Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infections 800000cb.@, 00000001.@ and 80000000.@


  • This topic is locked This topic is locked
18 replies to this topic

#1 Ron234

Ron234

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 17 August 2012 - 03:05 AM

Hi, yesterday my Avira picked up these 3 infections in the windows installer folder, and its unable to remove them, as they keep reemerging.
I ran malwarebytes, tried to remove the virus, with no success.
I restarted, went into the windows folder and manually quarantined each of the files, and currently they're not in the folder, that i can see, but im positive its still hanging around.
Tdsskiller is unable to pick up anything.
I think its also blocking access to certain sites, as i can't access the Avira forum, nor can i get on the windows website.
Also blocked access to downloading dds and Defogger, had to get a friend to send it over.
Here is my DDS log and my attach file.
Thanks, any help appreciated.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.4.1
Run by Ronny at 17:07:53 on 2012-08-17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.2047.991 [GMT 10:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\AstSrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Edimax\Common\RaRegistry.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UAService7.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Steam\Steam.exe
C:\Users\Ronny\AppData\Local\Akamai\netsession_win.exe
C:\Users\Ronny\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
C:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.searchqu.com/402
uSearch Bar =
uInternet Settings,ProxyServer = 127.0.0.1:9666
uInternet Settings,ProxyOverride = 127.0.0.1;127.0.0.1:9421;<local>????????????????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>???l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
uURLSearchHooks: H - No File
uURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
uURLSearchHooks: H - No File
mURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wia6eb~1\toolbar\SearchquDx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wia6eb~1\toolbar\SearchquDx.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [GateWay] c:\program files\gravity\gateway\GateWayMain.exe
uRun: [Google Update] "c:\users\ronny\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Akamai NetSession Interface] "c:\users\ronny\appdata\local\akamai\netsession_win.exe"
uRun: [Video Library] c:\windows\system32\rundll32.exe
uRun: [Bibyvi] c:\users\ronny\appdata\roaming\soriyh\hiquh.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNjQyMzUxNzM2LVRCOSsyLUZMKzktWE8zNisxLUY5TTEwQSsyLUY5TTIrMS1GTDEwKzEtTElDKzEtRERUKzU1MjgxLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMQ"&"prod=90"&"ver=10.0.1392
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\ronny\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
TCP: Interfaces\{D5CA50BE-5BE6-46AA-8815-E239686688D6} : DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ronny\appdata\roaming\mozilla\firefox\profiles\idw69s9k.default-1344849576993\
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\ronny\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\ronny\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-20 172032]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-7 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-7 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-7 66616]
R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2012-1-1 2304]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\edimax\common\RaRegistry.exe [2010-12-6 185632]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2010-12-6 746496]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-15 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\atari\dragon age\bin_ship\daupdatersvc.service.exe [2010-9-19 25832]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-16 40776]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-6-10 20080]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\drivers\wg111v3.sys [2010-8-23 376832]
S3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [2010-3-29 122752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-1 1343400]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\realtemp_340\WinRing0.sys [2010-8-23 14416]
.
=============== Created Last 30 ================
.
2012-08-17 06:34:33 -------- d-----w- c:\users\ronny\appdata\local\{BC6DA0C3-3C34-4544-AF67-C5625509D5C1}
2012-08-17 06:34:11 -------- d-----w- c:\users\ronny\appdata\local\{420E7F6A-80B4-4C36-B388-687497BF70B8}
2012-08-16 09:18:43 -------- d-----w- c:\users\ronny\appdata\roaming\Curiolab
2012-08-16 08:11:24 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-16 07:30:23 -------- d-----w- c:\users\ronny\appdata\local\{2215E297-1F82-4B68-87AE-1E0FA3A81EF3}
2012-08-16 07:30:00 -------- d-----w- c:\users\ronny\appdata\local\{E8548034-CAD0-4107-90CB-00BB0D9F0EC2}
2012-08-15 06:45:29 -------- d-----w- c:\users\ronny\appdata\local\{18F700E5-7C31-4D89-9C58-6A817043C7C1}
2012-08-15 06:45:06 -------- d-----w- c:\users\ronny\appdata\local\{046BB02E-DFD0-4A97-AC49-42515D6F988D}
2012-08-14 09:14:32 -------- d-----w- c:\users\ronny\appdata\local\{4E6B8905-B56D-4501-8A28-0C700B153D77}
2012-08-14 09:14:07 -------- d-----w- c:\users\ronny\appdata\local\{C31F0471-5B44-42DC-B318-AB7952482CFB}
2012-08-13 07:17:26 -------- d-----w- c:\users\ronny\appdata\local\{B6663FB6-0847-40CE-B8DC-DD547651AA00}
2012-08-13 07:17:10 -------- d-----w- c:\users\ronny\appdata\local\{4B3560FC-76B2-4C72-8D8B-9F0D9E7BCB2A}
2012-08-12 01:35:19 -------- d-----w- c:\users\ronny\appdata\local\{72011C83-81D7-4F06-91AF-E41C076924D4}
2012-08-12 01:34:54 -------- d-----w- c:\users\ronny\appdata\local\{951CB43F-A743-46E3-A82C-DDB772978C64}
2012-08-11 03:46:52 -------- d-----w- c:\windows\system32\EventProviders
2012-08-11 03:24:58 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-08-11 03:24:42 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-11 03:24:41 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-11 03:24:41 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-11 03:24:41 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-11 03:24:33 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{42ba1846-2290-4ff3-b3dd-e62415d77f3a}\mpengine.dll
2012-08-11 03:19:30 -------- d-----w- c:\program files\Ronimo Games
2012-08-11 02:51:57 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-08-11 02:24:04 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-11 02:24:04 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-08-11 02:24:03 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-11 01:48:57 -------- d-----w- c:\users\ronny\appdata\local\{F3595D36-68E6-4497-82CF-6E0E77839227}
2012-08-11 01:48:42 -------- d-----w- c:\users\ronny\appdata\local\{E88D866D-8260-4467-8696-7E166D53E069}
2012-08-10 06:42:30 -------- d-----w- c:\users\ronny\appdata\local\{A38A8011-9369-4AEF-890D-E1DD4772047C}
2012-08-10 06:42:08 -------- d-----w- c:\users\ronny\appdata\local\{D14B7584-8314-4EDF-A4C0-FA765D15ECB2}
2012-08-09 07:06:38 -------- d-----w- c:\users\ronny\appdata\local\{CB44CE79-2AD9-4F3A-BFE7-DD8848F99789}
2012-08-09 07:06:26 -------- d-----w- c:\users\ronny\appdata\local\{B2315A59-5100-4A2C-B649-653A7513DC00}
2012-08-08 11:23:14 -------- d-----w- c:\users\ronny\appdata\roaming\Soriyh
2012-08-08 11:23:14 -------- d-----w- c:\users\ronny\appdata\roaming\Ifire
2012-08-08 11:23:14 -------- d-----w- c:\users\ronny\appdata\roaming\Buuqyw
2012-08-08 06:39:49 -------- d-----w- c:\users\ronny\appdata\local\{73ABF2F0-356D-4DEE-A87A-E5B95A3E8048}
2012-08-08 06:39:36 -------- d-----w- c:\users\ronny\appdata\local\{1DFD6A1C-B903-440B-945C-47DFACB95A52}
2012-08-07 09:32:22 -------- d-----w- c:\users\ronny\appdata\local\{BFF818C7-2DB5-4F9B-8521-D2FFC9FB1625}
2012-08-07 09:32:09 -------- d-----w- c:\users\ronny\appdata\local\{56D28CEC-A85C-4D03-B7EA-240EB13F0E90}
2012-08-06 06:42:35 -------- d-----w- c:\users\ronny\appdata\local\{C2248A0C-F70F-4ACD-95BB-FC003BF3487C}
2012-08-06 06:42:08 -------- d-----w- c:\users\ronny\appdata\local\{8464D911-ADDE-4648-A4AE-B9A4E4B466CC}
2012-08-05 01:29:34 -------- d-----w- c:\users\ronny\appdata\local\{5F06D0A8-5B3A-4C16-90AB-36D5F3D64E7C}
2012-08-05 01:29:12 -------- d-----w- c:\users\ronny\appdata\local\{BFF7A992-84CB-4609-AB23-86D8D81BC332}
2012-08-04 04:39:43 -------- d-----w- c:\users\ronny\appdata\local\{A1C10DCE-BC1E-4473-AA43-C3611856E5C6}
2012-08-04 04:39:16 -------- d-----w- c:\users\ronny\appdata\local\{6CB411BB-EA65-4D0B-A20A-413DBB7C4737}
2012-08-03 12:31:04 -------- d-----w- c:\users\ronny\appdata\local\{C48374B4-5C8A-432F-A550-FEC6F4ED6CA9}
2012-08-03 12:30:41 -------- d-----w- c:\users\ronny\appdata\local\{1FEC3646-73A7-4B08-8262-AA3EF0D9FA34}
2012-08-02 06:54:34 -------- d-----w- c:\users\ronny\appdata\local\{FBF24B57-6379-4F67-B04D-F7F154B8A8EC}
2012-08-02 06:54:18 -------- d-----w- c:\users\ronny\appdata\local\{EFBBADCE-6263-4004-B80B-DF893ED11263}
2012-08-01 12:38:45 -------- d-----w- c:\users\ronny\appdata\local\FLT
2012-08-01 12:30:54 -------- d-----w- c:\program files\Orcs Must Die 2
2012-08-01 08:13:46 -------- d-----w- c:\users\ronny\appdata\local\{9797F2E0-DAF8-4080-B0A8-736659BB4E73}
2012-08-01 08:13:35 -------- d-----w- c:\users\ronny\appdata\local\{32D6466D-19EC-4F10-B9B7-BA75B3BC7744}
2012-07-31 09:08:50 -------- d-----w- c:\users\ronny\appdata\local\{FFDB1601-04E0-4BBA-B072-36CC74E39174}
2012-07-31 09:08:24 -------- d-----w- c:\users\ronny\appdata\local\{5431CD95-64C7-4C4F-8730-FC1062613551}
2012-07-30 06:26:49 -------- d-----w- c:\users\ronny\appdata\local\{A48FB5C3-8549-44FC-8A16-1D5B140B5BE7}
2012-07-30 06:26:36 -------- d-----w- c:\users\ronny\appdata\local\{A8936452-A791-468C-9B66-4DF35CF49182}
2012-07-29 01:56:22 -------- d-----w- c:\users\ronny\appdata\local\{4ADCE771-DF97-4CDB-A935-2ECD5C88F9CA}
2012-07-29 01:56:05 -------- d-----w- c:\users\ronny\appdata\local\{7E3D68DE-F02B-43F9-BE79-965526A24DE2}
2012-07-28 12:58:56 -------- d-----w- c:\users\ronny\appdata\local\{D2284BA1-B445-42C3-8BAA-2C18335D169A}
2012-07-28 12:58:34 -------- d-----w- c:\users\ronny\appdata\local\{F0BED8D5-9E4E-4547-9140-DB6392723DFC}
2012-07-28 01:29:20 -------- d-----w- c:\users\ronny\appdata\roaming\FALCOM
2012-07-28 01:29:19 -------- d-----w- C:\FALCOM
2012-07-28 00:58:07 -------- d-----w- c:\users\ronny\appdata\local\{435DB0B9-3B8E-489B-B1FB-B18562867458}
2012-07-28 00:57:55 -------- d-----w- c:\users\ronny\appdata\local\{223679B1-2D6B-404B-A941-02B2D13B5EE0}
2012-07-27 06:04:52 -------- d-----w- c:\users\ronny\appdata\local\{F9416858-CC6F-4252-A636-C2F7E9B53ADB}
2012-07-27 06:04:32 -------- d-----w- c:\users\ronny\appdata\local\{8CB2FC05-7D5E-499B-8706-79D3D02A3900}
2012-07-26 08:14:26 -------- d-----w- c:\users\ronny\appdata\local\{01F59957-2DEC-43E9-AC3C-4B29F3CE4504}
2012-07-26 08:14:15 -------- d-----w- c:\users\ronny\appdata\local\{8D79008B-EC9F-44C1-9669-03A76A0E6A75}
2012-07-25 01:29:11 -------- d-----w- c:\users\ronny\appdata\local\{B2C3AC9C-0A85-49DF-A485-3DD72D3B0A9E}
2012-07-25 01:28:48 -------- d-----w- c:\users\ronny\appdata\local\{70BE3FED-7FA1-4782-A927-D5BBC28BF9DC}
2012-07-24 11:47:47 -------- d-----w- c:\users\ronny\appdata\roaming\Braid
2012-07-24 09:12:11 -------- d-----w- c:\users\ronny\appdata\local\{904916ED-FC3D-437C-8F25-59B54ADE1D18}
2012-07-24 09:11:58 -------- d-----w- c:\users\ronny\appdata\local\{34830762-5312-4BA9-A511-F92F084FBCB2}
2012-07-23 12:02:31 -------- d-sh--w- c:\users\ronny\wc
2012-07-23 12:02:23 -------- d-----w- c:\users\ronny\appdata\local\Universe Sandbox
2012-07-23 12:02:22 -------- d-sh--w- c:\users\ronny\appdata\roaming\wyUpdate AU
2012-07-23 07:56:23 -------- d-----w- c:\users\ronny\appdata\local\{E9430F52-9547-4C13-82FA-EEC9EDB94BAA}
2012-07-23 07:56:08 -------- d-----w- c:\users\ronny\appdata\local\{86E0650B-6104-4DF2-BB0B-46F6A9312C07}
2012-07-22 01:36:09 -------- d-----w- c:\users\ronny\appdata\local\{AF038120-D7D1-4F7F-8C49-89D17DF9B77D}
2012-07-22 01:35:54 -------- d-----w- c:\users\ronny\appdata\local\{00210F72-BCED-494C-B334-AAF5F4937E25}
2012-07-21 13:35:27 -------- d-----w- c:\users\ronny\appdata\local\{09B6CCCD-11A7-4C62-941E-70B8F2CBB1BD}
2012-07-21 13:35:05 -------- d-----w- c:\users\ronny\appdata\local\{4F744ED4-681F-437A-9597-ECA1EC97130A}
2012-07-21 01:34:50 -------- d-----w- c:\users\ronny\appdata\local\{83EF03E5-DCBE-439E-A42F-6EB17F030F8E}
2012-07-21 01:34:38 -------- d-----w- c:\users\ronny\appdata\local\{C64DA76D-4C71-4289-A6B3-A811EA1A140B}
2012-07-20 06:36:26 -------- d-----w- c:\users\ronny\appdata\local\{B6F25A5E-EE40-4B62-B09C-D22C0C56A103}
2012-07-20 06:36:07 -------- d-----w- c:\users\ronny\appdata\local\{D4273690-C6AB-476A-9A73-F240B5BD47A7}
2012-07-19 07:48:18 -------- d-----w- c:\users\ronny\appdata\local\{A15B7B08-2CD7-42FF-8F67-DDBB700CBD02}
2012-07-19 07:48:07 -------- d-----w- c:\users\ronny\appdata\local\{6D499055-0AC7-447F-8202-9534595BE6A3}
2012-07-18 08:01:27 -------- d-----w- c:\users\ronny\appdata\local\{67B88CFC-AE85-470F-910B-8A059E7E3D26}
2012-07-18 08:01:02 -------- d-----w- c:\users\ronny\appdata\local\{62378045-4041-49A6-A14E-9740A4FEB3C1}
.
==================== Find3M ====================
.
2012-08-16 08:02:56 259072 ----a-w- c:\windows\system32\services.exe
2012-08-15 11:54:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 11:54:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 13:59:10 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-03 13:58:54 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-07-03 03:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-06 05:09:46 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:51:16 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51:16 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50:00 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48:35 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 02:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-19 09:30:10 22328 ----a-w- c:\users\ronny\appdata\roaming\PnkBstrK.sys
.
============= FINISH: 17:09:58.38 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:19 AM

Posted 19 August 2012 - 01:58 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Ron234

Ron234
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 19 August 2012 - 02:20 AM

Hi.
Ive turned off Avira antivirus by disabling it through the system tray.
However, combofix still says that antivirus: Antivir Desktop, and antispyware: Antivir Desktop are running, despite me deactivating Avira.
Should i run regardless?

Also here is my security check.
Results of screen317's Security Check version 0.99.46
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AntiVir Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.0
Java™ 6 Update 21
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 9.0.597.94
Google Chrome 9.0.597.98
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````


THanks again

Edited by Ron234, 19 August 2012 - 03:13 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:19 AM

Posted 19 August 2012 - 03:46 AM

yes go ahead and run it



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Ron234

Ron234
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 19 August 2012 - 05:04 AM

Hi Gringo, i've just finished running combofix. Here's my log. I've found that now, i can access the avira forums, and it seems i can go on the windows website as well. Everything's looking good so far.




ComboFix 12-08-18.03 - Ronny 19/08/2012 19:30:19.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.2047.1323 [GMT 10:00]
Running from: c:\users\Ronny\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\programdata\Windows
c:\programdata\windows\dumd.dat
c:\programdata\Windows\xdor.dat
c:\users\Ronny\AppData\Local\{fca15b8a-1500-3586-6611-755e00d63b19}
c:\users\Ronny\AppData\Local\{fca15b8a-1500-3586-6611-755e00d63b19}\@
c:\users\Ronny\AppData\Local\{fca15b8a-1500-3586-6611-755e00d63b19}\n
c:\users\Ronny\AppData\Local\assembly\tmp
c:\users\Ronny\AppData\Roaming\a3193041.dat
c:\users\Ronny\AppData\Roaming\Adobe\plugs
c:\users\Ronny\AppData\Roaming\Adobe\shed
c:\users\Ronny\AppData\Roaming\Love
c:\users\Ronny\AppData\Roaming\Love\mari0\options.txt
c:\users\Ronny\AppData\Roaming\Love\not_tetris_2\highscoresA.txt
c:\users\Ronny\AppData\Roaming\Love\not_tetris_2\highscoresB.txt
c:\users\Ronny\AppData\Roaming\Love\not_tetris_2\options.txt
c:\users\Ronny\AppData\Roaming\OfferBox
c:\users\Ronny\AppData\Roaming\OfferBox\config.xml
c:\users\Ronny\AppData\Roaming\Soriyh
c:\users\Ronny\AppData\Roaming\Soriyh\hiquh.exe
c:\windows\$NtUninstallKB63610$
c:\windows\$NtUninstallKB63610$\2389281260\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB63610$\2389281260\L\xadqgnnk
c:\windows\$NtUninstallKB63610$\2389281260\loader.tlb
c:\windows\$NtUninstallKB63610$\2389281260\U\@00000001
c:\windows\$NtUninstallKB63610$\2389281260\U\@000000c0
c:\windows\$NtUninstallKB63610$\2389281260\U\@000000cb
c:\windows\$NtUninstallKB63610$\2389281260\U\@000000cf
c:\windows\$NtUninstallKB63610$\2389281260\U\@80000000
c:\windows\$NtUninstallKB63610$\2389281260\U\@800000c0
c:\windows\$NtUninstallKB63610$\2389281260\U\@800000cb
c:\windows\$NtUninstallKB63610$\2389281260\U\@800000cf
c:\windows\$NtUninstallKB63610$\2831004551
c:\windows\7Loader.TAG
c:\windows\Installer\{fca15b8a-1500-3586-6611-755e00d63b19}
c:\windows\Installer\{fca15b8a-1500-3586-6611-755e00d63b19}\@
c:\windows\system32\
c:\windows\system32\tmp5BFF.tmp
c:\windows\system32\tmp5C3F.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 09:47 . 2012-08-19 09:47 -------- d-----w- c:\programdata\Ralink
2012-08-19 09:45 . 2012-08-19 09:47 -------- d-----w- c:\users\Ronny\AppData\Local\temp
2012-08-19 09:45 . 2012-08-19 09:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-18 08:46 . 2012-08-18 08:46 -------- d-----w- c:\program files\D3DOverrider
2012-08-18 07:35 . 2012-08-18 07:43 -------- d-----w- c:\users\Ronny\AppData\Local\Darksiders2
2012-08-16 09:18 . 2012-08-16 09:18 -------- d-----w- c:\users\Ronny\AppData\Roaming\Curiolab
2012-08-14 09:31 . 2012-08-18 11:05 -------- d-----w- c:\program files\Darksiders 2
2012-08-11 03:46 . 2012-08-11 03:46 -------- d-----w- c:\windows\system32\EventProviders
2012-08-11 03:24 . 2012-06-12 02:44 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-08-11 03:24 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-11 03:24 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-11 03:24 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-11 03:24 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-11 03:24 . 2012-07-15 16:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42BA1846-2290-4FF3-B3DD-E62415D77F3A}\mpengine.dll
2012-08-11 03:19 . 2012-08-11 03:19 -------- d-----w- c:\program files\Ronimo Games
2012-08-11 02:51 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-08-11 02:24 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-11 02:24 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-08-11 02:24 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-08 11:23 . 2012-08-18 08:34 -------- d-----w- c:\users\Ronny\AppData\Roaming\Buuqyw
2012-08-08 11:23 . 2012-08-08 11:23 -------- d-----w- c:\users\Ronny\AppData\Roaming\Ifire
2012-08-01 12:38 . 2012-08-01 12:38 -------- d-----w- c:\users\Ronny\AppData\Local\FLT
2012-08-01 12:30 . 2012-08-01 12:34 -------- d-----w- c:\program files\Orcs Must Die 2
2012-07-28 01:29 . 2012-07-28 01:29 -------- d-----w- c:\users\Ronny\AppData\Roaming\FALCOM
2012-07-28 01:29 . 2012-07-30 10:38 -------- d-----w- C:\FALCOM
2012-07-24 11:47 . 2012-07-24 11:59 -------- d-----w- c:\users\Ronny\AppData\Roaming\Braid
2012-07-23 12:02 . 2012-07-26 12:33 -------- d-sh--w- c:\users\Ronny\wc
2012-07-23 12:02 . 2012-07-23 12:02 -------- d-----w- c:\users\Ronny\AppData\Local\Universe Sandbox
2012-07-23 12:02 . 2012-07-23 12:02 -------- d-sh--w- c:\users\Ronny\AppData\Roaming\wyUpdate AU
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 08:02 . 2009-07-13 23:11 259072 ----a-w- c:\windows\system32\services.exe
2012-08-15 11:54 . 2012-05-15 09:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 11:54 . 2011-05-27 23:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 13:59 . 2012-07-03 13:59 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-03 13:58 . 2012-05-19 09:29 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-07-03 03:46 . 2010-08-23 05:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 06:50 . 2011-03-28 08:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-21 06:54 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:54 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:53 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:53 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 06:54 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 06:54 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 06:53 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19 . 2012-06-21 06:53 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:12 . 2012-06-21 06:53 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 02:25 . 2011-04-24 07:56 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-22 01:34 . 2011-09-29 05:55 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 01:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2012-08-04 1353080]
"Akamai NetSession Interface"="c:\users\Ronny\AppData\Local\Akamai\netsession_win.exe" [2012-05-25 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-19 98304]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-07 2221352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ&inst=NzctNjQyMzUxNzM2LVRCOSsyLUZMKzktWE8zNisxLUY5TTEwQSsyLUY5TTIrMS1GTDEwKzEtTElDKzEtRERUKzU1MjgxLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMQ&prod=90&ver=10.0.1392" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2469888]
Wireless Utility.lnk - c:\program files\Edimax\Common\RaUI.exe [2010-12-6 1572864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Atari\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [x]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
R3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\RealTemp_340\WinRing0.sys [x]
R3 XDva285;XDva285;c:\windows\system32\XDva285.sys [x]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [x]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 11:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/402
uInternet Settings,ProxyServer = 127.0.0.1:9666
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
FF - ProfilePath - c:\users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\idw69s9k.default-1344849576993\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\PageRage\prxtbPage.dll
URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
BHO-{9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\PageRage\prxtbPage.dll
Toolbar-{9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\PageRage\prxtbPage.dll
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - c:\program files\PageRage\prxtbPage.dll
HKCU-Run-GateWay - c:\program files\Gravity\Gateway\GateWayMain.exe
HKCU-Run-Video Library - (no file)
HKCU-Run-Bibyvi - c:\users\Ronny\AppData\Roaming\Soriyh\hiquh.exe
SafeBoot-17245864.sys
SafeBoot-96109467.sys
MSConfigStartUp-Exent_SDM - c:\users\Ronny\AppData\Local\Temp\SDM143\Free Ride Games.exe
AddRemove-Game Console - WildGames - c:\program files\WildGames\Game Console - WildGames\Uninstall.exe
AddRemove-Warcraft III Reign of Chaos & The Frozen Throne - c:\program files\Warcraft III Reign of Chaos & The Frozen Throne\uninstall.exe
AddRemove-WT050976 - c:\program files\WildGames\FATE Undiscovered Realms\Uninstall.exe
AddRemove-YSO_WIN - c:\falcom\FSETUP2.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\˝*l%a*u*]
"Successes"=dword:80000000
"Failures"=dword:80000007
"{D5CA50BE-5BE6-46AA-8815-E239686688D6}"=hex:00,18,f8,f5,5d,21
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\AstSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Edimax\Common\RaRegistry.exe
c:\windows\system32\UAService7.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2012-08-19 19:53:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-19 09:53
.
Pre-Run: 254,531,923,968 bytes free
Post-Run: 255,526,109,184 bytes free
.
- - End Of File - - B817C802BB1714B013A4F18696D1CF18

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:19 AM

Posted 19 August 2012 - 05:50 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Ron234

Ron234
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 19 August 2012 - 06:24 AM

Salutations
Here's my TDSS log


20:51:35.0529 5472 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
20:51:37.0206 5472 ============================================================
20:51:37.0206 5472 Current date / time: 2012/08/19 20:51:37.0206
20:51:37.0206 5472 SystemInfo:
20:51:37.0206 5472
20:51:37.0206 5472 OS Version: 6.1.7600 ServicePack: 0.0
20:51:37.0206 5472 Product type: Workstation
20:51:37.0206 5472 ComputerName: RONNY-PC
20:51:37.0207 5472 UserName: Ronny
20:51:37.0207 5472 Windows directory: C:\Windows
20:51:37.0207 5472 System windows directory: C:\Windows
20:51:37.0207 5472 Processor architecture: Intel x86
20:51:37.0207 5472 Number of processors: 2
20:51:37.0207 5472 Page size: 0x1000
20:51:37.0207 5472 Boot type: Normal boot
20:51:37.0207 5472 ============================================================
20:51:38.0489 5472 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:51:38.0509 5472 ============================================================
20:51:38.0509 5472 \Device\Harddisk0\DR0:
20:51:38.0510 5472 MBR partitions:
20:51:38.0510 5472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
20:51:38.0510 5472 ============================================================
20:51:38.0542 5472 C: <-> \Device\Harddisk0\DR0\Partition1
20:51:38.0542 5472 ============================================================
20:51:38.0542 5472 Initialize success
20:51:38.0542 5472 ============================================================
20:51:46.0332 4352 ============================================================
20:51:46.0332 4352 Scan started
20:51:46.0332 4352 Mode: Manual;
20:51:46.0332 4352 ============================================================
20:51:47.0131 4352 ================ Scan services =============================
20:51:47.0293 4352 [ 6d2aca41739bfe8cb86ee8e85f29697d ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:51:47.0321 4352 1394ohci - ok
20:51:47.0351 4352 [ f0e07d144c8685b8774bc32fc8da4df0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
20:51:47.0355 4352 ACPI - ok
20:51:47.0380 4352 [ 98d81ca942d19f7d9153b095162ac013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
20:51:47.0401 4352 AcpiPmi - ok
20:51:47.0470 4352 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:51:47.0472 4352 AdobeFlashPlayerUpdateSvc - ok
20:51:47.0502 4352 [ 21e785ebd7dc90a06391141aac7892fb ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:51:47.0527 4352 adp94xx - ok
20:51:47.0553 4352 [ 0c676bc278d5b59ff5abd57bbe9123f2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:51:47.0595 4352 adpahci - ok
20:51:47.0618 4352 [ 7c7b5ee4b7b822ec85321fe23a27db33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:51:47.0644 4352 adpu320 - ok
20:51:47.0672 4352 [ 8b5eefeec1e6d1a72a06c526628ad161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:51:47.0674 4352 AeLookupSvc - ok
20:51:47.0726 4352 [ 0db7a48388d54d154ebec120461a0fcd ] AFD C:\Windows\system32\drivers\afd.sys
20:51:47.0765 4352 AFD - ok
20:51:47.0784 4352 [ 507812c3054c21cef746b6ee3d04dd6e ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
20:51:47.0785 4352 agp440 - ok
20:51:47.0800 4352 [ 8b30250d573a8f6b4bd23195160d8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:51:47.0808 4352 aic78xx - ok
20:51:47.0992 4352 [ 29584f02a43e427c4227e3b1d9ff1b22 ] Akamai c:\program files\common files\akamai/netsession_win_4f7fccd.dll
20:51:47.0992 4352 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
20:51:48.0002 4352 Akamai ( HiddenFile.Multi.Generic ) - warning
20:51:48.0002 4352 Akamai - detected HiddenFile.Multi.Generic (1)
20:51:48.0033 4352 [ 18a54e132947cd98fea9accc57f98f13 ] ALG C:\Windows\System32\alg.exe
20:51:48.0041 4352 ALG - ok
20:51:48.0070 4352 [ 0d40bcf52ea90fc7df2aeab6503dea44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
20:51:48.0093 4352 aliide - ok
20:51:48.0139 4352 [ 66b11ef9fc95b42ba65d38687c0988d7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:51:48.0142 4352 AMD External Events Utility - ok
20:51:48.0153 4352 [ 3c6600a0696e90a463771c7422e23ab5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
20:51:48.0160 4352 amdagp - ok
20:51:48.0171 4352 [ cd5914170297126b6266860198d1d4f0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
20:51:48.0193 4352 amdide - ok
20:51:48.0227 4352 [ 00dda200d71bac534bf56a9db5dfd666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:51:48.0254 4352 AmdK8 - ok
20:51:48.0277 4352 [ 3cbf30f5370fda40dd3e87df38ea53b6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:51:48.0302 4352 AmdPPM - ok
20:51:48.0335 4352 [ 19ce906b4cdc11fc4fef5745f33a63b6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:51:48.0357 4352 amdsata - ok
20:51:48.0383 4352 [ ea43af0c423ff267355f74e7a53bdaba ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:51:48.0407 4352 amdsbs - ok
20:51:48.0425 4352 [ 869e67d66be326a5a9159fba8746fa70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:51:48.0448 4352 amdxata - ok
20:51:48.0532 4352 [ b4837fe56d76b2e9ea90e5365cf6a2be ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:51:48.0535 4352 AntiVirSchedulerService - ok
20:51:48.0561 4352 [ df5a3016052755c910a206058b4a1729 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:51:48.0565 4352 AntiVirService - ok
20:51:48.0586 4352 [ feb834c02ce1e84b6a38f953ca067706 ] AppID C:\Windows\system32\drivers\appid.sys
20:51:48.0611 4352 AppID - ok
20:51:48.0649 4352 [ 62a9c86cb6085e20db4823e4e97826f5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:51:48.0670 4352 AppIDSvc - ok
20:51:48.0697 4352 [ 7dead9e3f65dcb2794f2711003bbf650 ] Appinfo C:\Windows\System32\appinfo.dll
20:51:48.0698 4352 Appinfo - ok
20:51:48.0732 4352 [ a45d184df6a8803da13a0b329517a64a ] AppMgmt C:\Windows\System32\appmgmts.dll
20:51:48.0734 4352 AppMgmt - ok
20:51:48.0762 4352 [ 2932004f49677bd84dbc72edb754ffb3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:51:48.0784 4352 arc - ok
20:51:48.0809 4352 [ 5d6f36c46fd283ae1b57bd2e9feb0bc7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:51:48.0830 4352 arcsas - ok
20:51:48.0905 4352 [ 39cdcb109bf200cc8a05b9c7e6272d11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:51:48.0929 4352 aspnet_state - ok
20:51:48.0970 4352 [ e61b38684a1c1c65612dcbabd29d0376 ] astcc C:\Windows\system32\AstSrv.exe
20:51:48.0974 4352 astcc - ok
20:51:48.0990 4352 [ add2ade1c2b285ab8378d2daaf991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:51:48.0990 4352 AsyncMac - ok
20:51:49.0012 4352 [ 338c86357871c167a96ab976519bf59e ] atapi C:\Windows\system32\DRIVERS\atapi.sys
20:51:49.0013 4352 atapi - ok
20:51:49.0061 4352 [ 40a07e6916ac098e31a9e39ac202b8a1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
20:51:49.0090 4352 AtiHdmiService - ok
20:51:49.0193 4352 [ 4ea924fcf60ac2ac06eef6f074bc1fd5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:51:49.0311 4352 atikmdag - ok
20:51:49.0353 4352 [ 6e996cf8459a2594e0e9609d0e34d41f ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
20:51:49.0383 4352 atksgt - ok
20:51:49.0431 4352 [ 510c873bfa135aa829f4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:51:49.0436 4352 AudioEndpointBuilder - ok
20:51:49.0445 4352 [ 510c873bfa135aa829f4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:51:49.0449 4352 Audiosrv - ok
20:51:49.0473 4352 [ 1e4114685de1ffa9675e09c6a1fb3f4b ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:51:49.0493 4352 avgntflt - ok
20:51:49.0534 4352 [ 0f78d3dae6dedd99ae54c9491c62adf2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:51:49.0557 4352 avipbb - ok
20:51:49.0582 4352 [ dd6a431b43e34b91a767d1ce33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:51:49.0591 4352 AxInstSV - ok
20:51:49.0621 4352 [ 1a231abec60fd316ec54c66715543cec ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:51:49.0647 4352 b06bdrv - ok
20:51:49.0674 4352 [ bd8869eb9cde6bbe4508d869929869ee ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:51:49.0703 4352 b57nd60x - ok
20:51:49.0728 4352 [ ee1e9c3bb8228ae423dd38db69128e71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:51:49.0749 4352 BDESVC - ok
20:51:49.0779 4352 [ 505506526a9d467307b3c393dedaf858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:51:49.0781 4352 Beep - ok
20:51:49.0814 4352 [ 85ac71c045ceb054ed48a7841aae0c11 ] BFE C:\Windows\System32\bfe.dll
20:51:49.0820 4352 BFE - ok
20:51:49.0852 4352 [ 53f476476f55a27f580661bde09c4ec4 ] BITS C:\Windows\system32\qmgr.dll
20:51:49.0859 4352 BITS - ok
20:51:49.0875 4352 [ 2287078ed48fcfc477b05b20cf38f36f ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:51:49.0897 4352 blbdrive - ok
20:51:49.0932 4352 [ 9a5c671b7fbae4865149bb11f59b91b2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:51:49.0953 4352 bowser - ok
20:51:49.0979 4352 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:51:50.0001 4352 BrFiltLo - ok
20:51:50.0025 4352 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:51:50.0047 4352 BrFiltUp - ok
20:51:50.0066 4352 [ 77361d72a04f18809d0efb6cceb74d4b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:51:50.0090 4352 BridgeMP - ok
20:51:50.0119 4352 [ 598e1280e7ff3744f4b8329366cc5635 ] Browser C:\Windows\System32\browser.dll
20:51:50.0121 4352 Browser - ok
20:51:50.0139 4352 [ 845b8ce732e67f3b4133164868c666ea ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:51:50.0167 4352 Brserid - ok
20:51:50.0194 4352 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:51:50.0220 4352 BrSerWdm - ok
20:51:50.0247 4352 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:51:50.0269 4352 BrUsbMdm - ok
20:51:50.0294 4352 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:51:50.0298 4352 BrUsbSer - ok
20:51:50.0314 4352 [ ed3df7c56ce0084eb2034432fc56565a ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:51:50.0337 4352 BTHMODEM - ok
20:51:50.0364 4352 [ 1df19c96eef6c29d1c3e1a8678e07190 ] bthserv C:\Windows\system32\bthserv.dll
20:51:50.0392 4352 bthserv - ok
20:51:50.0502 4352 catchme - ok
20:51:50.0538 4352 [ 77ea11b065e0a8ab902d78145ca51e10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:51:50.0560 4352 cdfs - ok
20:51:50.0592 4352 [ ba6e70aa0e6091bc39de29477d866a77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:51:50.0615 4352 cdrom - ok
20:51:50.0647 4352 [ 628a9e30ec5e18dd5de6be4dbdc12198 ] CertPropSvc C:\Windows\System32\certprop.dll
20:51:50.0648 4352 CertPropSvc - ok
20:51:50.0666 4352 [ 3fe3fe94a34df6fb06e6418d0f6a0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:51:50.0685 4352 circlass - ok
20:51:50.0714 4352 [ 635181e0e9bbf16871bf5380d71db02d ] CLFS C:\Windows\system32\CLFS.sys
20:51:50.0717 4352 CLFS - ok
20:51:50.0745 4352 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:51:50.0773 4352 clr_optimization_v2.0.50727_32 - ok
20:51:50.0842 4352 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:51:50.0845 4352 clr_optimization_v4.0.30319_32 - ok
20:51:50.0871 4352 [ dea805815e587dad1dd2c502220b5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:51:50.0901 4352 CmBatt - ok
20:51:50.0922 4352 [ c537b1db64d495b9b4717b4d6d9edbf2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
20:51:50.0927 4352 cmdide - ok
20:51:50.0962 4352 [ db5e008b3744dd60c8498cbbf2a1cfa6 ] CNG C:\Windows\system32\Drivers\cng.sys
20:51:50.0996 4352 CNG - ok
20:51:51.0020 4352 [ a6023d3823c37043986713f118a89bee ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:51:51.0043 4352 Compbatt - ok
20:51:51.0074 4352 [ f1724ba27e97d627f808fb0ba77a28a6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:51:51.0095 4352 CompositeBus - ok
20:51:51.0115 4352 COMSysApp - ok
20:51:51.0135 4352 [ 2c4ebcfc84a9b44f209dff6c6e6c61d1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:51:51.0154 4352 crcdisk - ok
20:51:51.0203 4352 [ 520a108a2657f4bca7fced9ca7d885de ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:51:51.0205 4352 CryptSvc - ok
20:51:51.0238 4352 [ 27c9490bdd0ae48911ab8cf1932591ed ] CSC C:\Windows\system32\drivers\csc.sys
20:51:51.0274 4352 CSC - ok
20:51:51.0314 4352 [ 56fb5f222ea30d3d3fc459879772cb73 ] CscService C:\Windows\System32\cscsvc.dll
20:51:51.0321 4352 CscService - ok
20:51:51.0434 4352 [ 80861969541971176e005d2c09dae851 ] DAUpdaterSvc C:\Program Files\Atari\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
20:51:51.0456 4352 DAUpdaterSvc - ok
20:51:51.0510 4352 [ b82cd39e336973359d7c9bf911e8e84f ] DcomLaunch C:\Windows\system32\rpcss.dll
20:51:51.0516 4352 DcomLaunch - ok
20:51:51.0543 4352 [ 8d6e10a2d9a5eed59562d9b82cf804e1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:51:51.0566 4352 defragsvc - ok
20:51:51.0605 4352 [ 83d1ecea8faae75604c0fa49ac7ad996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:51:51.0629 4352 DfsC - ok
20:51:51.0662 4352 [ c56495fbd770712367cad35e5de72da6 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:51:51.0666 4352 Dhcp - ok
20:51:51.0678 4352 [ 1a050b0274bfb3890703d490f330c0da ] discache C:\Windows\system32\drivers\discache.sys
20:51:51.0700 4352 discache - ok
20:51:51.0736 4352 [ 565003f326f99802e68ca78f2a68e9ff ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:51:51.0763 4352 Disk - ok
20:51:51.0799 4352 [ b15be77a2bacf9c3177d27518afe26a9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:51:51.0802 4352 Dnscache - ok
20:51:51.0816 4352 [ 4408c85c21eea48eb0ce486baeef0502 ] dot3svc C:\Windows\System32\dot3svc.dll
20:51:51.0828 4352 dot3svc - ok
20:51:51.0841 4352 [ 7fa81c6e11caa594adb52084da73a1e5 ] DPS C:\Windows\system32\dps.dll
20:51:51.0844 4352 DPS - ok
20:51:51.0873 4352 [ b918e7c5f9bf77202f89e1a9539f2eb4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:51:51.0894 4352 drmkaud - ok
20:51:51.0932 4352 [ 1679a4669326cb1a67cc95658d273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:51:51.0972 4352 DXGKrnl - ok
20:51:51.0998 4352 EagleNT - ok
20:51:52.0008 4352 EagleXNt - ok
20:51:52.0041 4352 [ 8600142fa91c1b96367d3300ad0f3f3a ] EapHost C:\Windows\System32\eapsvc.dll
20:51:52.0044 4352 EapHost - ok
20:51:52.0108 4352 [ 024e1b5cac09731e4d868e64dbfb4ab0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:51:52.0166 4352 ebdrv - ok
20:51:52.0200 4352 [ c2243ff9e9aad0c30e8b1a0914da15b6 ] EFS C:\Windows\System32\lsass.exe
20:51:52.0203 4352 EFS - ok
20:51:52.0259 4352 [ 1697c39978cd69f6fbc15302edcece1f ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:51:52.0364 4352 ehRecvr - ok
20:51:52.0415 4352 [ d389bff34f80caede417bf9d1507996a ] ehSched C:\Windows\ehome\ehsched.exe
20:51:52.0494 4352 ehSched - ok
20:51:52.0716 4352 [ 0ed67910c8c326796faa00b2bf6d9d3c ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:51:52.0763 4352 elxstor - ok
20:51:52.0789 4352 [ 8fc3208352dd3912c94367a206ab3f11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
20:51:52.0811 4352 ErrDev - ok
20:51:52.0859 4352 [ f6916efc29d9953d5d0df06882ae8e16 ] EventSystem C:\Windows\system32\es.dll
20:51:52.0862 4352 EventSystem - ok
20:51:52.0878 4352 [ 2dc9108d74081149cc8b651d3a26207f ] exfat C:\Windows\system32\drivers\exfat.sys
20:51:52.0900 4352 exfat - ok
20:51:52.0927 4352 [ 7e0ab74553476622fb6ae36f73d97d35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:51:52.0951 4352 fastfat - ok
20:51:52.0987 4352 [ f7ea23cc5e6bf2181f3f399d54f6efc1 ] Fax C:\Windows\system32\fxssvc.exe
20:51:52.0994 4352 Fax - ok
20:51:53.0013 4352 [ e817a017f82df2a1f8cfdbda29388b29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:51:53.0033 4352 fdc - ok
20:51:53.0056 4352 [ f3222c893bd2f5821a0179e5c71e88fb ] fdPHost C:\Windows\system32\fdPHost.dll
20:51:53.0058 4352 fdPHost - ok
20:51:53.0072 4352 [ 7dbe8cbfe79efbdeb98c9fb08d3a9a5b ] FDResPub C:\Windows\system32\fdrespub.dll
20:51:53.0076 4352 FDResPub - ok
20:51:53.0092 4352 [ 6cf00369c97f3cf563be99be983d13d8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:51:53.0119 4352 FileInfo - ok
20:51:53.0156 4352 [ 42c51dc94c91da21cb9196eb64c45db9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:51:53.0181 4352 Filetrace - ok
20:51:53.0201 4352 [ 87907aa70cb3c56600f1c2fb8841579b ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:51:53.0220 4352 flpydisk - ok
20:51:53.0246 4352 [ 7520ec808e0c35e0ee6f841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:51:53.0273 4352 FltMgr - ok
20:51:53.0318 4352 [ 7fe4995528a7529a761875151ee3d512 ] FontCache C:\Windows\system32\FntCache.dll
20:51:53.0327 4352 FontCache - ok
20:51:53.0367 4352 [ e56f39f6b7fda0ac77a79b0fd3de1a2f ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:51:53.0392 4352 FontCache3.0.0.0 - ok
20:51:53.0422 4352 [ 1a16b57943853e598cff37fe2b8cbf1d ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:51:53.0442 4352 FsDepends - ok
20:51:53.0475 4352 [ 500a9814fd9446a8126858a5a7f7d273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:51:53.0500 4352 Fs_Rec - ok
20:51:53.0551 4352 [ dafbd9fe39197495aed6d51f3b85b5d2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:51:53.0592 4352 fvevol - ok
20:51:53.0621 4352 [ 65ee0c7a58b65e74ae05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:51:53.0646 4352 gagp30kx - ok
20:51:53.0670 4352 GameConsoleService - ok
20:51:53.0707 4352 [ 8ba3c04702bf8f927ab36ae8313ca4ee ] gpsvc C:\Windows\System32\gpsvc.dll
20:51:53.0715 4352 gpsvc - ok
20:51:53.0727 4352 [ c44e3c2bab6837db337ddee7544736db ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:51:53.0749 4352 hcw85cir - ok
20:51:53.0781 4352 [ 3530cad25deba7dc7de8bb51632cbc5f ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:51:53.0794 4352 HdAudAddService - ok
20:51:53.0817 4352 [ 717a2207fd6f13ad3e664c7d5a43c7bf ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:51:53.0819 4352 HDAudBus - ok
20:51:53.0834 4352 [ 1d58a7f3e11a9731d0eaaaa8405acc36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:51:53.0856 4352 HidBatt - ok
20:51:53.0862 4352 [ 89448f40e6df260c206a193a4683ba78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:51:53.0874 4352 HidBth - ok
20:51:53.0895 4352 [ cf50b4cf4a4f229b9f3c08351f99ca5e ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:51:53.0901 4352 HidIr - ok
20:51:53.0919 4352 [ 2bc6f6a1992b3a77f5f41432ca6b3b6b ] hidserv C:\Windows\System32\hidserv.dll
20:51:53.0921 4352 hidserv - ok
20:51:53.0939 4352 [ 25072fb35ac90b25f9e4e3bacf774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:51:53.0943 4352 HidUsb - ok
20:51:53.0969 4352 [ 741c2a45ca8407e374aaba3e330b7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:51:53.0972 4352 hkmsvc - ok
20:51:53.0985 4352 [ a768ca158bb06782a2835b907f4873c3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:51:53.0989 4352 HomeGroupListener - ok
20:51:54.0016 4352 [ fb08dec5ef43d0c66d83b8e9694e7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:51:54.0020 4352 HomeGroupProvider - ok
20:51:54.0028 4352 [ 295fdc419039090eb8b49ffdbb374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
20:51:54.0036 4352 HpSAMD - ok
20:51:54.0079 4352 [ 57bd2878b475f530a9cf965c785c74a3 ] Htsysm C:\Windows\system32\HtsysmNT.sys
20:51:54.0098 4352 Htsysm - ok
20:51:54.0133 4352 [ c531c7fd9e8b62021112787c4e2c5a5a ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:51:54.0165 4352 HTTP - ok
20:51:54.0189 4352 [ 8305f33cde89ad6c7a0763ed0b5a8d42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:51:54.0194 4352 hwpolicy - ok
20:51:54.0211 4352 [ f151f0bdc47f4a28b1b20a0818ea36d6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:51:54.0235 4352 i8042prt - ok
20:51:54.0284 4352 [ 71f1a494fedf4b33c02c4a6a28d6d9e9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:51:54.0314 4352 iaStorV - ok
20:51:54.0406 4352 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:51:54.0417 4352 IDriverT - ok
20:51:54.0455 4352 [ 5af815eb5bc9802e5a064e2ba62bfc0c ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:51:54.0501 4352 idsvc - ok
20:51:54.0550 4352 [ 4173ff5708f3236cf25195fecd742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:51:54.0556 4352 iirsp - ok
20:51:54.0597 4352 [ fac0ee6562b121b1399d6e855583f7a5 ] IKEEXT C:\Windows\System32\ikeext.dll
20:51:54.0606 4352 IKEEXT - ok
20:51:54.0618 4352 [ a0f12f2c9ba6c72f3987ce780e77c130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:51:54.0638 4352 intelide - ok
20:51:54.0660 4352 [ 3b514d27bfc4accb4037bc6685f766e0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:51:54.0661 4352 intelppm - ok
20:51:54.0670 4352 [ acb364b9075a45c0736e5c47be5cae19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:51:54.0679 4352 IPBusEnum - ok
20:51:54.0694 4352 [ 709d1761d3b19a932ff0238ea6d50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:51:54.0718 4352 IpFilterDriver - ok
20:51:54.0743 4352 [ 477397b432a256a50ee7e4339eb9ea14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:51:54.0749 4352 iphlpsvc - ok
20:51:54.0772 4352 [ e4454b6c37d7ffd5649611f6496308a7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:51:54.0796 4352 IPMIDRV - ok
20:51:54.0824 4352 [ a5fa468d67abcdaa36264e463a7bb0cd ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:51:54.0846 4352 IPNAT - ok
20:51:54.0870 4352 [ 42996cff20a3084a56017b7902307e9f ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:51:54.0875 4352 IRENUM - ok
20:51:54.0881 4352 [ 1f32bb6b38f62f7df1a7ab7292638a35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
20:51:54.0904 4352 isapnp - ok
20:51:54.0931 4352 [ ed46c223ae46c6866ab77cdc41c404b7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:51:54.0960 4352 iScsiPrt - ok
20:51:54.0992 4352 [ adef52ca1aeae82b50df86b56413107e ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:51:54.0994 4352 kbdclass - ok
20:51:55.0009 4352 [ 3d9f0ebf350edcfd6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:51:55.0035 4352 kbdhid - ok
20:51:55.0055 4352 [ c2243ff9e9aad0c30e8b1a0914da15b6 ] KeyIso C:\Windows\system32\lsass.exe
20:51:55.0057 4352 KeyIso - ok
20:51:55.0087 4352 [ 52fc17c8589f11747d01d3cf592673d0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:51:55.0106 4352 KSecDD - ok
20:51:55.0127 4352 [ 3e5474b03568cfab834da3c38e8c9efa ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:51:55.0164 4352 KSecPkg - ok
20:51:55.0194 4352 [ 89a7b9cc98d0d80c6f31b91c0a310fcd ] KtmRm C:\Windows\system32\msdtckrm.dll
20:51:55.0227 4352 KtmRm - ok
20:51:55.0276 4352 [ 8f6bf790d3168224c16f2af68a84438c ] LanmanServer C:\Windows\System32\srvsvc.dll
20:51:55.0280 4352 LanmanServer - ok
20:51:55.0308 4352 [ b9891f885dcf1f0513a51cb58493cb1f ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:51:55.0312 4352 LanmanWorkstation - ok
20:51:55.0339 4352 [ 8ccf9ed46d52af1375875f74a91ffacf ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
20:51:55.0360 4352 lirsgt - ok
20:51:55.0398 4352 [ f7611ec07349979da9b0ae1f18ccc7a6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:51:55.0423 4352 lltdio - ok
20:51:55.0462 4352 [ 5700673e13a2117fa3b9020c852c01e2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:51:55.0491 4352 lltdsvc - ok
20:51:55.0510 4352 [ 55ca01ba19d0006c8f2639b6c045e08b ] lmhosts C:\Windows\System32\lmhsvc.dll
20:51:55.0512 4352 lmhosts - ok
20:51:55.0537 4352 [ eb119a53ccf2acc000ac71b065b78fef ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:51:55.0559 4352 LSI_FC - ok
20:51:55.0578 4352 [ 8ade1c877256a22e49b75d1cc9161f9c ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:51:55.0604 4352 LSI_SAS - ok
20:51:55.0632 4352 [ dc9dc3d3daa0e276fd2ec262e38b11e9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:51:55.0658 4352 LSI_SAS2 - ok
20:51:55.0680 4352 [ 0a036c7d7cab643a7f07135ac47e0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:51:55.0707 4352 LSI_SCSI - ok
20:51:55.0738 4352 [ 6703e366cc18d3b6e534f5cf7df39cee ] luafv C:\Windows\system32\drivers\luafv.sys
20:51:55.0758 4352 luafv - ok
20:51:55.0813 4352 [ 38440fe1a65b1fe3d246c5c4cad22f53 ] LVCOMSer C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
20:51:55.0816 4352 LVCOMSer - ok
20:51:55.0843 4352 [ a6919138f29ae45e90e99fa94737e04c ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
20:51:55.0848 4352 LVPr2Mon - ok
20:51:55.0873 4352 [ 28bd0e4b6c050b591b8cb35b9ad284e6 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
20:51:55.0874 4352 Suspicious file (NoAccess): C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe. md5: 28bd0e4b6c050b591b8cb35b9ad284e6
20:51:55.0874 4352 LVPrcSrv ( LockedFile.Multi.Generic ) - warning
20:51:55.0874 4352 LVPrcSrv - detected LockedFile.Multi.Generic (1)
20:51:55.0896 4352 [ b895839b8743e400d7c7dae156f74e7e ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
20:51:55.0930 4352 LVRS - ok
20:51:55.0955 4352 [ 23f8ef78bb9553e465a476f3cee5ca18 ] LVUSBSta C:\Windows\system32\DRIVERS\LVUSBSta.sys
20:51:55.0981 4352 LVUSBSta - ok
20:51:56.0001 4352 mcdbus - ok
20:51:56.0046 4352 [ e2b0887816ed336685954e3d8fdaa51d ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:51:56.0068 4352 Mcx2Svc - ok
20:51:56.0099 4352 [ 0fff5b045293002ab38eb1fd1fc2fb74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:51:56.0123 4352 megasas - ok
20:51:56.0159 4352 [ dcbab2920c75f390caf1d29f675d03d6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:51:56.0168 4352 MegaSR - ok
20:51:56.0250 4352 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:51:56.0275 4352 Microsoft Office Groove Audit Service - ok
20:51:56.0310 4352 [ 146b6f43a673379a3c670e86d89be5ea ] MMCSS C:\Windows\system32\mmcss.dll
20:51:56.0313 4352 MMCSS - ok
20:51:56.0324 4352 [ f001861e5700ee84e2d4e52c712f4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:51:56.0345 4352 Modem - ok
20:51:56.0378 4352 [ 79d10964de86b292320e9dfe02282a23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:51:56.0378 4352 monitor - ok
20:51:56.0390 4352 [ fb18cc1d4c2e716b6b903b0ac0cc0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:51:56.0423 4352 mouclass - ok
20:51:56.0450 4352 [ 2c388d2cd01c9042596cf3c8f3c7b24d ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:51:56.0470 4352 mouhid - ok
20:51:56.0494 4352 [ 921c18727c5920d6c0300736646931c2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:51:56.0518 4352 mountmgr - ok
20:51:56.0577 4352 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:51:56.0606 4352 MozillaMaintenance - ok
20:51:56.0633 4352 [ 2af5997438c55fb79d33d015c30e1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
20:51:56.0661 4352 mpio - ok
20:51:56.0689 4352 [ ad2723a7b53dd1aacae6ad8c0bfbf4d0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:51:56.0710 4352 mpsdrv - ok
20:51:56.0760 4352 [ 5cd996cecf45cbc3e8d109c86b82d69e ] MpsSvc C:\Windows\system32\mpssvc.dll
20:51:56.0768 4352 MpsSvc - ok
20:51:56.0781 4352 [ b1be47008d20e43da3adc37c24cdb89d ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:51:56.0804 4352 MRxDAV - ok
20:51:56.0852 4352 [ ca7570e42522e24324a12161db14ec02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:51:56.0877 4352 mrxsmb - ok
20:51:56.0904 4352 [ f965c3ab2b2ae5c378f4562486e35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:51:56.0931 4352 mrxsmb10 - ok
20:51:56.0954 4352 [ 25c38264a3c72594dd21d355d70d7a5d ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:51:56.0977 4352 mrxsmb20 - ok
20:51:57.0003 4352 [ 4326d168944123f38dd3b2d9c37a0b12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
20:51:57.0023 4352 msahci - ok
20:51:57.0043 4352 [ 455029c7174a2dbb03dba8a0d8bddd9a ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
20:51:57.0067 4352 msdsm - ok
20:51:57.0095 4352 [ e1bce74a3bd9902b72599c0192a07e27 ] MSDTC C:\Windows\System32\msdtc.exe
20:51:57.0106 4352 MSDTC - ok
20:51:57.0143 4352 [ daefb28e3af5a76abcc2c3078c07327f ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:51:57.0148 4352 Msfs - ok
20:51:57.0168 4352 [ 3e1e5767043c5af9367f0056295e9f84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:51:57.0172 4352 mshidkmdf - ok
20:51:57.0187 4352 [ 0a4e5757ae09fa9622e3158cc1aef114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
20:51:57.0193 4352 msisadrv - ok
20:51:57.0228 4352 [ 90f7d9e6b6f27e1a707d4a297f077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:51:57.0296 4352 MSiSCSI - ok
20:51:57.0302 4352 msiserver - ok
20:51:57.0334 4352 [ 8c0860d6366aaffb6c5bb9df9448e631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:51:57.0351 4352 MSKSSRV - ok
20:51:57.0406 4352 [ ade6270c1003923e92a9bbba272133a9 ] msloop C:\Windows\system32\DRIVERS\loop.sys
20:51:57.0428 4352 msloop - ok
20:51:57.0453 4352 [ 3ea8b949f963562cedbb549eac0c11ce ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:51:57.0474 4352 MSPCLOCK - ok
20:51:57.0504 4352 [ f456e973590d663b1073e9c463b40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:51:57.0508 4352 MSPQM - ok
20:51:57.0541 4352 [ 0e008fc4819d238c51d7c93e7b41e560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:51:57.0550 4352 MsRPC - ok
20:51:57.0561 4352 [ fc6b9ff600cc585ea38b12589bd4e246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:51:57.0562 4352 mssmbios - ok
20:51:57.0579 4352 [ b42c6b921f61a6e55159b8be6cd54a36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:51:57.0583 4352 MSTEE - ok
20:51:57.0593 4352 [ 33599130f44e1f34631cea241de8ac84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:51:57.0612 4352 MTConfig - ok
20:51:57.0671 4352 [ d48659bb24c48345d926ecb45c1ebdf5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
20:51:57.0701 4352 MTsensor - ok
20:51:57.0723 4352 [ 159fad02f64e6381758c990f753bcc80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:51:57.0748 4352 Mup - ok
20:51:57.0822 4352 [ 80284f1985c70c86f0b5f86da2dfe1df ] napagent C:\Windows\system32\qagentRT.dll
20:51:57.0828 4352 napagent - ok
20:51:57.0866 4352 [ 26384429fcd85d83746f63e798ab1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:51:57.0894 4352 NativeWifiP - ok
20:51:57.0926 4352 [ 23759d175a0a9baaf04d05047bc135a8 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:51:57.0932 4352 NDIS - ok
20:51:57.0948 4352 [ 0e1787aa6c9191d3d319e8bafe86f80c ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:51:57.0971 4352 NdisCap - ok
20:51:58.0000 4352 [ e4a8aec125a2e43a9e32afeea7c9c888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:51:58.0005 4352 NdisTapi - ok
20:51:58.0031 4352 [ b30ae7f2b6d7e343b0df32e6c08fce75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:51:58.0056 4352 Ndisuio - ok
20:51:58.0082 4352 [ 267c415eadcbe53c9ca873dee39cf3a4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:51:58.0110 4352 NdisWan - ok
20:51:58.0132 4352 [ af7e7c63dcef3f8772726f86039d6eb4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:51:58.0158 4352 NDProxy - ok
20:51:58.0276 4352 [ 2aae889742376edc5c3203dfb74f28fd ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
20:51:58.0296 4352 Nero BackItUp Scheduler 3 - ok
20:51:58.0325 4352 [ 80b275b1ce3b0e79909db7b39af74d51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:51:58.0349 4352 NetBIOS - ok
20:51:58.0379 4352 [ dd52a733bf4ca5af84562a5e2f963b91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:51:58.0406 4352 NetBT - ok
20:51:58.0426 4352 [ c2243ff9e9aad0c30e8b1a0914da15b6 ] Netlogon C:\Windows\system32\lsass.exe
20:51:58.0428 4352 Netlogon - ok
20:51:58.0461 4352 [ 7cccfca7510684768da22092d1fa4db2 ] Netman C:\Windows\System32\netman.dll
20:51:58.0466 4352 Netman - ok
20:51:58.0502 4352 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:51:58.0528 4352 NetMsmqActivator - ok
20:51:58.0549 4352 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:51:58.0551 4352 NetPipeActivator - ok
20:51:58.0575 4352 [ 8c338238c16777a802d6a9211eb2ba50 ] netprofm C:\Windows\System32\netprofm.dll
20:51:58.0581 4352 netprofm - ok
20:51:58.0632 4352 [ 370887e0e0dbd2b31164edadb95c99df ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
20:51:58.0650 4352 netr28u - ok
20:51:58.0656 4352 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:51:58.0658 4352 NetTcpActivator - ok
20:51:58.0663 4352 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:51:58.0665 4352 NetTcpPortSharing - ok
20:51:58.0692 4352 [ 1d85c4b390b0ee09c7a46b91efb2c097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:51:58.0712 4352 nfrd960 - ok
20:51:58.0768 4352 [ 2226496e34bd40734946a054b1cd657f ] NlaSvc C:\Windows\System32\nlasvc.dll
20:51:58.0773 4352 NlaSvc - ok
20:51:58.0886 4352 [ cb992ae1506985d9167e85883b4c3240 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
20:51:58.0982 4352 NMIndexingService - ok
20:51:59.0038 4352 [ 1db262a9f8c087e8153d89bef3d2235f ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:51:59.0061 4352 Npfs - ok
20:51:59.0087 4352 npggsvc - ok
20:51:59.0108 4352 [ ba387e955e890c8a88306d9b8d06bf17 ] nsi C:\Windows\system32\nsisvc.dll
20:51:59.0111 4352 nsi - ok
20:51:59.0138 4352 [ e9a0a4d07e53d8fea2bb8387a3293c58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:51:59.0155 4352 nsiproxy - ok
20:51:59.0218 4352 [ 187002ce05693c306f43c873f821381f ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:51:59.0244 4352 Ntfs - ok
20:51:59.0258 4352 [ f9756a98d69098dca8945d62858a812c ] Null C:\Windows\system32\drivers\Null.sys
20:51:59.0260 4352 Null - ok
20:51:59.0303 4352 [ f1b0bed906f97e16f6d0c3629d2f21c6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:51:59.0330 4352 nvraid - ok
20:51:59.0354 4352 [ 4520b63899e867f354ee012d34e11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:51:59.0374 4352 nvstor - ok
20:51:59.0399 4352 [ 5a0983915f02bae73267cc2a041f717d ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
20:51:59.0430 4352 nv_agp - ok
20:51:59.0521 4352 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:51:59.0557 4352 odserv - ok
20:51:59.0578 4352 [ 08a70a1f2cdde9bb49b885cb817a66eb ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:51:59.0603 4352 ohci1394 - ok
20:51:59.0660 4352 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:51:59.0681 4352 ose - ok
20:51:59.0715 4352 [ 82a8521ddc60710c3d3d3e7325209bec ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:51:59.0720 4352 p2pimsvc - ok
20:51:59.0734 4352 [ 59c3ddd501e39e006dac31bf55150d91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:51:59.0739 4352 p2psvc - ok
20:51:59.0805 4352 [ 2ea877ed5dd9713c5ac74e8ea7348d14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:51:59.0835 4352 Parport - ok
20:51:59.0881 4352 [ 66d3415c159741ade7038a277efff99f ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:51:59.0898 4352 partmgr - ok
20:51:59.0924 4352 [ eb0a59f29c19b86479d36b35983daadc ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:51:59.0937 4352 Parvdm - ok
20:51:59.0996 4352 [ 2f6e885c432927a186c2e352c8a1cbf4 ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
20:52:00.0031 4352 pbfilter - ok
20:52:00.0095 4352 [ 358ab7956d3160000726574083dfc8a6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:52:00.0100 4352 PcaSvc - ok
20:52:00.0117 4352 [ c858cb77c577780ecc456a892e7e7d0f ] pci C:\Windows\system32\DRIVERS\pci.sys
20:52:00.0119 4352 pci - ok
20:52:00.0129 4352 [ afe86f419014db4e5593f69ffe26ce0a ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:52:00.0149 4352 pciide - ok
20:52:00.0179 4352 [ f396431b31693e71e8a80687ef523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:52:00.0203 4352 pcmcia - ok
20:52:00.0231 4352 [ 250f6b43d2b613172035c6747aeeb19f ] pcw C:\Windows\system32\drivers\pcw.sys
20:52:00.0302 4352 pcw - ok
20:52:00.0376 4352 [ 9e0104ba49f4e6973749a02bf41344ed ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:52:00.0409 4352 PEAUTH - ok
20:52:00.0455 4352 [ af4d64d2a57b9772cf3801950b8058a6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:52:00.0466 4352 PeerDistSvc - ok
20:52:00.0478 4352 [ a05f0d7419cf4680eedd5736e6549e7b ] pepifilter C:\Windows\system32\DRIVERS\lv302af.sys
20:52:00.0484 4352 pepifilter - ok
20:52:00.0587 4352 [ 4bb5ac2dd485b8eefccb977ee66a68ad ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
20:52:00.0645 4352 PID_PEPI - ok
20:52:00.0692 4352 [ 9c1bff7910c89a1d12e57343475840cb ] pla C:\Windows\system32\pla.dll
20:52:00.0767 4352 pla - ok
20:52:00.0805 4352 [ 875e4e0661f3a5994df9e5e3a0a4f96b ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
20:52:00.0807 4352 PLFlash DeviceIoControl Service - ok
20:52:00.0858 4352 [ 71def5ec79774c798342d0ea16e41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:52:00.0864 4352 PlugPlay - ok
20:52:00.0900 4352 [ 1713d9de407313138118d501b0e3c05b ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
20:52:00.0904 4352 PnkBstrA - ok
20:52:00.0913 4352 [ 63ff8572611249931eb16bb8eed6afc8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:52:00.0937 4352 PNRPAutoReg - ok
20:52:00.0964 4352 [ 82a8521ddc60710c3d3d3e7325209bec ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:52:00.0967 4352 PNRPsvc - ok
20:52:01.0006 4352 [ 896d916de06f5502d301e8c4dc442ae8 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
20:52:01.0029 4352 Point32 - ok
20:52:01.0083 4352 [ 48e1b75c6dc0232fd92baae4bd344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:52:01.0089 4352 PolicyAgent - ok
20:52:01.0119 4352 [ dbff83f709a91049621c1d35dd45c92c ] Power C:\Windows\system32\umpo.dll
20:52:01.0123 4352 Power - ok
20:52:01.0149 4352 [ 631e3e205ad6d86f2aed6a4a8e69f2db ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:52:01.0172 4352 PptpMiniport - ok
20:52:01.0210 4352 [ 85b1e3a0c7585bc4aae6899ec6fcf011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:52:01.0235 4352 Processor - ok
20:52:01.0268 4352 [ aea3bdbdba667aa6f678cb38907e4f5e ] ProfSvc C:\Windows\system32\profsvc.dll
20:52:01.0272 4352 ProfSvc - ok
20:52:01.0289 4352 [ c2243ff9e9aad0c30e8b1a0914da15b6 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:52:01.0291 4352 ProtectedStorage - ok
20:52:01.0311 4352 [ 6270ccae2a86de6d146529fe55b3246a ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:52:01.0313 4352 Psched - ok
20:52:01.0344 4352 [ ab95ecf1f6659a60ddc166d8315b0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:52:01.0395 4352 ql2300 - ok
20:52:01.0416 4352 [ b4dd51dd25182244b86737dc51af2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:52:01.0426 4352 ql40xx - ok
20:52:01.0448 4352 [ 31ac809e7707eb580b2bdb760390765a ] QWAVE C:\Windows\system32\qwave.dll
20:52:01.0478 4352 QWAVE - ok
20:52:01.0498 4352 [ 584078ca1b95ca72df2a27c336f9719d ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:52:01.0519 4352 QWAVEdrv - ok
20:52:01.0601 4352 [ e155e09229624c69a1a6609c0cb3641f ] RalinkRegistryWriter C:\Program Files\Edimax\Common\RaRegistry.exe
20:52:01.0607 4352 RalinkRegistryWriter - ok
20:52:01.0625 4352 [ 30a81b53c766d0133bb86d234e5556ab ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:52:01.0641 4352 RasAcd - ok
20:52:01.0678 4352 [ 57ec4aef73660166074d8f7f31c0d4fd ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:52:01.0685 4352 RasAgileVpn - ok
20:52:01.0709 4352 [ a60f1839849c0c00739787fd5ec03f13 ] RasAuto C:\Windows\System32\rasauto.dll
20:52:01.0719 4352 RasAuto - ok
20:52:01.0741 4352 [ d9f91eafec2815365cbe6d167e4e332a ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:52:01.0762 4352 Rasl2tp - ok
20:52:01.0796 4352 [ 0ce66ec736b7fc526d78f7624c7d2a94 ] RasMan C:\Windows\System32\rasmans.dll
20:52:01.0801 4352 RasMan - ok
20:52:01.0812 4352 [ 0fe8b15916307a6ac12bfb6a63e45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:52:01.0833 4352 RasPppoe - ok
20:52:01.0852 4352 [ 44101f495a83ea6401d886e7fd70096b ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:52:01.0872 4352 RasSstp - ok
20:52:01.0897 4352 [ 835d7e81bf517a3b72384bdcc85e1ce6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:52:01.0924 4352 rdbss - ok
20:52:01.0947 4352 [ 0d8f05481cb76e70e1da06ee9f0da9df ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:52:01.0965 4352 rdpbus - ok
20:52:01.0990 4352 [ 1e016846895b15a99f9a176a05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:52:02.0012 4352 RDPCDD - ok
20:52:02.0048 4352 [ c5ff95883ffef704d50c40d21cfb3ab5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:52:02.0076 4352 RDPDR - ok
20:52:02.0103 4352 [ 5a53ca1598dd4156d44196d200c94b8a ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:52:02.0126 4352 RDPENCDD - ok
20:52:02.0167 4352 [ 44b0a53cd4f27d50ed461dae0c0b4e1f ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:52:02.0194 4352 RDPREFMP - ok
20:52:02.0239 4352 [ c5b8d47a4688de9d335204ea757c2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:52:02.0265 4352 RDPWD - ok
20:52:02.0300 4352 [ 4ea225bf1cf05e158853f30a99ca29a7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:52:02.0310 4352 rdyboost - ok
20:52:02.0331 4352 [ 7b5e1419717fac363a31cc302895217a ] RemoteAccess C:\Windows\System32\mprdim.dll
20:52:02.0360 4352 RemoteAccess - ok
20:52:02.0395 4352 [ cb9a8683f4ef2bf99e123d79950d7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:52:02.0400 4352 RemoteRegistry - ok
20:52:02.0451 4352 [ c0c8909be3ecc9df8089112bf9be954e ] RivaTuner32 C:\Program Files\D3DOverrider\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
20:52:02.0471 4352 RivaTuner32 - ok
20:52:02.0490 4352 [ 78d072f35bc45d9e4e1b61895c152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:52:02.0494 4352 RpcEptMapper - ok
20:52:02.0502 4352 [ 94d36c0e44677dd26981d2bfeef2a29d ] RpcLocator C:\Windows\system32\locator.exe
20:52:02.0524 4352 RpcLocator - ok
20:52:02.0555 4352 [ b82cd39e336973359d7c9bf911e8e84f ] RpcSs C:\Windows\system32\rpcss.dll
20:52:02.0560 4352 RpcSs - ok
20:52:02.0596 4352 [ 032b0d36ad92b582d869879f5af5b928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:52:02.0603 4352 rspndr - ok
20:52:02.0639 4352 [ 7dfd48e24479b68b258d8770121155a0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
20:52:02.0661 4352 RTL8167 - ok
20:52:02.0696 4352 [ b6b3c4259d514f10b458ca6c2e50bc2e ] RTL8187B C:\Windows\system32\DRIVERS\wg111v3.sys
20:52:02.0730 4352 RTL8187B - ok
20:52:02.0759 4352 [ 5423d8437051e89dd34749f242c98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
20:52:02.0776 4352 s3cap - ok
20:52:02.0795 4352 [ c2243ff9e9aad0c30e8b1a0914da15b6 ] SamSs C:\Windows\system32\lsass.exe
20:52:02.0797 4352 SamSs - ok
20:52:02.0821 4352 [ 34ee0c44b724e3e4ce2eff29126de5b5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
20:52:02.0903 4352 sbp2port - ok
20:52:02.0941 4352 [ 8fc518ffe9519c2631d37515a68009c4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:52:02.0992 4352 SCardSvr - ok
20:52:03.0023 4352 [ a95c54b2ac3cc9c73fcdf9e51a1d6b51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:52:03.0070 4352 scfilter - ok
20:52:03.0175 4352 [ df1e5c82e4d09cf8105cc644980c4803 ] Schedule C:\Windows\system32\schedsvc.dll
20:52:03.0185 4352 Schedule - ok
20:52:03.0206 4352 [ 628a9e30ec5e18dd5de6be4dbdc12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:52:03.0207 4352 SCPolicySvc - ok
20:52:03.0222 4352 [ 5fd90abdbfaee85986802622cbb03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:52:03.0225 4352 SDRSVC - ok
20:52:03.0250 4352 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:52:03.0270 4352 secdrv - ok
20:52:03.0296 4352 [ a59b3a4442c52060cc7a85293aa3546f ] seclogon C:\Windows\system32\seclogon.dll
20:52:03.0299 4352 seclogon - ok
20:52:03.0316 4352 [ dcb7fcdcc97f87360f75d77425b81737 ] SENS C:\Windows\system32\sens.dll
20:52:03.0320 4352 SENS - ok
20:52:03.0342 4352 [ 50087fe1ee447009c9cc2997b90de53f ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:52:03.0365 4352 SensrSvc - ok
20:52:03.0387 4352 [ 9ad8b8b515e3df6acd4212ef465de2d1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:52:03.0403 4352 Serenum - ok
20:52:03.0428 4352 [ 5fb7fcea0490d821f26f39cc5ea3d1e2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:52:03.0438 4352 Serial - ok
20:52:03.0448 4352 [ 79bffb520327ff916a582dfea17aa813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:52:03.0469 4352 sermouse - ok
20:52:03.0500 4352 [ 8f55ce568c543d5adf45c409d16718fc ] SessionEnv C:\Windows\system32\sessenv.dll
20:52:03.0512 4352 SessionEnv - ok
20:52:03.0533 4352 [ 9f976e1eb233df46fce808d9dea3eb9c ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:52:03.0537 4352 sffdisk - ok
20:52:03.0543 4352 [ 932a68ee27833cfd57c1639d375f2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:52:03.0548 4352 sffp_mmc - ok
20:52:03.0563 4352 [ 4f1e5b0fe7c8050668dbfade8999aefb ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:52:03.0567 4352 sffp_sd - ok
20:52:03.0573 4352 [ db96666cc8312ebc45032f30b007a547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:52:03.0598 4352 sfloppy - ok
20:52:03.0644 4352 [ d1a079a0de2ea524513b6930c24527a2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:52:03.0658 4352 SharedAccess - ok
20:52:03.0673 4352 [ cd2e48fa5b29ee2b3b5858056d246ef2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:52:03.0679 4352 ShellHWDetection - ok
20:52:03.0692 4352 [ 2565cac0dc9fe0371bdce60832582b2e ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
20:52:03.0716 4352 sisagp - ok
20:52:03.0746 4352 [ a9f0486851becb6dda1d89d381e71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:52:03.0771 4352 SiSRaid2 - ok
20:52:03.0794 4352 [ 3727097b55738e2f554972c3be5bc1aa ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:52:03.0817 4352 SiSRaid4 - ok
20:52:03.0841 4352 [ 3e21c083b8a01cb70ba1f09303010fce ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:52:03.0867 4352 Smb - ok
20:52:03.0909 4352 [ 6a984831644eca1a33ffeae4126f4f37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:52:03.0934 4352 SNMPTRAP - ok
20:52:04.0028 4352 sony_ssm.sys - ok
20:52:04.0047 4352 [ 95cf1ae7527fb70f7816563cbc09d942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:52:04.0071 4352 spldr - ok
20:52:04.0125 4352 [ d1bb750eb51694de183e08b9c33be5b2 ] Spooler C:\Windows\System32\spoolsv.exe
20:52:04.0131 4352 Spooler - ok
20:52:04.0234 4352 [ 4c287f9069fedbd791178876ee9de536 ] sppsvc C:\Windows\system32\sppsvc.exe
20:52:04.0281 4352 sppsvc - ok
20:52:04.0307 4352 [ d8e3e19eebdab49dd4a8d3062ead4ec7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:52:04.0318 4352 sppuinotify - ok
20:52:04.0399 4352 [ cdddec541bc3c96f91ecb48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
20:52:04.0399 4352 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
20:52:04.0401 4352 sptd ( LockedFile.Multi.Generic ) - warning
20:52:04.0401 4352 sptd - detected LockedFile.Multi.Generic (1)
20:52:04.0450 4352 [ c4a027b8c0bd3fc0699f41fa5e9e0c87 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:52:04.0477 4352 srv - ok
20:52:04.0518 4352 [ 414bb592cad8a79649d01f9d94318fb3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:52:04.0554 4352 srv2 - ok
20:52:04.0579 4352 [ ff207d67700aa18242aaf985d3e7d8f4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:52:04.0606 4352 srvnet - ok
20:52:04.0639 4352 [ d887c9fd02ac9fa880f6e5027a43e118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:52:04.0643 4352 SSDPSRV - ok
20:52:04.0692 4352 [ a36ee93698802cd899f98bfd553d8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
20:52:04.0714 4352 ssmdrv - ok
20:52:04.0743 4352 [ d318f23be45d5e3a107469eb64815b50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:52:04.0748 4352 SstpSvc - ok
20:52:04.0775 4352 Steam Client Service - ok
20:52:04.0803 4352 [ db32d325c192b801df274bfd12a7e72b ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:52:04.0828 4352 stexstor - ok
20:52:04.0862 4352 [ a22825e7bb7018e8af3e229a5af17221 ] StiSvc C:\Windows\System32\wiaservc.dll
20:52:04.0870 4352 StiSvc - ok
20:52:04.0892 4352 [ 957e346ca948668f2496a6ccf6ff82cc ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
20:52:04.0902 4352 storflt - ok
20:52:04.0929 4352 [ d5751969dc3e4b88bf482ac8ec9fe019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
20:52:04.0936 4352 storvsc - ok
20:52:04.0946 4352 [ e58c78a848add9610a4db6d214af5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:52:04.0966 4352 swenum - ok
20:52:05.0003 4352 [ a28bd92df340e57b024ba433165d34d7 ] swprv C:\Windows\System32\swprv.dll
20:52:05.0017 4352 swprv - ok
20:52:05.0047 4352 [ 04105c8da62353589c29bdaeb8d88bd8 ] SysMain C:\Windows\system32\sysmain.dll
20:52:05.0073 4352 SysMain - ok
20:52:05.0089 4352 [ fcfb6c552fbc0da299799cbd50ad9fd4 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:52:05.0114 4352 TabletInputService - ok
20:52:05.0136 4352 [ 2f46b0c70a4adc8c90cf825da3b4feaf ] TapiSrv C:\Windows\System32\tapisrv.dll
20:52:05.0151 4352 TapiSrv - ok
20:52:05.0200 4352 [ b799d9fdb26111737f58288d8dc172d9 ] TBS C:\Windows\System32\tbssvc.dll
20:52:05.0208 4352 TBS - ok
20:52:05.0349 4352 [ 55e9965552741f3850cb22cbba9671ed ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:52:05.0375 4352 Tcpip - ok
20:52:05.0423 4352 [ 55e9965552741f3850cb22cbba9671ed ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:52:05.0431 4352 TCPIP6 - ok
20:52:05.0464 4352 [ e64444523add154f86567c469bc0b17f ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:52:05.0489 4352 tcpipreg - ok
20:52:05.0510 4352 [ 1875c1490d99e70e449e3afae9fcbadf ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:52:05.0528 4352 TDPIPE - ok
20:52:05.0564 4352 [ 7156308896d34ea75a582f9a09e50c17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:52:05.0584 4352 TDTCP - ok
20:52:05.0608 4352 [ cb39e896a2a83702d1737bfd402b3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:52:05.0610 4352 tdx - ok
20:52:05.0628 4352 [ c36f41ee20e6999dbf4b0425963268a5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:52:05.0653 4352 TermDD - ok
20:52:05.0697 4352 [ a01e50a04d7b1960b33e92b9080e6a94 ] TermService C:\Windows\System32\termsrv.dll
20:52:05.0705 4352 TermService - ok
20:52:05.0715 4352 [ 42fb6afd6b79d9fe07381609172e7ca4 ] Themes C:\Windows\system32\themeservice.dll
20:52:05.0719 4352 Themes - ok
20:52:05.0733 4352 [ 146b6f43a673379a3c670e86d89be5ea ] THREADORDER C:\Windows\system32\mmcss.dll
20:52:05.0735 4352 THREADORDER - ok
20:52:05.0752 4352 [ 4792c0378db99a9bc2ae2de6cfff0c3a ] TrkWks C:\Windows\System32\trkwks.dll
20:52:05.0756 4352 TrkWks - ok
20:52:05.0791 4352 [ 41a4c781d2286208d397d72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:52:05.0814 4352 TrustedInstaller - ok
20:52:05.0846 4352 [ 98ae6fa07d12cb4ec5cf4a9bfa5f4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:52:05.0851 4352 tssecsrv - ok
20:52:05.0893 4352 [ 3e461d890a97f9d4c168f5fda36e1d00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:52:05.0898 4352 tunnel - ok
20:52:05.0909 4352 [ 750fbcb269f4d7dd2e420c56b795db6d ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:52:05.0929 4352 uagp35 - ok
20:52:05.0954 4352 [ 09cc3e16f8e5ee7168e01cf8fcbe061a ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:52:05.0979 4352 udfs - ok
20:52:06.0011 4352 [ 8344fd4fce927880aa1aa7681d4927e5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:52:06.0038 4352 UI0Detect - ok
20:52:06.0068 4352 [ 44e8048ace47befbfdc2e9be4cbc8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
20:52:06.0075 4352 uliagpkx - ok
20:52:06.0088 4352 [ 049b3a50b3d646baeeee9eec9b0668dc ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:52:06.0110 4352 umbus - ok
20:52:06.0137 4352 [ 7550ad0c6998ba1cb4843e920ee0feac ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:52:06.0141 4352 UmPass - ok
20:52:06.0167 4352 [ 8ecaca5454844f66386f7be4ae0d7cd1 ] UmRdpService C:\Windows\System32\umrdp.dll
20:52:06.0171 4352 UmRdpService - ok
20:52:06.0185 4352 [ 833fbb672460efce8011d262175fad33 ] upnphost C:\Windows\System32\upnphost.dll
20:52:06.0191 4352 upnphost - ok
20:52:06.0232 4352 [ 2436a42aab4ad48a9b714e5b0f344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:52:06.0255 4352 usbaudio - ok
20:52:06.0294 4352 [ c31ae588e403042632dc796cf09e30b0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:52:06.0301 4352 usbccgp - ok
20:52:06.0329 4352 [ 04ec7cec62ec3b6d9354eee93327fc82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
20:52:06.0341 4352 usbcir - ok
20:52:06.0370 4352 [ e4c436d914768ce965d5e659ba7eebd8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:52:06.0396 4352 usbehci - ok
20:52:06.0431 4352 [ bdcd7156ec37448f08633fd899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:52:06.0458 4352 usbhub - ok
20:52:06.0494 4352 [ eb2d819a639015253c871cda09d91d58 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:52:06.0500 4352 usbohci - ok
20:52:06.0512 4352 [ 797d862fe0875e75c7cc4c1ad7b30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:52:06.0534 4352 usbprint - ok
20:52:06.0569 4352 [ 1c4287739a93594e57e2a9e6a3ed7353 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
20:52:06.0588 4352 USBSTOR - ok
20:52:06.0636 4352 [ f9288b919ea3065ad65f33d971604696 ] USBTINSP C:\Windows\system32\DRIVERS\tinspusb.sys
20:52:06.0645 4352 USBTINSP - ok
20:52:06.0680 4352 [ 22480bf4e5a09192e5e30ba4dde79fa4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:52:06.0698 4352 usbuhci - ok
20:52:06.0728 4352 [ 1cbaeb751a844422e41be63821e7f378 ] UserAccess7 C:\Windows\system32\UAService7.exe
20:52:06.0733 4352 UserAccess7 - ok
20:52:06.0753 4352 [ 081e6e1c91aec36758902a9f727cd23c ] UxSms C:\Windows\System32\uxsms.dll
20:52:06.0756 4352 UxSms - ok
20:52:06.0775 4352 [ c2243ff9e9aad0c30e8b1a0914da15b6 ] VaultSvc C:\Windows\system32\lsass.exe
20:52:06.0777 4352 VaultSvc - ok
20:52:06.0801 4352 [ a059c4c3edb09e07d21a8e5c0aabd3cb ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
20:52:06.0822 4352 vdrvroot - ok
20:52:06.0855 4352 [ 8c4e7c49d3641bc9e299e466a7f8867d ] vds C:\Windows\System32\vds.exe
20:52:06.0892 4352 vds - ok
20:52:06.0929 4352 [ 17c408214ea61696cec9c66e388b14f3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:52:06.0954 4352 vga - ok
20:52:06.0976 4352 [ 8e38096ad5c8570a6f1570a61e251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:52:07.0002 4352 VgaSave - ok
20:52:07.0028 4352 [ 3be6e1f3a4f1afec8cee0d7883f93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
20:52:07.0038 4352 vhdmp - ok
20:52:07.0056 4352 [ c829317a37b4bea8f39735d4b076e923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
20:52:07.0064 4352 viaagp - ok
20:52:07.0070 4352 [ e02f079a6aa107f06b16549c6e5c7b74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:52:07.0093 4352 ViaC7 - ok
20:52:07.0126 4352 [ e43574f6a56a0ee11809b48c09e4fd3c ] viaide C:\Windows\system32\DRIVERS\viaide.sys
20:52:07.0132 4352 viaide - ok
20:52:07.0153 4352 [ 379b349f65f453d2a6e75ea6b7448e49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
20:52:07.0164 4352 vmbus - ok
20:52:07.0170 4352 [ ec2bbab4b84d0738c6c83d2234dc36fe ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
20:52:07.0176 4352 VMBusHID - ok
20:52:07.0194 4352 [ 384e5a2aa49934295171e499f86ba6f3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
20:52:07.0215 4352 volmgr - ok
20:52:07.0246 4352 [ b5bb72067ddddbbfb04b2f89ff8c3c87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:52:07.0276 4352 volmgrx - ok
20:52:07.0300 4352 [ 58df9d2481a56edde167e51b334d44fd ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
20:52:07.0315 4352 volsnap - ok
20:52:07.0342 4352 [ 9dfa0cc2f8855a04816729651175b631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:52:07.0363 4352 vsmraid - ok
20:52:07.0409 4352 [ 7ea2bcd94d9cfaf4c556f5cc94532a6c ] VSS C:\Windows\system32\vssvc.exe
20:52:07.0433 4352 VSS - ok
20:52:07.0446 4352 [ 90567b1e658001e79d7c8bbd3dde5aa6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:52:07.0451 4352 vwifibus - ok
20:52:07.0472 4352 [ 7090d3436eeb4e7da3373090a23448f7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:52:07.0479 4352 vwififlt - ok
20:52:07.0492 4352 [ 55187fd710e27d5095d10a472c8baf1c ] W32Time C:\Windows\system32\w32time.dll
20:52:07.0498 4352 W32Time - ok
20:52:07.0512 4352 [ de3721e89c653aa281428c8a69745d90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:52:07.0539 4352 WacomPen - ok
20:52:07.0571 4352 [ 692a712062146e96d28ba0b7d75de31b ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:52:07.0578 4352 WANARP - ok
20:52:07.0583 4352 [ 692a712062146e96d28ba0b7d75de31b ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:52:07.0584 4352 Wanarpv6 - ok
20:52:07.0640 4352 [ 353a04c273ec58475d8633e75ccd5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:52:07.0816 4352 WatAdminSvc - ok
20:52:07.0852 4352 [ 7790b77fe1e5ee47dcc66247095bb4c9 ] wbengine C:\Windows\system32\wbengine.exe
20:52:07.0909 4352 wbengine - ok
20:52:07.0940 4352 [ 9614b5d29dc76ac3c29f6d2d3aa70e67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:52:07.0951 4352 WbioSrvc - ok
20:52:07.0990 4352 [ 6d9b75275c3e3a5f51aef81affadb2b6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:52:08.0002 4352 wcncsvc - ok
20:52:08.0016 4352 [ 5d930b6357a6d2af4d7653bdabbf352f ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:52:08.0037 4352 WcsPlugInService - ok
20:52:08.0072 4352 [ 1112a9badacb47b7c0bb0392e3158dff ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:52:08.0095 4352 Wd - ok
20:52:08.0133 4352 [ 9950e3d0f08141c7e89e64456ae7dc73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:52:08.0312 4352 Wdf01000 - ok
20:52:08.0332 4352 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:52:08.0336 4352 WdiServiceHost - ok
20:52:08.0340 4352 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:52:08.0344 4352 WdiSystemHost - ok
20:52:08.0383 4352 [ bb5ec38f8d4600119b4720bc5d4211f1 ] WebClient C:\Windows\System32\webclnt.dll
20:52:08.0396 4352 WebClient - ok
20:52:08.0419 4352 [ 760f0afe937a77cff27153206534f275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:52:08.0443 4352 Wecsvc - ok
20:52:08.0470 4352 [ ac804569bb2364fb6017370258a4091b ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:52:08.0474 4352 wercplsupport - ok
20:52:08.0489 4352 [ 08e420d873e4fd85241ee2421b02c4a4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:52:08.0493 4352 WerSvc - ok
20:52:08.0517 4352 [ 8b9a943f3b53861f2bfaf6c186168f79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:52:08.0521 4352 WfpLwf - ok
20:52:08.0536 4352 [ 5cf95b35e59e2a38023836fff31be64c ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:52:08.0541 4352 WIMMount - ok
20:52:08.0581 4352 [ 3fae8f94296001c32eab62cd7d82e0fd ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:52:08.0588 4352 WinDefend - ok
20:52:08.0605 4352 WinHttpAutoProxySvc - ok
20:52:08.0654 4352 [ f62e510b6ad4c21eb9fe8668ed251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:52:08.0657 4352 Winmgmt - ok
20:52:08.0710 4352 [ 845af1ba23c8d5e64def61bcc441604c ] WinRing0_1_2_0 C:\Program Files\RealTemp_340\WinRing0.sys
20:52:08.0716 4352 WinRing0_1_2_0 - ok
20:52:08.0752 4352 [ c4f5d3901d1b41d602ddc196e0b95b51 ] WinRM C:\Windows\system32\WsmSvc.dll
20:52:08.0778 4352 WinRM - ok
20:52:08.0818 4352 [ 16935c98ff639d185086a3529b1f2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:52:08.0829 4352 Wlansvc - ok
20:52:08.0893 4352 [ fb01d4ae207b9efdbabfc55dc95c7e31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:52:08.0920 4352 wlidsvc - ok
20:52:08.0943 4352 [ 0217679b8fca58714c3bf2726d2ca84e ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:52:08.0948 4352 WmiAcpi - ok
20:52:08.0969 4352 [ 6eb6b66517b048d87dc1856ddf1f4c3f ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:52:08.0990 4352 wmiApSrv - ok
20:52:09.0045 4352 [ 77fbd400984cf72ba0fc4b3489d65f74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:52:09.0062 4352 WMPNetworkSvc - ok
20:52:09.0088 4352 [ a2f0ec770a92f2b3f9de6d518e11409c ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:52:09.0095 4352 WPCSvc - ok
20:52:09.0106 4352 [ b7f658a2ebc07129538ad9ab35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:52:09.0111 4352 WPDBusEnum - ok
20:52:09.0124 4352 [ 6db3276587b853bf886b69528fdb048c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:52:09.0147 4352 ws2ifsl - ok
20:52:09.0180 4352 [ a661a76333057b383a06e65f0073222f ] wscsvc C:\Windows\system32\wscsvc.dll
20:52:09.0185 4352 wscsvc - ok
20:52:09.0190 4352 WSearch - ok
20:52:09.0274 4352 [ fc3ec24fce372c89423e015a2ac1a31e ] wuauserv C:\Windows\system32\wuaueng.dll
20:52:09.0326 4352 wuauserv - ok
20:52:09.0361 4352 [ 6f9b6c0c93232cff47d0f72d6db1d21e ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:52:09.0387 4352 WudfPf - ok
20:52:09.0418 4352 [ f91ff1e51fca30b3c3981db7d5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:52:09.0445 4352 WUDFRd - ok
20:52:09.0493 4352 [ ddee3682fe97037c45f4d7ab467cb8b6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:52:09.0497 4352 wudfsvc - ok
20:52:09.0510 4352 [ ff2d745b560f7c71b31f30f4d49f73d2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:52:09.0521 4352 WwanSvc - ok
20:52:09.0550 4352 XDva285 - ok
20:52:09.0557 4352 XDva375 - ok
20:52:09.0564 4352 XDva383 - ok
20:52:09.0577 4352 XDva391 - ok
20:52:09.0602 4352 ================ Scan global ===============================
20:52:09.0627 4352 (9a595df601070da78c40481120dd2c06) C:\Windows\system32\basesrv.dll
20:52:09.0662 4352 (008f51ae989c3df1cbaf8b39dc423ccc) C:\Windows\system32\winsrv.dll
20:52:09.0671 4352 (008f51ae989c3df1cbaf8b39dc423ccc) C:\Windows\system32\winsrv.dll
20:52:09.0693 4352 (364455805e64882844ee9acb72522830) C:\Windows\system32\sxssrv.dll
20:52:09.0730 4352 (5f1b6a9c35d3d5ca72d6d6fdef9747d6) C:\Windows\system32\services.exe
20:52:09.0735 4352 [Global] - ok
20:52:09.0735 4352 ================ Scan MBR ==================================
20:52:09.0746 4352 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:52:10.0044 4352 \Device\Harddisk0\DR0 - ok
20:52:10.0044 4352 ================ Scan VBR ==================================
20:52:10.0048 4352 Boot (0x1200) (99325d595bbd874417c92f3ba1dcf86c) \Device\Harddisk0\DR0\Partition1
20:52:10.0050 4352 \Device\Harddisk0\DR0\Partition1 - ok
20:52:10.0051 4352 ============================================================
20:52:10.0051 4352 Scan finished
20:52:10.0051 4352 ============================================================
20:52:10.0067 5284 Detected object count: 3
20:52:10.0067 5284 Actual detected object count: 3
20:52:13.0483 5284 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:52:13.0483 5284 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
20:52:13.0486 5284 LVPrcSrv ( LockedFile.Multi.Generic ) - skipped by user
20:52:13.0486 5284 LVPrcSrv ( LockedFile.Multi.Generic ) - User select action: Skip
20:52:13.0488 5284 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:52:13.0488 5284 sptd ( LockedFile.Multi.Generic ) - User select action: Skip





And my aswMBR file.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-19 20:54:00
-----------------------------
20:54:00.841 OS Version: Windows 6.1.7600
20:54:00.841 Number of processors: 2 586 0x170A
20:54:00.842 ComputerName: RONNY-PC UserName: Ronny
20:54:03.084 Initialize success
20:56:43.636 AVAST engine defs: 12081900
20:57:12.463 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:57:12.465 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
20:57:12.486 Disk 0 MBR read successfully
20:57:12.489 Disk 0 MBR scan
20:57:12.512 Disk 0 Windows 7 default MBR code
20:57:12.515 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
20:57:12.523 Disk 0 scanning sectors +976768065
20:57:12.550 Disk 0 malicious Win32:MBRoot code @ sector 976768068 !
20:57:12.589 Disk 0 scanning C:\Windows\system32\drivers
20:57:24.988 Service scanning
20:57:43.867 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
20:57:50.294 Modules scanning
20:57:57.523 Disk 0 trace - called modules:
20:57:57.865 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84e771f8]<<
20:57:57.873 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cd71e0]
20:57:57.881 3 CLASSPNP.SYS[894f559e] -> nt!IofCallDriver -> [0x85bd9328]
20:57:57.889 5 ACPI.sys[88db63b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85bd13d0]
20:57:57.897 \Driver\atapi[0x85bbcf38] -> IRP_MJ_CREATE -> 0x84e771f8
20:57:59.089 AVAST engine scan C:\Windows
20:58:10.412 AVAST engine scan C:\Windows\system32
21:03:28.412 AVAST engine scan C:\Windows\system32\drivers
21:03:41.980 AVAST engine scan C:\Users\Ronny
21:18:15.822 AVAST engine scan C:\ProgramData
21:19:51.045 Scan finished successfully
21:23:40.559 Disk 0 MBR has been saved successfully to "C:\Users\Ronny\Downloads\MBR.dat"
21:23:40.567 The log file has been saved successfully to "C:\Users\Ronny\Downloads\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:19 AM

Posted 19 August 2012 - 12:22 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Ron234

Ron234
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 21 August 2012 - 07:23 AM

Hi Gringo, sorry for the late reply, i was really busy yesterday.

Running FixTDSS, it said that no backdoor.tidserv was found.

Here's my aswMBR log.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-21 19:24:03
-----------------------------
19:24:03.908 OS Version: Windows 6.1.7600
19:24:03.908 Number of processors: 2 586 0x170A
19:24:03.908 ComputerName: RONNY-PC UserName: Ronny
19:24:27.715 Initialize success
19:27:03.026 AVAST engine defs: 12082100
19:28:01.050 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:28:01.050 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
19:28:01.066 Disk 0 MBR read successfully
19:28:01.066 Disk 0 MBR scan
19:28:01.082 Disk 0 Windows 7 default MBR code
19:28:01.082 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
19:28:01.082 Disk 0 scanning sectors +976768065
19:28:01.113 Disk 0 malicious Win32:MBRoot code @ sector 976768068 !
19:28:01.160 Disk 0 scanning C:\Windows\system32\drivers
19:28:17.281 Service scanning
19:28:39.452 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:28:46.883 Modules scanning
19:29:07.976 Disk 0 trace - called modules:
19:29:08.318 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84e771f8]<<
19:29:08.324 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cd57c8]
19:29:08.329 3 CLASSPNP.SYS[894f559e] -> nt!IofCallDriver -> [0x85bf1810]
19:29:08.340 5 ACPI.sys[88d3f3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85bfd030]
19:29:08.345 \Driver\atapi[0x85bbd320] -> IRP_MJ_CREATE -> 0x84e771f8
19:29:10.992 AVAST engine scan C:\Windows
19:29:18.491 AVAST engine scan C:\Windows\system32
19:35:50.412 AVAST engine scan C:\Windows\system32\drivers
19:36:12.850 AVAST engine scan C:\Users\Ronny
19:50:23.473 AVAST engine scan C:\ProgramData
19:52:05.903 Scan finished successfully
20:14:28.236 Disk 0 MBR has been saved successfully to "C:\Users\Ronny\Downloads\MBR.dat"
20:14:28.243 The log file has been saved successfully to "C:\Users\Ronny\Downloads\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:19 AM

Posted 21 August 2012 - 04:39 PM

Greetings Ron234

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\ConduitEngine
c:\program files\PageRage

DDS::
uStart Page = hxxp://www.searchqu.com/402
uInternet Settings,ProxyServer = 127.0.0.1:9666
uInternet Settings,ProxyOverride = <local>

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Ron234

Ron234
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 22 August 2012 - 06:32 AM

Hi, finished running Combofix. My computer seems to be doing very well, i haven't seen any problems since the first running of combofix.

Here's the new log.
ComboFix 12-08-22.01 - Ronny 22/08/2012 21:13:45.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.2047.1294 [GMT 10:00]
Running from: c:\users\Ronny\Downloads\ComboFix.exe
Command switches used :: c:\users\Ronny\Downloads\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngin0.dll
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\toolbar.cfg
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-18 08:46 . 2012-08-18 08:46 -------- d-----w- c:\program files\D3DOverrider
2012-08-18 07:35 . 2012-08-18 07:43 -------- d-----w- c:\users\Ronny\AppData\Local\Darksiders2
2012-08-16 09:18 . 2012-08-16 09:18 -------- d-----w- c:\users\Ronny\AppData\Roaming\Curiolab
2012-08-14 09:31 . 2012-08-18 11:05 -------- d-----w- c:\program files\Darksiders 2
2012-08-11 03:46 . 2012-08-11 03:46 -------- d-----w- c:\windows\system32\EventProviders
2012-08-11 03:24 . 2012-06-12 02:44 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-08-11 03:24 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-11 03:24 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-11 03:24 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-11 03:24 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-11 03:24 . 2012-07-15 16:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42BA1846-2290-4FF3-B3DD-E62415D77F3A}\mpengine.dll
2012-08-11 03:19 . 2012-08-11 03:19 -------- d-----w- c:\program files\Ronimo Games
2012-08-11 02:51 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-08-11 02:24 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-11 02:24 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-08-11 02:24 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-08 11:23 . 2012-08-18 08:34 -------- d-----w- c:\users\Ronny\AppData\Roaming\Buuqyw
2012-08-08 11:23 . 2012-08-08 11:23 -------- d-----w- c:\users\Ronny\AppData\Roaming\Ifire
2012-08-01 12:38 . 2012-08-01 12:38 -------- d-----w- c:\users\Ronny\AppData\Local\FLT
2012-08-01 12:30 . 2012-08-01 12:34 -------- d-----w- c:\program files\Orcs Must Die 2
2012-07-28 01:29 . 2012-07-28 01:29 -------- d-----w- c:\users\Ronny\AppData\Roaming\FALCOM
2012-07-28 01:29 . 2012-07-30 10:38 -------- d-----w- C:\FALCOM
2012-07-24 11:47 . 2012-07-24 11:59 -------- d-----w- c:\users\Ronny\AppData\Roaming\Braid
2012-07-23 12:02 . 2012-07-26 12:33 -------- d-sh--w- c:\users\Ronny\wc
2012-07-23 12:02 . 2012-07-23 12:02 -------- d-----w- c:\users\Ronny\AppData\Local\Universe Sandbox
2012-07-23 12:02 . 2012-07-23 12:02 -------- d-sh--w- c:\users\Ronny\AppData\Roaming\wyUpdate AU
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 08:02 . 2009-07-13 23:11 259072 ----a-w- c:\windows\system32\services.exe
2012-08-15 11:54 . 2012-05-15 09:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 11:54 . 2011-05-27 23:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 13:59 . 2012-07-03 13:59 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-03 13:58 . 2012-05-19 09:29 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-07-03 03:46 . 2010-08-23 05:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 06:50 . 2011-03-28 08:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-21 06:54 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:54 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:53 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:53 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 06:54 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 06:54 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 06:53 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19 . 2012-06-21 06:53 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:12 . 2012-06-21 06:53 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 02:25 . 2011-04-24 07:56 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-22 01:34 . 2011-09-29 05:55 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2012-08-04 1353080]
"Akamai NetSession Interface"="c:\users\Ronny\AppData\Local\Akamai\netsession_win.exe" [2012-05-25 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-19 98304]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-07 2221352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ&inst=NzctNjQyMzUxNzM2LVRCOSsyLUZMKzktWE8zNisxLUY5TTEwQSsyLUY5TTIrMS1GTDEwKzEtTElDKzEtRERUKzU1MjgxLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMQ&prod=90&ver=10.0.1392" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2469888]
Wireless Utility.lnk - c:\program files\Edimax\Common\RaUI.exe [2010-12-6 1572864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Atari\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
R3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\RealTemp_340\WinRing0.sys [x]
R3 XDva285;XDva285;c:\windows\system32\XDva285.sys [x]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [x]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 11:54]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
FF - ProfilePath - c:\users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\idw69s9k.default-1344849576993\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\˝*l%a*u*]
"Successes"=dword:80000000
"Failures"=dword:80000007
"{D5CA50BE-5BE6-46AA-8815-E239686688D6}"=hex:00,18,f8,f5,5d,21
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-22 21:29:48
ComboFix-quarantined-files.txt 2012-08-22 11:29
ComboFix2.txt 2012-08-19 09:53
.
Pre-Run: 261,061,173,248 bytes free
Post-Run: 260,496,379,904 bytes free
.
- - End Of File - - 2C08FB0B1AC8249AC1BC48B67727B332

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:19 AM

Posted 22 August 2012 - 09:53 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.4
ÁTorrent
Conduit Engine
Java™ 6 Update 21
Java™ 7 Update 4
JavaFX 2.1.0
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop« Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop« Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Ron234

Ron234
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 24 August 2012 - 11:01 PM

Hi Gringo, I've done everything listed. Everything seems to be working great at the moment, i haven't had any problems recently.


MBAM log
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.25.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Ronny :: RONNY-PC [administrator]

25/08/2012 1:08:20 PM
mbam-log-2012-08-25 (13-08-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252460
Time elapsed: 7 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





Hijackthis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:37:19 PM, on 25/08/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17006)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Ronny\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Ronny\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Edimax\Common\RaUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
C:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Din's Curse\Din's Curse - Demon War PC - Hyperdrive25\DinsCurse.exe
C:\Windows\notepad.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ronny\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNjQyMzUxNzM2LVRCOSsyLUZMKzktWE8zNisxLUY5TTEwQSsyLUY5TTIrMS1GTDEwKzEtTElDKzEtRERUKzU1MjgxLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMQ"&"prod=90"&"ver=10.0.1392
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Ronny\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: Wireless Utility.lnk = C:\Program Files\Edimax\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\AstSrv.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Atari\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Edimax\Common\RaRegistry.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe

--
End of file - 9454 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:19 AM

Posted 25 August 2012 - 06:01 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNjQyMzUxNzM2LVRCOSsyLUZMKzktWE8zNisxLUY5TTEwQSsyLUY5TTIrMS1GTDEwKzEtTElDKzEtRERUKzU1MjgxLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMQ"&"prod=90"&"ver=10.0.1392
      O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Ronny\AppData\Local\Akamai\netsession_win.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Ron234

Ron234
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 25 August 2012 - 11:06 PM

Hi Gringo, ESET online scanner came back with 5 infections which i think might be leftovers from some Rogue antispyware i had at one stage. Also, Avira recently detected 2 viruses, hiquh.exe as a trojan and another file. I'm sorry i can't be more specific, i just did an update of avira, and it cleared the quarantine section, so i can't look back at the two viruses.
Heres my ESET log.

C:\Documents and Settings\Ronny\AppData\Roaming\DE1BE360D99DAE85129D1BF78C0ED7BE\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Documents and Settings\Ronny\AppData\Roaming\DE1BE360D99DAE85129D1BF78C0ED7BE\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Users\Ronny\AppData\Roaming\DE1BE360D99DAE85129D1BF78C0ED7BE\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Users\Ronny\AppData\Roaming\DE1BE360D99DAE85129D1BF78C0ED7BE\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Windows.7.Loader.v1.7.0\Windows 7 Loader.exe MSIL/Agent.NAS trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users