183 4684 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:56:20.0183 4684 AeLookupSvc - ok
09:56:20.0230 4684 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:56:20.0245 4684 AFD - ok
09:56:20.0276 4684 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:56:20.0276 4684 agp440 - ok
09:56:20.0308 4684 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
09:56:20.0354 4684 ALG - ok
09:56:20.0386 4684 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:56:20.0386 4684 aliide - ok
09:56:20.0386 4684 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
09:56:20.0386 4684 amdide - ok
09:56:20.0417 4684 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:56:20.0432 4684 AmdK8 - ok
09:56:20.0464 4684 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:56:20.0479 4684 AmdPPM - ok
09:56:20.0526 4684 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:56:20.0542 4684 amdsata - ok
09:56:20.0620 4684 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:56:20.0666 4684 amdsbs - ok
09:56:20.0713 4684 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:56:20.0713 4684 amdxata - ok
09:56:20.0760 4684 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
09:56:20.0791 4684 AppID - ok
09:56:20.0822 4684 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:56:20.0854 4684 AppIDSvc - ok
09:56:20.0900 4684 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:56:20.0978 4684 Appinfo - ok
09:56:21.0056 4684 [ 3debbecf665dcdde3a95d9b902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:56:21.0072 4684 Apple Mobile Device - ok
09:56:21.0119 4684 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
09:56:21.0119 4684 arc - ok
09:56:21.0134 4684 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:56:21.0134 4684 arcsas - ok
09:56:21.0166 4684 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:56:21.0166 4684 AsyncMac - ok
09:56:21.0212 4684 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
09:56:21.0212 4684 atapi - ok
09:56:21.0259 4684 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:56:21.0306 4684 AudioEndpointBuilder - ok
09:56:21.0322 4684 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:56:21.0337 4684 AudioSrv - ok
09:56:21.0384 4684 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:56:21.0431 4684 AxInstSV - ok
09:56:21.0478 4684 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:56:21.0493 4684 b06bdrv - ok
09:56:21.0524 4684 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:56:21.0556 4684 b57nd60a - ok
09:56:21.0618 4684 [ 9e84a931dbee0292e38ed672f6293a99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
09:56:21.0634 4684 BCM43XX - ok
09:56:21.0665 4684 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:56:21.0712 4684 BDESVC - ok
09:56:21.0743 4684 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:56:21.0743 4684 Beep - ok
09:56:21.0805 4684 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
09:56:21.0852 4684 BFE - ok
09:56:21.0899 4684 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:56:21.0914 4684 blbdrive - ok
09:56:21.0977 4684 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:56:21.0992 4684 Bonjour Service - ok
09:56:22.0039 4684 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:56:22.0055 4684 bowser - ok
09:56:22.0086 4684 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:56:22.0102 4684 BrFiltLo - ok
09:56:22.0117 4684 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:56:22.0133 4684 BrFiltUp - ok
09:56:22.0164 4684 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:56:22.0180 4684 BridgeMP - ok
09:56:22.0226 4684 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
09:56:22.0226 4684 Browser - ok
09:56:22.0258 4684 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:56:22.0273 4684 Brserid - ok
09:56:22.0289 4684 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:56:22.0304 4684 BrSerWdm - ok
09:56:22.0336 4684 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:56:22.0351 4684 BrUsbMdm - ok
09:56:22.0351 4684 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:56:22.0367 4684 BrUsbSer - ok
09:56:22.0382 4684 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:56:22.0414 4684 BTHMODEM - ok
09:56:22.0460 4684 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
09:56:22.0492 4684 bthserv - ok
09:56:22.0523 4684 catchme - ok
09:56:22.0554 4684 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:56:22.0570 4684 cdfs - ok
09:56:22.0616 4684 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:56:22.0632 4684 cdrom - ok
09:56:22.0679 4684 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
09:56:22.0726 4684 CertPropSvc - ok
09:56:22.0757 4684 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:56:22.0772 4684 circlass - ok
09:56:22.0819 4684 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
09:56:22.0819 4684 CLFS - ok
09:56:22.0882 4684 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:56:22.0882 4684 clr_optimization_v2.0.50727_32 - ok
09:56:22.0913 4684 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:56:22.0913 4684 clr_optimization_v2.0.50727_64 - ok
09:56:22.0975 4684 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:56:22.0975 4684 clr_optimization_v4.0.30319_32 - ok
09:56:23.0006 4684 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:56:23.0006 4684 clr_optimization_v4.0.30319_64 - ok
09:56:23.0038 4684 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:56:23.0053 4684 CmBatt - ok
09:56:23.0069 4684 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:56:23.0069 4684 cmdide - ok
09:56:23.0131 4684 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
09:56:23.0131 4684 CNG - ok
09:56:23.0162 4684 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:56:23.0162 4684 Compbatt - ok
09:56:23.0209 4684 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:56:23.0225 4684 CompositeBus - ok
09:56:23.0240 4684 COMSysApp - ok
09:56:23.0256 4684 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:56:23.0256 4684 crcdisk - ok
09:56:23.0303 4684 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:56:23.0303 4684 CryptSvc - ok
09:56:23.0365 4684 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:56:23.0381 4684 DcomLaunch - ok
09:56:23.0412 4684 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
09:56:23.0459 4684 defragsvc - ok
09:56:23.0506 4684 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:56:23.0537 4684 DfsC - ok
09:56:23.0584 4684 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
09:56:23.0599 4684 Dhcp - ok
09:56:23.0615 4684 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
09:56:23.0615 4684 discache - ok
09:56:23.0646 4684 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:56:23.0646 4684 Disk - ok
09:56:23.0693 4684 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:56:23.0724 4684 Dnscache - ok
09:56:23.0771 4684 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:56:23.0818 4684 dot3svc - ok
09:56:23.0849 4684 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
09:56:23.0864 4684 DPS - ok
09:56:23.0896 4684 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:56:23.0911 4684 drmkaud - ok
09:56:23.0974 4684 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:56:23.0989 4684 DXGKrnl - ok
09:56:24.0020 4684 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:56:24.0067 4684 EapHost - ok
09:56:24.0161 4684 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:56:24.0270 4684 ebdrv - ok
09:56:24.0301 4684 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
09:56:24.0317 4684 EFS - ok
09:56:24.0395 4684 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:56:24.0473 4684 ehRecvr - ok
09:56:24.0504 4684 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
09:56:24.0551 4684 ehSched - ok
09:56:24.0598 4684 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:56:24.0598 4684 elxstor - ok
09:56:24.0613 4684 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:56:24.0629 4684 ErrDev - ok
09:56:24.0676 4684 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
09:56:24.0691 4684 EventSystem - ok
09:56:24.0722 4684 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
09:56:24.0738 4684 exfat - ok
09:56:24.0785 4684 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:56:24.0785 4684 fastfat - ok
09:56:24.0832 4684 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
09:56:24.0847 4684 Fax - ok
09:56:24.0863 4684 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:56:24.0878 4684 fdc - ok
09:56:24.0925 4684 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:56:24.0941 4684 fdPHost - ok
09:56:24.0956 4684 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:56:24.0956 4684 FDResPub - ok
09:56:24.0988 4684 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:56:24.0988 4684 FileInfo - ok
09:56:25.0034 4684 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:56:25.0066 4684 Filetrace - ok
09:56:25.0081 4684 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:56:25.0097 4684 flpydisk - ok
09:56:25.0144 4684 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:56:25.0144 4684 FltMgr - ok
09:56:25.0190 4684 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
09:56:25.0206 4684 FontCache - ok
09:56:25.0284 4684 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:56:25.0284 4684 FontCache3.0.0.0 - ok
09:56:25.0315 4684 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:56:25.0315 4684 FsDepends - ok
09:56:25.0346 4684 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:56:25.0346 4684 Fs_Rec - ok
09:56:25.0393 4684 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:56:25.0393 4684 fvevol - ok
09:56:25.0409 4684 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:56:25.0424 4684 gagp30kx - ok
09:56:25.0471 4684 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:56:25.0471 4684 GEARAspiWDM - ok
09:56:25.0518 4684 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
09:56:25.0580 4684 gpsvc - ok
09:56:25.0612 4684 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:56:25.0627 4684 hcw85cir - ok
09:56:25.0658 4684 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:56:25.0690 4684 HdAudAddService - ok
09:56:25.0768 4684 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:56:25.0768 4684 HDAudBus - ok
09:56:25.0799 4684 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:56:25.0814 4684 HidBatt - ok
09:56:25.0830 4684 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:56:25.0846 4684 HidBth - ok
09:56:25.0861 4684 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:56:25.0892 4684 HidIr - ok
09:56:25.0924 4684 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
09:56:25.0955 4684 hidserv - ok
09:56:26.0002 4684 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:56:26.0017 4684 HidUsb - ok
09:56:26.0064 4684 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:56:26.0111 4684 hkmsvc - ok
09:56:26.0142 4684 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:56:26.0189 4684 HomeGroupListener - ok
09:56:26.0236 4684 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:56:26.0236 4684 HomeGroupProvider - ok
09:56:26.0267 4684 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:56:26.0267 4684 HpSAMD - ok
09:56:26.0329 4684 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:56:26.0345 4684 HTTP - ok
09:56:26.0376 4684 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:56:26.0376 4684 hwpolicy - ok
09:56:26.0438 4684 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:56:26.0470 4684 i8042prt - ok
09:56:26.0516 4684 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:56:26.0516 4684 iaStorV - ok
09:56:26.0594 4684 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:56:26.0594 4684 idsvc - ok
09:56:26.0626 4684 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:56:26.0626 4684 iirsp - ok
09:56:26.0688 4684 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
09:56:26.0750 4684 IKEEXT - ok
09:56:26.0797 4684 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
09:56:26.0797 4684 intelide - ok
09:56:26.0828 4684 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:56:26.0828 4684 intelppm - ok
09:56:26.0860 4684 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:56:26.0875 4684 IPBusEnum - ok
09:56:26.0906 4684 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:56:26.0938 4684 IpFilterDriver - ok
09:56:27.0016 4684 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:56:27.0031 4684 iphlpsvc - ok
09:56:27.0062 4684 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:56:27.0078 4684 IPMIDRV - ok
09:56:27.0109 4684 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:56:27.0140 4684 IPNAT - ok
09:56:27.0187 4684 [ 46d249f9db7844cc01050a9345f0f61b ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:56:27.0203 4684 iPod Service - ok
09:56:27.0234 4684 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:56:27.0250 4684 IRENUM - ok
09:56:27.0265 4684 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:56:27.0265 4684 isapnp - ok
09:56:27.0312 4684 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:56:27.0312 4684 iScsiPrt - ok
09:56:27.0343 4684 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:56:27.0343 4684 kbdclass - ok
09:56:27.0359 4684 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:56:27.0390 4684 kbdhid - ok
09:56:27.0421 4684 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
09:56:27.0421 4684 KeyIso - ok
09:56:27.0468 4684 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:56:27.0468 4684 KSecDD - ok
09:56:27.0515 4684 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:56:27.0515 4684 KSecPkg - ok
09:56:27.0546 4684 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:56:27.0562 4684 ksthunk - ok
09:56:27.0608 4684 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
09:56:27.0655 4684 KtmRm - ok
09:56:27.0718 4684 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
09:56:27.0718 4684 LanmanServer - ok
09:56:27.0764 4684 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:56:27.0796 4684 LanmanWorkstation - ok
09:56:27.0842 4684 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:56:27.0858 4684 lltdio - ok
09:56:27.0889 4684 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:56:27.0936 4684 lltdsvc - ok
09:56:27.0967 4684 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:56:27.0967 4684 lmhosts - ok
09:56:28.0014 4684 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:56:28.0014 4684 LSI_FC - ok
09:56:28.0030 4684 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:56:28.0030 4684 LSI_SAS - ok
09:56:28.0045 4684 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:56:28.0045 4684 LSI_SAS2 - ok
09:56:28.0061 4684 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:56:28.0061 4684 LSI_SCSI - ok
09:56:28.0092 4684 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
09:56:28.0123 4684 luafv - ok
09:56:28.0154 4684 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:56:28.0186 4684 Mcx2Svc - ok
09:56:28.0217 4684 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:56:28.0217 4684 megasas - ok
09:56:28.0248 4684 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:56:28.0248 4684 MegaSR - ok
09:56:28.0279 4684 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
09:56:28.0295 4684 MMCSS - ok
09:56:28.0295 4684 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:56:28.0326 4684 Modem - ok
09:56:28.0357 4684 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:56:28.0373 4684 monitor - ok
09:56:28.0420 4684 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:56:28.0420 4684 mouclass - ok
09:56:28.0451 4684 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:56:28.0466 4684 mouhid - ok
09:56:28.0498 4684 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:56:28.0498 4684 mountmgr - ok
09:56:28.0591 4684 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:56:28.0607 4684 MozillaMaintenance - ok
09:56:28.0654 4684 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:56:28.0654 4684 MpFilter - ok
09:56:28.0685 4684 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:56:28.0685 4684 mpio - ok
09:56:28.0716 4684 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:56:28.0732 4684 mpsdrv - ok
09:56:28.0794 4684 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:56:28.0810 4684 MpsSvc - ok
09:56:28.0841 4684 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:56:28.0872 4684 MRxDAV - ok
09:56:28.0919 4684 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:56:28.0950 4684 mrxsmb - ok
09:56:28.0966 4684 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:56:28.0997 4684 mrxsmb10 - ok
09:56:29.0028 4684 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:56:29.0044 4684 mrxsmb20 - ok
09:56:29.0075 4684 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:56:29.0075 4684 msahci - ok
09:56:29.0106 4684 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:56:29.0106 4684 msdsm - ok
09:56:29.0122 4684 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
09:56:29.0168 4684 MSDTC - ok
09:56:29.0200 4684 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:56:29.0215 4684 Msfs - ok
09:56:29.0231 4684 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:56:29.0246 4684 mshidkmdf - ok
09:56:29.0278 4684 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:56:29.0278 4684 msisadrv - ok
09:56:29.0324 4684 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:56:29.0356 4684 MSiSCSI - ok
09:56:29.0356 4684 msiserver - ok
09:56:29.0402 4684 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:56:29.0418 4684 MSKSSRV - ok
09:56:29.0496 4684 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:56:29.0496 4684 MsMpSvc - ok
09:56:29.0543 4684 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:56:29.0543 4684 MSPCLOCK - ok
09:56:29.0558 4684 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:56:29.0558 4684 MSPQM - ok
09:56:29.0605 4684 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:56:29.0621 4684 MsRPC - ok
09:56:29.0668 4684 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:56:29.0668 4684 mssmbios - ok
09:56:29.0699 4684 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:56:29.0714 4684 MSTEE - ok
09:56:29.0714 4684 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:56:29.0730 4684 MTConfig - ok
09:56:29.0761 4684 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:56:29.0761 4684 Mup - ok
09:56:29.0808 4684 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
09:56:29.0808 4684 napagent - ok
09:56:29.0870 4684 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:56:29.0902 4684 NativeWifiP - ok
09:56:29.0964 4684 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
09:56:29.0980 4684 NDIS - ok
09:56:29.0995 4684 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:56:30.0011 4684 NdisCap - ok
09:56:30.0042 4684 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:56:30.0073 4684 NdisTapi - ok
09:56:30.0104 4684 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:56:30.0120 4684 Ndisuio - ok
09:56:30.0167 4684 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:56:30.0198 4684 NdisWan - ok
09:56:30.0229 4684 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:56:30.0260 4684 NDProxy - ok
09:56:30.0323 4684 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:56:30.0338 4684 NetBIOS - ok
09:56:30.0385 4684 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:56:30.0401 4684 NetBT - ok
09:56:30.0401 4684 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
09:56:30.0416 4684 Netlogon - ok
09:56:30.0448 4684 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
09:56:30.0448 4684 Netman - ok
09:56:30.0479 4684 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
09:56:30.0494 4684 netprofm - ok
09:56:30.0510 4684 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:56:30.0526 4684 NetTcpPortSharing - ok
09:56:30.0557 4684 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:56:30.0557 4684 nfrd960 - ok
09:56:30.0619 4684 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:56:30.0619 4684 NisDrv - ok
09:56:30.0650 4684 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
09:56:30.0650 4684 NisSrv - ok
09:56:30.0713 4684 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:56:30.0713 4684 NlaSvc - ok
09:56:30.0744 4684 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:56:30.0760 4684 Npfs - ok
09:56:30.0791 4684 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:56:30.0822 4684 nsi - ok
09:56:30.0822 4684 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:56:30.0838 4684 nsiproxy - ok
09:56:30.0916 4684 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:56:30.0931 4684 Ntfs - ok
09:56:30.0962 4684 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
09:56:30.0978 4684 Null - ok
09:56:31.0321 4684 [ cc1efea1f0ab17e59bd4b5baff3e5cb0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:56:31.0430 4684 nvlddmkm - ok
09:56:31.0493 4684 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:56:31.0508 4684 nvraid - ok
09:56:31.0540 4684 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:56:31.0540 4684 nvstor - ok
09:56:31.0602 4684 [ 39f933ca2798156b0b7a19d104b73b9a ] nvsvc C:\Windows\system32\nvvsvc.exe
09:56:31.0618 4684 nvsvc - ok
09:56:31.0664 4684 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:56:31.0664 4684 nv_agp - ok
09:56:31.0774 4684 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:56:31.0774 4684 odserv - ok
09:56:31.0820 4684 [ 44a9473d72983dd484b4f1bf0d946571 ] OEM02Dev C:\Windows\system32\DRIVERS\OEM02Dev.sys
09:56:31.0852 4684 OEM02Dev - ok
09:56:31.0867 4684 [ 766f689564bc30e5a91f8621ce65ad68 ] OEM02Vfx C:\Windows\system32\DRIVERS\OEM02Vfx.sys
09:56:31.0883 4684 OEM02Vfx - ok
09:56:31.0914 4684 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:56:31.0945 4684 ohci1394 - ok
09:56:32.0008 4684 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:56:32.0008 4684 ose - ok
09:56:32.0039 4684 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:56:32.0086 4684 p2pimsvc - ok
09:56:32.0117 4684 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:56:32.0164 4684 p2psvc - ok
09:56:32.0195 4684 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:56:32.0210 4684 Parport - ok
09:56:32.0242 4684 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:56:32.0242 4684 partmgr - ok
09:56:32.0288 4684 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:56:32.0288 4684 PcaSvc - ok
09:56:32.0304 4684 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
09:56:32.0304 4684 pci - ok
09:56:32.0351 4684 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
09:56:32.0351 4684 pciide - ok
09:56:32.0382 4684 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:56:32.0382 4684 pcmcia - ok
09:56:32.0398 4684 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:56:32.0398 4684 pcw - ok
09:56:32.0444 4684 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:56:32.0444 4684 PEAUTH - ok
09:56:32.0522 4684 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:56:32.0554 4684 PerfHost - ok
09:56:32.0647 4684 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
09:56:32.0710 4684 pla - ok
09:56:32.0772 4684 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:56:32.0819 4684 PlugPlay - ok
09:56:32.0834 4684 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:56:32.0881 4684 PNRPAutoReg - ok
09:56:32.0897 4684 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:56:32.0912 4684 PNRPsvc - ok
09:56:32.0959 4684 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:56:33.0006 4684 PolicyAgent - ok
09:56:33.0053 4684 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
09:56:33.0084 4684 Power - ok
09:56:33.0131 4684 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:56:33.0162 4684 PptpMiniport - ok
09:56:33.0178 4684 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:56:33.0193 4684 Processor - ok
09:56:33.0240 4684 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:56:33.0287 4684 ProfSvc - ok
09:56:33.0302 4684 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:56:33.0302 4684 ProtectedStorage - ok
09:56:33.0349 4684 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:56:33.0349 4684 Psched - ok
09:56:33.0412 4684 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:56:33.0443 4684 ql2300 - ok
09:56:33.0458 4684 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:56:33.0458 4684 ql40xx - ok
09:56:33.0490 4684 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
09:56:33.0521 4684 QWAVE - ok
09:56:33.0536 4684 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:56:33.0568 4684 QWAVEdrv - ok
09:56:33.0583 4684 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:56:33.0614 4684 RasAcd - ok
09:56:33.0646 4684 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:56:33.0661 4684 RasAgileVpn - ok
09:56:33.0692 4684 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
09:56:33.0739 4684 RasAuto - ok
09:56:33.0770 4684 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:56:33.0786 4684 Rasl2tp - ok
09:56:33.0833 4684 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
09:56:33.0848 4684 RasMan - ok
09:56:33.0880 4684 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:56:33.0895 4684 RasPppoe - ok
09:56:33.0926 4684 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:56:33.0942 4684 RasSstp - ok
09:56:33.0989 4684 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:56:34.0020 4684 rdbss - ok
09:56:34.0051 4684 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:56:34.0067 4684 rdpbus - ok
09:56:34.0082 4684 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:56:34.0082 4684 RDPCDD - ok
09:56:34.0098 4684 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:56:34.0098 4684 RDPENCDD - ok
09:56:34.0114 4684 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:56:34.0114 4684 RDPREFMP - ok
09:56:34.0160 4684 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:56:34.0192 4684 RDPWD - ok
09:56:34.0238 4684 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:56:34.0238 4684 rdyboost - ok
09:56:34.0285 4684 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:56:34.0316 4684 RemoteAccess - ok
09:56:34.0348 4684 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:56:34.0394 4684 RemoteRegistry - ok
09:56:34.0410 4684 [ 9c23519fc1fd331aaaedc145ab947293 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
09:56:34.0441 4684 rimmptsk - ok
09:56:34.0472 4684 [ bb9edc55b0b8cb4fcd713428820e0776 ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
09:56:34.0488 4684 rimsptsk - ok
09:56:34.0535 4684 [ 2a43f9e6dbde12bc0c104785c3b3f5df ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
09:56:34.0550 4684 rismxdp - ok
09:56:34.0597 4684 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:56:34.0628 4684 RpcEptMapper - ok
09:56:34.0660 4684 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
09:56:34.0691 4684 RpcLocator - ok
09:56:34.0722 4684 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
09:56:34.0738 4684 RpcSs - ok
09:56:34.0769 4684 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:56:34.0784 4684 rspndr - ok
09:56:34.0816 4684 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
09:56:34.0816 4684 SamSs - ok
09:56:34.0847 4684 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:56:34.0847 4684 sbp2port - ok
09:56:34.0878 4684 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:56:34.0925 4684 SCardSvr - ok
09:56:34.0972 4684 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:56:34.0987 4684 scfilter - ok
09:56:35.0050 4684 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
09:56:35.0128 4684 Schedule - ok
09:56:35.0174 4684 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
09:56:35.0174 4684 SCPolicySvc - ok
09:56:35.0237 4684 [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
09:56:35.0252 4684 sdbus - ok
09:56:35.0299 4684 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:56:35.0346 4684 SDRSVC - ok
09:56:35.0377 4684 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:56:35.0377 4684 secdrv - ok
09:56:35.0408 4684 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
09:56:35.0408 4684 seclogon - ok
09:56:35.0455 4684 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
09:56:35.0455 4684 SENS - ok
09:56:35.0486 4684 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:56:35.0533 4684 SensrSvc - ok
09:56:35.0549 4684 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:56:35.0564 4684 Serenum - ok
09:56:35.0596 4684 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:56:35.0611 4684 Serial - ok
09:56:35.0627 4684 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:56:35.0642 4684 sermouse - ok
09:56:35.0705 4684 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:56:35.0736 4684 SessionEnv - ok
09:56:35.0767 4684 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
09:56:35.0783 4684 sffdisk - ok
09:56:35.0798 4684 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:56:35.0814 4684 sffp_mmc - ok
09:56:35.0830 4684 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
09:56:35.0845 4684 sffp_sd - ok
09:56:35.0876 4684 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:56:35.0892 4684 sfloppy - ok
09:56:35.0939 4684 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:56:35.0939 4684 SharedAccess - ok
09:56:35.0986 4684 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:56:36.0001 4684 ShellHWDetection - ok
09:56:36.0017 4684 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:56:36.0017 4684 SiSRaid2 - ok
09:56:36.0048 4684 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:56:36.0048 4684 SiSRaid4 - ok
09:56:36.0204 4684 [ 0f97e7a47a52f4a36969f0fc319654c2 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
09:56:36.0282 4684 Skype C2C Service - ok
09:56:36.0313 4684 [ ddaa5f4a6b958fc313ebd02dd925752f ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:56:36.0313 4684 SkypeUpdate - ok
09:56:36.0344 4684 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:56:36.0376 4684 Smb - ok
09:56:36.0422 4684 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:56:36.0422 4684 SNMPTRAP - ok
09:56:36.0454 4684 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:56:36.0454 4684 spldr - ok
09:56:36.0485 4684 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
09:56:36.0532 4684 Spooler - ok
09:56:36.0656 4684 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
09:56:36.0734 4684 sppsvc - ok
09:56:36.0766 4684 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:56:36.0797 4684 sppuinotify - ok
09:56:36.0828 4684 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
09:56:36.0844 4684 srv - ok
09:56:36.0859 4684 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:56:36.0859 4684 srv2 - ok
09:56:36.0890 4684 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:56:36.0890 4684 srvnet - ok
09:56:36.0922 4684 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:56:36.0937 4684 SSDPSRV - ok
09:56:36.0953 4684 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:56:36.0953 4684 SstpSvc - ok
09:56:37.0015 4684 [ 9bf7e58d9113ce15cf4f1e1b18ceff83 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:56:37.0015 4684 Stereo Service - ok
09:56:37.0046 4684 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:56:37.0046 4684 stexstor - ok
09:56:37.0109 4684 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
09:56:37.0124 4684 stisvc - ok
09:56:37.0156 4684 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:56:37.0156 4684 swenum - ok
09:56:37.0202 4684 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
09:56:37.0249 4684 swprv - ok
09:56:37.0327 4684 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
09:56:37.0343 4684 SysMain - ok
09:56:37.0390 4684 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:56:37.0421 4684 TabletInputService - ok
09:56:37.0436 4684 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:56:37.0452 4684 TapiSrv - ok
09:56:37.0483 4684 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
09:56:37.0514 4684 TBS - ok
09:56:37.0608 4684 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:56:37.0639 4684 Tcpip - ok
09:56:37.0686 4684 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:56:37.0702 4684 TCPIP6 - ok
09:56:37.0733 4684 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:56:37.0733 4684 tcpipreg - ok
09:56:37.0780 4684 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:56:37.0795 4684 TDPIPE - ok
09:56:37.0826 4684 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:56:37.0842 4684 TDTCP - ok
09:56:37.0889 4684 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:56:37.0904 4684 tdx - ok
09:56:37.0951 4684 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:56:37.0951 4684 TermDD - ok
09:56:37.0998 4684 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
09:56:38.0045 4684 TermService - ok
09:56:38.0092 4684 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
09:56:38.0123 4684 Themes - ok
09:56:38.0138 4684 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
09:56:38.0138 4684 THREADORDER - ok
09:56:38.0170 4684 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
09:56:38.0170 4684 TrkWks - ok
09:56:38.0248 4684 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:56:38.0248 4684 TrustedInstaller - ok
09:56:38.0294 4684 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:56:38.0310 4684 tssecsrv - ok
09:56:38.0357 4684 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:56:38.0372 4684 TsUsbFlt - ok
09:56:38.0435 4684 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:56:38.0435 4684 tunnel - ok
09:56:38.0466 4684 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:56:38.0466 4684 uagp35 - ok
09:56:38.0513 4684 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:56:38.0544 4684 udfs - ok
09:56:38.0575 4684 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:56:38.0606 4684 UI0Detect - ok
09:56:38.0622 4684 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:56:38.0622 4684 uliagpkx - ok
09:56:38.0669 4684 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:56:38.0684 4684 umbus - ok
09:56:38.0716 4684 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:56:38.0731 4684 UmPass - ok
09:56:38.0762 4684 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
09:56:38.0778 4684 upnphost - ok
09:56:38.0809 4684 [ aa33fc47ed58c34e6e9261e4f850b7eb ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
09:56:38.0840 4684 USBAAPL64 - ok
09:56:38.0872 4684 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:56:38.0887 4684 usbccgp - ok
09:56:38.0934 4684 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:56:38.0965 4684 usbcir - ok
09:56:38.0965 4684 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:56:38.0981 4684 usbehci - ok
09:56:39.0012 4684 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:56:39.0043 4684 usbhub - ok
09:56:39.0074 4684 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:56:39.0090 4684 usbohci - ok
09:56:39.0121 4684 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:56:39.0137 4684 usbprint - ok
09:56:39.0152 4684 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:56:39.0152 4684 USBSTOR - ok
09:56:39.0199 4684 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:56:39.0215 4684 usbuhci - ok
09:56:39.0262 4684 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:56:39.0277 4684 usbvideo - ok
09:56:39.0308 4684 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
09:56:39.0340 4684 UxSms - ok
09:56:39.0371 4684 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
09:56:39.0371 4684 VaultSvc - ok
09:56:39.0386 4684 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:56:39.0386 4684 vdrvroot - ok
09:56:39.0433 4684 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
09:56:39.0464 4684 vds - ok
09:56:39.0511 4684 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:56:39.0527 4684 vga - ok
09:56:39.0542 4684 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
09:56:39.0558 4684 VgaSave - ok
09:56:39.0605 4684 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:56:39.0605 4684 vhdmp - ok
09:56:39.0652 4684 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:56:39.0652 4684 viaide - ok
09:56:39.0667 4684 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:56:39.0667 4684 volmgr - ok
09:56:39.0714 4684 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:56:39.0714 4684 volmgrx - ok
09:56:39.0761 4684 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:56:39.0761 4684 volsnap - ok
09:56:39.0792 4684 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:56:39.0792 4684 vsmraid - ok
09:56:39.0870 4684 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
09:56:39.0932 4684 VSS - ok
09:56:39.0948 4684 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:56:39.0964 4684 vwifibus - ok
09:56:39.0995 4684 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:56:40.0010 4684 vwififlt - ok
09:56:40.0042 4684 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
09:56:40.0088 4684 W32Time - ok
09:56:40.0104 4684 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:56:40.0120 4684 WacomPen - ok
09:56:40.0182 4684 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:56:40.0213 4684 WANARP - ok
09:56:40.0213 4684 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:56:40.0213 4684 Wanarpv6 - ok
09:56:40.0338 4684 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:56:40.0354 4684 WatAdminSvc - ok
09:56:40.0432 4684 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
09:56:40.0541 4684 wbengine - ok
09:56:40.0588 4684 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:56:40.0634 4684 WbioSrvc - ok
09:56:40.0666 4684 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:56:40.0712 4684 wcncsvc - ok
09:56:40.0744 4684 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:56:40.0775 4684 WcsPlugInService - ok
09:56:40.0822 4684 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:56:40.0822 4684 Wd - ok
09:56:40.0868 4684 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:56:40.0868 4684 Wdf01000 - ok
09:56:40.0900 4684 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:56:40.0900 4684 WdiServiceHost - ok
09:56:40.0915 4684 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:56:40.0915 4684 WdiSystemHost - ok
09:56:40.0978 4684 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:56:41.0024 4684 WebClient - ok
09:56:41.0056 4684 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:56:41.0102 4684 Wecsvc - ok
09:56:41.0118 4684 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:56:41.0134 4684 wercplsupport - ok
09:56:41.0165 4684 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:56:41.0196 4684 WerSvc - ok
09:56:41.0243 4684 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:56:41.0258 4684 WfpLwf - ok
09:56:41.0274 4684 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:56:41.0274 4684 WIMMount - ok
09:56:41.0290 4684 WinDefend - ok
09:56:41.0305 4684 WinHttpAutoProxySvc - ok
09:56:41.0368 4684 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:56:41.0383 4684 Winmgmt - ok
09:56:41.0492 4684 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
09:56:41.0602 4684 WinRM - ok
09:56:41.0680 4684 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
09:56:41.0695 4684 WinUsb - ok
09:56:41.0742 4684 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
09:56:41.0758 4684 Wlansvc - ok
09:56:41.0820 4684 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:56:41.0820 4684 WmiAcpi - ok
09:56:41.0867 4684 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:56:41.0929 4684 wmiApSrv - ok
09:56:41.0960 4684 WMPNetworkSvc - ok
09:56:41.0976 4684 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:56:42.0007 4684 WPCSvc - ok
09:56:42.0054 4684 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:56:42.0054 4684 WPDBusEnum - ok
09:56:42.0085 4684 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:56:42.0085 4684 ws2ifsl - ok
09:56:42.0132 4684 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
09:56:42.0132 4684 wscsvc - ok
09:56:42.0194 4684 [ 8d918b1db190a4d9b1753a66fa8c96e8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
09:56:42.0194 4684 WSDPrintDevice - ok
09:56:42.0226 4684 [ 4a2a5c50dd1a63577d3aca94269fbc7f ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
09:56:42.0226 4684 WSDScan - ok
09:56:42.0226 4684 WSearch - ok
09:56:42.0335 4684 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:56:42.0382 4684 wuauserv - ok
09:56:42.0413 4684 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:56:42.0428 4684 WudfPf - ok
09:56:42.0475 4684 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:56:42.0506 4684 WUDFRd - ok
09:56:42.0538 4684 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:56:42.0584 4684 wudfsvc - ok
09:56:42.0616 4684 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
09:56:42.0662 4684 WwanSvc - ok
09:56:42.0709 4684 [ b3eeacf62445e24fbb2cd4b0fb4db026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
09:56:42.0725 4684 yukonw7 - ok
09:56:42.0725 4684 ================ Scan global ===============================
09:56:42.0756 4684 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
09:56:42.0834 4684 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
09:56:42.0881 4684 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
09:56:42.0896 4684 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
09:56:42.0990 4684 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
09:56:43.0021 4684 [Global] - ok
09:56:43.0021 4684 ================ Scan MBR ==================================
09:56:43.0037 4684 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:56:43.0240 4684 \Device\Harddisk0\DR0 - ok
09:56:43.0240 4684 ================ Scan VBR ==================================
09:56:43.0255 4684 Boot (0x1200) (cb62bd0b072fe04df98d9f3b43548fe4) \Device\Harddisk0\DR0\Partition1
09:56:43.0255 4684 \Device\Harddisk0\DR0\Partition1 - ok
09:56:43.0255 4684 ============================================================
09:56:43.0255 4684 Scan finished
09:56:43.0255 4684 ============================================================
09:56:43.0271 4756 Detected object count: 0
09:56:43.0271 4756 Actual detected object count: 0

=============================================================================================================

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-17 10:02:13
-----------------------------
10:02:13.989 OS Version: Windows x64 6.1.7601 Service Pack 1
10:02:13.989 Number of processors: 2 586 0x170A
10:02:13.989 ComputerName: OWNER-PC UserName: Owner
10:02:14.893 Initialize success
10:03:42.923 AVAST engine defs: 12081700
10:03:54.061 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
10:03:54.061 Disk 0 Vendor: TOSHIBA_MK5055GSX FG000D Size: 476940MB BusType: 3
10:03:54.108 Disk 0 MBR read successfully
10:03:54.108 Disk 0 MBR scan
10:03:54.124 Disk 0 Windows 7 default MBR code
10:03:54.124 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 451153 MB offset 63
10:03:54.170 Disk 0 Partition - 00 05 Extended 25786 MB offset 923962410
10:03:54.202 Disk 0 Partition 2 00 BC NTFS 25783 MB offset 923962473
10:03:54.295 Disk 0 scanning C:\Windows\system32\drivers
10:04:11.440 Service scanning
10:04:56.492 Modules scanning
10:04:56.492 Disk 0 trace - called modules:
10:04:56.539 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
10:04:57.054 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004608460]
10:04:57.054 3 CLASSPNP.SYS[fffff880019b043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800417d680]
10:04:57.990 AVAST engine scan C:\Windows
10:05:04.589 AVAST engine scan C:\Windows\system32
10:11:55.511 AVAST engine scan C:\Windows\system32\drivers
10:12:15.698 AVAST engine scan C:\Users\Owner
10:23:54.719 AVAST engine scan C:\ProgramData
10:26:22.530 Scan finished successfully
10:26:45.477 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
10:26:45.602 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

================================================================================================================================

edit: I still have 13 important and 5 optional updates for Windows Update. I am unsure if these are real or fake.

Error code: 800246008

edit 2: BITS is not under my Services. Not sure if hidden or doesn't exist

Edited by coolshyguy, 17 August 2012 - 01:04 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 17 August 2012 - 05:37 PM

Greetings


I will check on windows update in a few min

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 coolshyguy

coolshyguy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cali
  • Local time:10:24 AM

Posted 18 August 2012 - 10:40 PM

ComboFix 12-08-18.03 - Owner 08/18/2012 19:25:40.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2980 [GMT -7:00]
Running from: c:\users\Owner\anti virus\ComboFix.exe
Command switches used :: c:\users\Owner\anti virus\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 02:30 . 2012-08-19 02:30 -------- d-----w- c:\users\Mac\AppData\Local\temp
2012-08-19 02:30 . 2012-08-19 02:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-19 02:03 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B567381C-6865-4D67-80D6-ED2EAB9AD11B}\mpengine.dll
2012-08-17 18:32 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-17 18:32 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-17 18:32 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-17 18:32 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-17 18:32 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-17 18:32 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-17 18:32 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-17 18:32 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-17 18:32 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-17 18:32 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-17 18:32 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-17 18:31 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-17 17:28 . 2012-08-19 02:25 -------- d-----w- c:\users\Owner\anti virus
2012-08-15 22:26 . 2012-08-15 22:27 -------- d-----w- C:\FRST
2012-08-15 21:47 . 2012-08-15 21:47 328704 ----a-w- c:\windows\system32\services.exe.0EA50CC3E1CF85FF
2012-08-15 21:45 . 2012-08-15 21:45 328704 ----a-w- c:\windows\system32\services.exe.347879DA7DFF8422
2012-08-15 21:42 . 2012-08-15 21:42 328704 ----a-w- c:\windows\system32\services.exe.776DDB6D08F46CB8
2012-08-15 20:55 . 2012-08-15 20:55 328704 ----a-w- c:\windows\system32\services.exe.9406239DFB544698
2012-08-15 20:49 . 2012-08-15 20:49 328704 ----a-w- c:\windows\system32\services.exe.29304271E5E6265C
2012-08-15 20:46 . 2012-08-15 20:46 328704 ----a-w- c:\windows\system32\services.exe.56DA0F445CE4E471
2012-08-15 20:43 . 2012-08-15 20:43 328704 ----a-w- c:\windows\system32\services.exe.CF18643D4C16F641
2012-08-15 20:33 . 2012-08-15 20:33 328704 ----a-w- c:\windows\system32\services.exe.59674DD1AE81BE32
2012-08-15 20:30 . 2012-08-15 20:30 328704 ----a-w- c:\windows\system32\services.exe.88682655D7061C8C
2012-08-15 20:01 . 2012-08-15 20:01 328704 ----a-w- c:\windows\system32\services.exe.CC7103C20A02E913
2012-08-15 19:56 . 2012-08-15 19:56 328704 ----a-w- c:\windows\system32\services.exe.D2169202E72B2121
2012-08-15 19:52 . 2012-08-15 19:52 328704 ----a-w- c:\windows\system32\services.exe.5CB431E0A2DA70A3
2012-08-15 19:46 . 2012-08-15 19:46 328704 ----a-w- c:\windows\system32\services.exe.91B57A2DCC6330D0
2012-08-15 19:43 . 2012-08-15 19:43 328704 ----a-w- c:\windows\system32\services.exe.A021504D03AF3C47
2012-08-15 19:32 . 2012-08-15 19:32 328704 ----a-w- c:\windows\system32\services.exe.7173DC0ADBF3E695
2012-08-15 19:27 . 2012-08-15 19:27 328704 ----a-w- c:\windows\system32\services.exe.F256051CC96E2829
2012-08-15 19:25 . 2012-08-15 19:25 328704 ----a-w- c:\windows\system32\services.exe.C0485E2BE6CAEBF5
2012-08-15 19:09 . 2012-08-15 19:09 328704 ----a-w- c:\windows\system32\services.exe.6C5262898B8B9B26
2012-08-15 19:04 . 2012-08-15 19:04 328704 ----a-w- c:\windows\system32\services.exe.9D3181917190C065
2012-08-15 19:01 . 2012-08-15 19:01 328704 ----a-w- c:\windows\system32\services.exe.6F784C05A9B249A7
2012-08-15 18:55 . 2012-08-15 18:55 328704 ----a-w- c:\windows\system32\services.exe.DAD235EDD549DE5B
2012-08-15 18:52 . 2012-08-15 18:52 328704 ----a-w- c:\windows\system32\services.exe.BBAE53AEA2910DE3
2012-08-15 18:43 . 2012-08-15 18:43 328704 ----a-w- c:\windows\system32\services.exe.F8E4B142C18AFE63
2012-08-15 18:38 . 2012-08-15 18:38 328704 ----a-w- c:\windows\system32\services.exe.0533D0FB6BBAF14F
2012-08-15 18:33 . 2012-08-15 18:33 328704 ----a-w- c:\windows\system32\services.exe.668AEA55BEC7CB92
2012-08-11 08:09 . 2012-08-11 08:09 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 18:32 . 2011-09-29 17:40 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-01 18:01 . 2012-05-10 17:23 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-01 18:01 . 2011-09-29 22:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2012-04-14 07:15 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 16:31 . 2012-06-12 16:31 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-12 16:31 . 2012-01-18 08:55 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-09 05:43 . 2012-07-11 04:16 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 04:16 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 04:16 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 04:15 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 04:16 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 04:16 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 04:15 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 18:24 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 18:24 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 18:24 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 18:24 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 18:24 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 18:24 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 18:24 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 18:24 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 18:24 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:50 . 2012-07-11 04:16 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 04:16 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 04:16 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 04:16 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 04:16 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 04:16 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 04:16 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 04:16 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 04:16 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 19:25 . 2011-09-29 03:26 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-16_20.55.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-17 18:32 . 2012-07-04 21:16 57344 c:\windows\SysWOW64\netapi32.dll
+ 2012-08-17 18:34 . 2012-06-29 00:01 73216 c:\windows\SysWOW64\mshtmled.dll
- 2012-07-11 16:25 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-17 18:34 . 2012-06-29 00:06 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-07-11 16:25 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-07-11 16:25 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-08-17 18:34 . 2012-06-29 00:06 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-09-29 05:07 . 2012-08-19 01:59 24602 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-19 01:59 33866 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-29 04:33 . 2012-08-19 01:59 11314 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-688262819-4280344679-15031970-1000_UserData.bin
+ 2012-08-17 18:34 . 2012-06-29 03:40 96768 c:\windows\system32\mshtmled.dll
- 2012-07-11 16:25 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll
- 2012-07-11 16:25 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-08-17 18:34 . 2012-06-29 03:46 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-07-11 16:25 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll
+ 2012-08-17 18:34 . 2012-06-29 03:45 85504 c:\windows\system32\jsproxy.dll
- 2009-07-14 05:30 . 2012-06-14 19:09 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-08-17 18:38 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-09-29 18:36 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys
+ 2009-07-14 04:46 . 2012-08-19 02:05 91616 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-09-29 22:26 . 2012-07-11 16:30 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-09-29 22:26 . 2012-08-17 18:37 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-09-29 22:26 . 2012-07-11 16:30 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-09-29 22:26 . 2012-08-17 18:37 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-09-29 22:26 . 2012-07-11 16:30 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-09-29 22:26 . 2012-08-17 18:37 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2012-08-16 20:54 . 2012-08-16 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-19 02:31 . 2012-08-19 02:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-16 20:54 . 2012-08-16 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-19 02:31 . 2012-08-19 02:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-17 18:34 . 2012-06-29 00:07 231936 c:\windows\SysWOW64\url.dll
- 2012-07-11 16:25 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll
+ 2012-08-17 18:34 . 2012-06-29 00:04 717824 c:\windows\SysWOW64\jscript.dll
- 2012-07-11 16:25 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-08-17 18:34 . 2012-06-29 00:04 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-08-17 18:34 . 2012-06-28 23:57 176640 c:\windows\SysWOW64\ieui.dll
- 2012-07-11 16:25 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-09-29 20:18 . 2012-08-19 03:22 236218 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-08-17 18:34 . 2012-06-29 03:47 237056 c:\windows\system32\url.dll
- 2012-07-11 16:25 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2012-08-17 18:28 624412 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-17 18:28 106756 c:\windows\system32\perfc009.dat
+ 2012-08-17 18:34 . 2012-06-29 03:44 816640 c:\windows\system32\jscript.dll
- 2012-07-11 16:25 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe
+ 2012-08-17 18:34 . 2012-06-29 03:43 173056 c:\windows\system32\ieUnatt.exe
- 2012-07-11 16:25 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll
+ 2012-08-17 18:34 . 2012-06-29 03:35 248320 c:\windows\system32\ieui.dll
- 2009-07-14 04:45 . 2012-07-12 02:50 305856 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-08-17 18:39 305856 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2012-08-17 18:38 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-06-14 19:09 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-12-23 23:09 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-08-17 18:38 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-09-29 18:36 . 2010-11-20 13:24 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe
+ 2012-08-17 18:36 . 2012-07-06 20:07 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys
- 2009-07-14 05:31 . 2011-09-29 19:07 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:31 . 2012-08-17 18:38 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2011-09-29 00:34 . 2012-08-15 19:51 376832 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-29 00:34 . 2012-08-19 03:04 376832 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-08-19 02:30 275836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-18 22:46 . 2012-07-18 22:46 593408 c:\windows\Installer\1be15.msp
+ 2011-09-29 22:26 . 2012-08-17 18:37 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-09-29 22:26 . 2012-07-11 16:30 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-09-29 22:26 . 2012-08-17 18:37 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2011-09-29 22:26 . 2012-07-11 16:30 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-09-29 22:26 . 2012-08-17 18:37 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2011-09-29 22:26 . 2012-07-11 16:30 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2011-09-29 22:26 . 2012-08-17 18:37 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2011-09-29 22:26 . 2012-07-11 16:30 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 686464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JP2KLib.dll
+ 2012-01-03 07:37 . 2012-01-03 07:37 320456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearmhelper.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-23 17:54 . 2011-06-23 17:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSCONV97.DLL
+ 2012-08-17 18:34 . 2012-06-29 00:09 1129472 c:\windows\SysWOW64\wininet.dll
- 2012-07-11 16:25 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-08-17 18:34 . 2012-06-29 00:09 1103872 c:\windows\SysWOW64\urlmon.dll
- 2012-07-11 16:25 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-17 18:34 . 2012-06-29 00:16 1800704 c:\windows\SysWOW64\jscript9.dll
+ 2012-08-17 18:34 . 2012-06-29 00:01 1793024 c:\windows\SysWOW64\iertutil.dll
- 2012-07-11 16:25 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-08-17 18:34 . 2012-06-29 00:27 9737728 c:\windows\SysWOW64\ieframe.dll
- 2012-07-11 16:24 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-08-17 18:34 . 2012-06-29 03:49 1392128 c:\windows\system32\wininet.dll
- 2012-07-11 16:25 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll
+ 2012-08-17 18:34 . 2012-06-29 03:49 1346048 c:\windows\system32\urlmon.dll
- 2012-07-11 16:25 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll
+ 2012-08-17 18:34 . 2012-06-29 03:56 2312704 c:\windows\system32\jscript9.dll
+ 2012-08-17 18:34 . 2012-06-29 03:42 2144768 c:\windows\system32\iertutil.dll
- 2012-07-11 16:25 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll
- 2011-09-29 00:34 . 2012-08-15 19:51 3358720 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-29 00:34 . 2012-08-19 03:04 3358720 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:45 . 2012-08-17 18:42 7150706 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-07-12 02:52 7150706 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-06-27 01:03 . 2012-06-27 01:03 3875840 c:\windows\Installer\1be37.msp
- 2011-09-29 22:26 . 2012-07-11 16:30 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-09-29 22:26 . 2012-08-17 18:37 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 5509512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AGM.dll
+ 2012-08-17 18:34 . 2012-06-29 00:52 12317184 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-08-17 18:38 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-07-12 02:48 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-08-17 18:34 . 2012-06-29 04:55 17809920 c:\windows\system32\mshtml.dll
+ 2012-08-17 18:34 . 2012-06-29 04:09 10925568 c:\windows\system32\ieframe.dll
+ 2009-07-14 04:54 . 2012-08-19 03:04 12124160 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 19:51 12124160 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-29 22:59 . 2012-08-19 02:30 25355080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-688262819-4280344679-15031970-1000-12288.dat
+ 2012-07-25 23:59 . 2012-07-25 23:59 11032064 c:\windows\Installer\1be26.msp
+ 2012-07-18 22:53 . 2012-07-18 22:53 10937344 c:\windows\Installer\1be04.msp
+ 2012-07-28 01:47 . 2012-07-28 01:47 13123584 c:\windows\Installer\1bdf4.msp
+ 2011-08-04 03:53 . 2011-08-04 03:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSO.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Soonr"="c:\program files (x86)\Soonr\Soonr Desktop Client\SoonrClient.exe" [2012-01-23 6410648]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-29 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
AeLookupSvc
AppInfo
AppMgmt
AudioSrv
BITS
browser
CertPropSvc
EapHost
FastUserSwitchingCompatibility
gpsvc
helpsvc
hkmsvc
Ias
IKEEXT
iphlpsvc
Irmon
lanmanserver
LogonHours
MMCSS
msiscsi
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
PCAudit
ProfSvc
Rasauto
Rasman
Remoteaccess
schedule
SCPolicySvc
seclogon
SENS
SessionEnv
Sharedaccess
ShellHWDetection
SRService
Tapisrv
TermService
Themes
uploadmgr
wercplsupport
winmgmt
WmdmPmSp
Wmi
wuauserv
BDESVC
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ol4wge4q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 1
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-18 20:24:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-19 03:24
ComboFix2.txt 2012-08-16 21:08
.
Pre-Run: 384,765,358,080 bytes free
Post-Run: 384,887,369,728 bytes free
.
- - End Of File - - 6E6935541DD25D5FEAD0675CB356EC1C

I haven't encountered any serious issues yet. Perhaps something to clean out the rigstry with might be needed.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 21 August 2012 - 06:33 PM

Hello coolshyguy

sorry for the delay

I am uploading a file and i want you to download it and when asked to allow, restart the computer and check for updates

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo

Attached Files


Edited by gringo_pr, 21 August 2012 - 06:33 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 23 August 2012 - 11:33 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 26 August 2012 - 11:42 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users