Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Sirefef.a virus's


  • This topic is locked This topic is locked
21 replies to this topic

#1 spitdrumr

spitdrumr

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 19 August 2012 - 06:48 PM

Ok i posted here before and did the preparation steps as suggested. I'm running Win 7 32bit. As i stated in the other post i recently uninstalled adaware free because it found these sirefef virus's but couldn't clean them. I then downloaded and installed Microsoft Security Essentials but it was unable to clean these virus's either. Now every time i start up my computer i receive a message saying to save all my work, the computer will shut down in 1 minute.
Here are my results from trying to complete the preparation steps:

Step 6: Disable CD Emulation- Downloaded and ran Defogger. Unable to complete this step. It returned the following log.
defogger_disable by jpshortstuff (23.02.10.1)

Log created at 17:19 on 19/08/2012 (Chad)



Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.



Checking for services/drivers...

Error opening service: SPTD (1722)

Error opening service: a347bus (1722)

Error opening service: a347scsi (1722)

Error opening service: Vax347b (1722)

Error opening service: Vax347s (1722)

Error opening service: sojubus (1722)

Error opening service: sojuscsi (1722)

Error opening service: d347bus (1722)

Error opening service: d347prt (1722)

Error opening service: xmasbus (1722)

Error opening service: xmasscsi (1722)





-=E.O.F=-

Step 7: Run DDS- Unable to complete this step. Computer will not stay on long enough to download and install. Shuts down after 1 minute of being on.
Step 8: Create GMER Log- Unable to complete this step for same reason as above.

What next? I'm at a loss as to how to keep my computer on long enough to install anything.
Thanks for helping!!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 20 August 2012 - 03:52 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 spitdrumr

spitdrumr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 20 August 2012 - 04:52 PM

Ok got it. Here are the logs as requested!
Thanks a ton!!

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 19-08-2012 01
Ran by SYSTEM at 20-08-2012 15:40:01
Running from I:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [NBAgent] "G:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [BCSSync] "G:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]
HKLM\...\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe" [771360 2009-11-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [SBRegRebootCleaner] "G:\Program Files\Ad-Aware Antivirus\Engine\SBRC.exe" [x]
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Chad\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Chad\...\Run: [MusicManager] "C:\Users\Chad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13806592 2012-06-01] (Google Inc.)
HKU\Chad\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2012-01-22] (TomTom)
HKU\Chad\...\Run: [Google Update] "C:\Users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-12] (Google Inc.)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1174016 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Chad\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

================================ Services (Whitelisted) ==================

3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-07-13] (Mozilla Foundation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [490280 2010-03-25] (Nero AG)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
2 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [x]

========================== Drivers (Whitelisted) =============

3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [104512 2009-11-11] (SlySoft, Inc.)
1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [25768 2009-09-26] (Elaborate Bytes AG)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 MRV6X32P; C:\Windows\System32\DRIVERS\MRVW13B.sys [256000 2007-05-03] (Marvell Semiconductor, Inc)
1 SbFw; C:\Windows\System32\drivers\SbFw.sys [221784 2011-04-05] (Sunbelt Software, Inc.)
3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [69208 2011-02-08] (Sunbelt Software, Inc.)
3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [69208 2011-02-08] (Sunbelt Software, Inc.)
3 sbhips; C:\Windows\System32\drivers\sbhips.sys [94040 2011-04-05] (Sunbelt Software, Inc.)
1 SbTis; C:\Windows\System32\drivers\sbtis.sys [78936 2011-04-05] (Sunbelt Software, Inc.)
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-20 15:39 - 2012-08-20 15:40 - 00000000 ____D C:\FRST
2012-08-19 17:36 - 2012-08-19 17:36 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\yksunqqy.sys
2012-08-19 17:13 - 2012-08-19 17:20 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-08-19 17:05 - 2012-08-14 02:17 - 02208856 ____A (Kaspersky Lab ZAO) C:\Users\Chad\Desktop\tdsskiller.exe
2012-08-19 15:27 - 2011-08-25 10:15 - 00607260 ____R (Swearware) C:\Users\Chad\Desktop\dds.com
2012-08-19 11:35 - 2012-08-19 11:35 - 00000000 ____A C:\Users\Chad\defogger_reenable
2012-08-17 19:12 - 2012-08-17 19:12 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vrucxwhp.sys
2012-08-17 17:52 - 2012-08-17 17:52 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-17 17:10 - 2012-08-17 19:11 - 00002243 ____A C:\Windows\epplauncher.mif
2012-08-17 16:32 - 2012-08-17 16:33 - 10288512 ____A (Microsoft Corporation) C:\Users\Chad\Downloads\mseinstall.exe
2012-08-16 17:47 - 2012-08-16 17:49 - 16476616 ____A (Microsoft Corporation) C:\Users\Chad\Downloads\Windows-KB890830-V4.11.exe
2012-08-16 17:04 - 2012-08-16 17:04 - 00000000 ____D C:\Users\All Users\AVG Security Toolbar
2012-08-16 16:15 - 2012-08-16 17:07 - 00000000 ____D C:\Users\All Users\AVG10
2012-08-16 16:05 - 2012-08-16 16:12 - 00000000 ____D C:\Users\All Users\MFAData
2012-08-15 15:38 - 2012-08-15 15:38 - 00000165 ___AH C:\Users\Chad\Desktop\~$Accounting - 2012.xlsx
2012-08-09 18:01 - 2012-08-09 18:01 - 00001088 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-08-09 18:01 - 2012-08-09 18:01 - 00000000 ____D C:\Users\Chad\AppData\Local\Mozilla
2012-08-09 18:01 - 2012-08-09 18:01 - 00000000 ____D C:\Users\All Users\Mozilla
2012-08-09 18:01 - 2012-08-09 18:01 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-08-09 18:01 - 2012-08-09 18:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-08-01 17:30 - 2012-08-01 17:30 - 00021194 ____A C:\Users\Chad\Desktop\21531708.jpeg

============ 3 Months Modified Files ========================

2012-08-19 17:36 - 2012-08-19 17:36 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\yksunqqy.sys
2012-08-19 17:32 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-19 17:29 - 2012-05-04 16:34 - 00002464 ____A C:\Windows\setupact.log
2012-08-19 17:29 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-19 17:24 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-19 17:24 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-19 17:08 - 2011-04-12 14:11 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1166799441-644486007-2581645919-1002UA.job
2012-08-19 11:35 - 2012-08-19 11:35 - 00000000 ____A C:\Users\Chad\defogger_reenable
2012-08-19 07:58 - 2012-05-04 16:34 - 00003394 ____A C:\Windows\PFRO.log
2012-08-17 19:12 - 2012-08-17 19:12 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vrucxwhp.sys
2012-08-17 19:11 - 2012-08-17 17:10 - 00002243 ____A C:\Windows\epplauncher.mif
2012-08-17 17:53 - 2004-11-24 22:26 - 02083680 ____A C:\Windows\WindowsUpdate.log
2012-08-17 17:52 - 2010-12-11 18:38 - 00743196 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-17 17:51 - 2012-02-22 09:37 - 00182846 ____A C:\Users\Chad\Desktop\Accounting - 2012.xlsx
2012-08-17 17:37 - 2012-05-04 18:34 - 00098304 __ASH C:\Users\Chad\Documents\Thumbs.db
2012-08-17 16:33 - 2012-08-17 16:32 - 10288512 ____A (Microsoft Corporation) C:\Users\Chad\Downloads\mseinstall.exe
2012-08-17 08:08 - 2011-04-12 14:11 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1166799441-644486007-2581645919-1002Core.job
2012-08-16 17:49 - 2012-08-16 17:47 - 16476616 ____A (Microsoft Corporation) C:\Users\Chad\Downloads\Windows-KB890830-V4.11.exe
2012-08-16 09:16 - 2011-04-12 14:15 - 00002443 ____A C:\Users\Chad\Desktop\Google Chrome.lnk
2012-08-15 15:38 - 2012-08-15 15:38 - 00000165 ___AH C:\Users\Chad\Desktop\~$Accounting - 2012.xlsx
2012-08-14 02:17 - 2012-08-19 17:05 - 02208856 ____A (Kaspersky Lab ZAO) C:\Users\Chad\Desktop\tdsskiller.exe
2012-08-09 18:01 - 2012-08-09 18:01 - 00001088 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-08-03 02:46 - 2010-12-11 19:11 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-01 17:30 - 2012-08-01 17:30 - 00021194 ____A C:\Users\Chad\Desktop\21531708.jpeg
2012-07-18 19:11 - 2012-05-30 17:28 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-18 19:11 - 2012-05-30 17:28 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-18 19:10 - 2012-07-18 19:10 - 00000104 ____A C:\Windows\System32\SBRC.dat
2012-07-18 16:09 - 2012-07-18 15:13 - 124586272 ____A (NVIDIA Corporation) C:\Users\Chad\Downloads\301.42-desktop-win7-winvista-32bit-english-whql.exe
2012-07-18 15:04 - 2012-07-18 15:04 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-07-16 08:09 - 2012-07-16 08:09 - 00910112 ____A (Sun Microsystems, Inc.) C:\Users\Chad\Downloads\chromeinstall-6u31.exe
2012-07-11 03:24 - 2009-07-13 20:33 - 03768208 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-26 17:52 - 2011-01-15 22:14 - 00001013 ____A C:\Users\Chad\Desktop\Dropbox.lnk
2012-06-11 18:40 - 2012-07-11 01:02 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 20:41 - 2012-07-10 23:17 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:05 - 2012-07-10 23:18 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-10 23:18 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-10 23:18 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-02 14:19 - 2012-06-20 19:39 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 19:39 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 19:38 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 19:38 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 19:38 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-20 19:38 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-20 19:38 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 13:19 - 2012-06-20 19:38 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 13:12 - 2012-06-20 19:38 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-11 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 01:07 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 01:07 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 01:07 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 01:07 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 01:07 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-11 01:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 01:07 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 01:07 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 01:07 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 01:07 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-11 01:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 01:08 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 01:07 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 20:45 - 2012-07-10 23:18 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-10 23:18 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-10 23:18 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-10 23:18 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-10 23:18 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-30 16:53 - 2012-05-30 16:52 - 00688112 ____A C:\Windows\Minidump\053012-19344-01.dmp


ZeroAccess:
C:\Windows\Installer\{45a399d9-8447-4ab1-7bdd-f37bd03b792e}
C:\Windows\Installer\{45a399d9-8447-4ab1-7bdd-f37bd03b792e}\@
C:\Windows\Installer\{45a399d9-8447-4ab1-7bdd-f37bd03b792e}\L
C:\Windows\Installer\{45a399d9-8447-4ab1-7bdd-f37bd03b792e}\U
C:\Windows\Installer\{45a399d9-8447-4ab1-7bdd-f37bd03b792e}\L\00000004.@
C:\Windows\Installer\{45a399d9-8447-4ab1-7bdd-f37bd03b792e}\L\1afb2d56
C:\Windows\Installer\{45a399d9-8447-4ab1-7bdd-f37bd03b792e}\L\201d3dde

ZeroAccess:
C:\Users\Chad\AppData\Local\{45a399d9-8447-4ab1-7bdd-f37bd03b792e}
C:\Users\Chad\AppData\Local\{45a399d9-8447-4ab1-7bdd-f37bd03b792e}\@
C:\Users\Chad\AppData\Local\{45a399d9-8447-4ab1-7bdd-f37bd03b792e}\L
C:\Users\Chad\AppData\Local\{45a399d9-8447-4ab1-7bdd-f37bd03b792e}\U

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 3070.15 MB
Available physical RAM: 2649.03 MB
Total Pagefile: 3068.43 MB
Available Pagefile: 2653.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.73 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:34.18 GB) (Free:1.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: () (Fixed) (Total:3.06 GB) (Free:3.01 GB) NTFS
6 Drive g: (External Disk) (Fixed) (Total:232.88 GB) (Free:35.75 GB) NTFS
8 Drive i: () (Removable) (Total:14.9 GB) (Free:13.57 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 37 GB 6144 KB
Disk 1 Online 232 GB 1024 KB
Disk 2 No Media 0 B 0 B
Disk 3 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 34 GB 31 KB
Partition 0 Extended 3137 MB 34 GB
Partition 2 Logical 3137 MB 34 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 34 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 3137 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G External Di NTFS Partition 232 GB Healthy

==================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 16 KB

==================================================================================

Disk: 3
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT32 Removable 14 GB Healthy

==================================================================================

Last Boot: 2012-08-17 17:06

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 19-08-2012 01
Ran by SYSTEM at 2012-08-20 15:45:47
Running from I:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-08-19 17:32] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 21 August 2012 - 12:46 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\WINDOWS\assembly\GAC\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\Installer\{45a399d9-8447-4ab1-7bdd-f37bd03b792e}
C:\Users\Chad\AppData\Local\{45a399d9-8447-4ab1-7bdd-f37bd03b792e} 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 spitdrumr

spitdrumr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 21 August 2012 - 06:25 AM

Here is the requested log.
Thanks again!!

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 19-08-2012 01
Ran by SYSTEM at 2012-08-21 05:22:00 Run:1
Running from I:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
C:\WINDOWS\assembly\GAC\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Windows\Installer\{45a399d9-8447-4ab1-7bdd-f37bd03b792e} moved successfully.
C:\Users\Chad\AppData\Local\{45a399d9-8447-4ab1-7bdd-f37bd03b792e} moved successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 21 August 2012 - 12:49 PM

Hello spitdrumr

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 spitdrumr

spitdrumr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 21 August 2012 - 09:39 PM

Ok here is the log from ComboFix:

ComboFix 12-08-21.02 - Chad 08/21/2012 19:52:34.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2265 [GMT -6:00]
Running from: c:\users\Chad\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\drvrtmp
c:\program files\PrivacySafeGuard\PrIVacysafeguard.dll
c:\users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7C039CA6-7457-4F41-BE67-DD788016B0EB}.xps
c:\users\Chad\AppData\Roaming\883091875.log
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-22 02:01 . 2012-08-22 02:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-22 02:01 . 2012-08-22 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-20 23:39 . 2012-08-20 23:40 -------- d-----w- C:\FRST
2012-08-20 01:25 . 2012-08-22 02:03 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CED7D655-8FA0-4EED-B726-AA5E57BF179E}\offreg.dll
2012-08-20 01:13 . 2012-08-20 01:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-18 03:12 . 2012-08-18 03:12 43480 ----a-w- c:\windows\system32\drivers\vrucxwhp.sys
2012-08-18 02:03 . 2012-02-09 20:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-08-18 02:03 . 2012-02-09 20:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{634B871E-884D-4391-B05D-2500D1BE76E6}\gapaengine.dll
2012-08-18 02:02 . 2012-07-16 08:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CED7D655-8FA0-4EED-B726-AA5E57BF179E}\mpengine.dll
2012-08-18 01:52 . 2012-08-18 01:52 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-17 01:23 . 2012-08-17 01:23 -------- d-----w- c:\users\Chad\AppData\Local\ElevatedDiagnostics
2012-08-17 01:04 . 2012-08-17 01:04 -------- d-----w- c:\programdata\AVG Security Toolbar
2012-08-17 00:19 . 2012-08-17 00:19 -------- d--h--w- c:\programdata\Common Files
2012-08-17 00:15 . 2012-08-17 01:07 -------- d-----w- c:\programdata\AVG10
2012-08-17 00:05 . 2012-08-17 00:12 -------- d-----w- c:\programdata\MFAData
2012-08-10 02:01 . 2012-08-10 02:01 -------- d-----w- c:\users\Chad\AppData\Local\Mozilla
2012-08-10 02:01 . 2012-08-10 02:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-19 03:11 . 2012-05-31 01:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-19 03:11 . 2012-05-31 01:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-12 02:40 . 2012-07-11 09:02 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-11 07:18 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 07:18 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 07:18 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-21 03:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 03:39 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 03:38 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 03:38 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 03:38 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 03:38 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 03:38 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19 . 2012-06-21 03:38 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:12 . 2012-06-21 03:38 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-11 09:07 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 09:07 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 09:07 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 09:07 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 09:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-11 07:18 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 07:18 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 07:18 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 07:18 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 07:18 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-14 00:17 . 2012-08-10 02:01 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"MusicManager"="c:\users\Chad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="g:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"BCSSync"="g:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0g:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0g:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart\0SBBD.exe /d \Device\HarddiskVolume3\Program Files\Ad-Aware Antivirus\Engine\Definitions
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"MusicManager"="c:\users\Chad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" -s
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SelectRebates"=c:\program files\SelectRebates\SelectRebates.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;g:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;g:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 RTL8192su;RNX-N180UBE Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1166799441-644486007-2581645919-1002Core.job
- c:\users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 22:11]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1166799441-644486007-2581645919-1002UA.job
- c:\users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - g:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - g:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\wyad956n.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - g:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - g:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
HKLM-Run-SBRegRebootCleaner - g:\program files\Ad-Aware Antivirus\Engine\SBRC.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2652)
c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-08-21 20:13:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-22 02:13
.
Pre-Run: 926,806,016 bytes free
Post-Run: 1,150,767,104 bytes free
.
- - End Of File - - 7C8F19DE995F5453B89E789BF30B69E3





I only encountered one problem while running this. Right before starting ComboFix i received the following message:

ComboFix has detected the following real time scanner(s) to be active:

antivirus: Lavasoft Ad-Aware
antispyware: Lavasoft Ad-Aware

Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage.

Please disable these scanners before clicking 'OK'.





antivirus: Lavasoft Ad-Aware
anitspyware: Lavasoft Ad-Aware

The above real time scanner(s) are still active but ComboFix shall continue to run. Kindly note that this is at your own risk

I tried multiple times to shut down Lavasoft Ad-Aware with no success. The program was uninstalled long before i started having issues, so i'm not sure why the error message came up. I couldn't find anything in the system tray regarding this program either, so i just started ComboFix anyway. It ran smoothly, and my computer is running great! Haven't had any other issues yet!
So, did we get it? Thanks for all your help with this!!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 22 August 2012 - 08:03 AM

Greetings spitdrumr

It is still to early to tell so I am going to do some extra checking

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 spitdrumr

spitdrumr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 22 August 2012 - 06:47 PM

Ok I ran both of these. Reports are as follows:

TDSSKiller log:

16:55:30.0555 2656 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
16:55:31.0413 2656 ============================================================
16:55:31.0413 2656 Current date / time: 2012/08/22 16:55:31.0413
16:55:31.0413 2656 SystemInfo:
16:55:31.0413 2656
16:55:31.0413 2656 OS Version: 6.1.7601 ServicePack: 1.0
16:55:31.0413 2656 Product type: Workstation
16:55:31.0413 2656 ComputerName: CHAD-PC
16:55:31.0413 2656 UserName: Chad
16:55:31.0413 2656 Windows directory: C:\Windows
16:55:31.0413 2656 System windows directory: C:\Windows
16:55:31.0413 2656 Processor architecture: Intel x86
16:55:31.0413 2656 Number of processors: 1
16:55:31.0413 2656 Page size: 0x1000
16:55:31.0413 2656 Boot type: Normal boot
16:55:31.0413 2656 ============================================================
16:55:32.0973 2656 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:55:32.0988 2656 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:55:33.0004 2656 ============================================================
16:55:33.0004 2656 \Device\Harddisk0\DR0:
16:55:33.0004 2656 MBR partitions:
16:55:33.0035 2656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x620D51
16:55:33.0035 2656 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x445C7AF
16:55:33.0035 2656 \Device\Harddisk1\DR1:
16:55:33.0035 2656 MBR partitions:
16:55:33.0035 2656 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
16:55:33.0035 2656 ============================================================
16:55:33.0051 2656 D: <-> \Device\Harddisk0\DR0\Partition1
16:55:33.0098 2656 C: <-> \Device\Harddisk0\DR0\Partition2
16:55:33.0144 2656 G: <-> \Device\Harddisk1\DR1\Partition1
16:55:33.0144 2656 ============================================================
16:55:33.0144 2656 Initialize success
16:55:33.0144 2656 ============================================================
16:56:07.0636 3928 ============================================================
16:56:07.0636 3928 Scan started
16:56:07.0636 3928 Mode: Manual;
16:56:07.0636 3928 ============================================================
16:56:10.0382 3928 ================ Scan system memory ========================
16:56:10.0382 3928 System memory - ok
16:56:10.0382 3928 ================ Scan services =============================
16:56:10.0600 3928 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:56:10.0600 3928 1394ohci - ok
16:56:10.0694 3928 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:56:10.0694 3928 ACPI - ok
16:56:10.0740 3928 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:56:10.0740 3928 AcpiPmi - ok
16:56:10.0959 3928 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:56:10.0959 3928 AdobeARMservice - ok
16:56:11.0099 3928 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:56:11.0130 3928 adp94xx - ok
16:56:11.0271 3928 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:56:11.0286 3928 adpahci - ok
16:56:11.0380 3928 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:56:11.0442 3928 adpu320 - ok
16:56:11.0505 3928 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:56:11.0520 3928 AeLookupSvc - ok
16:56:11.0645 3928 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:56:11.0676 3928 AFD - ok
16:56:11.0708 3928 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:56:11.0723 3928 agp440 - ok
16:56:11.0801 3928 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:56:11.0817 3928 aic78xx - ok
16:56:12.0035 3928 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:56:12.0035 3928 ALG - ok
16:56:12.0082 3928 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:56:12.0082 3928 aliide - ok
16:56:12.0144 3928 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:56:12.0160 3928 amdagp - ok
16:56:12.0238 3928 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:56:12.0254 3928 amdide - ok
16:56:12.0347 3928 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:56:12.0378 3928 AmdK8 - ok
16:56:12.0456 3928 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:56:12.0472 3928 AmdPPM - ok
16:56:12.0566 3928 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:56:12.0581 3928 amdsata - ok
16:56:12.0659 3928 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:56:12.0690 3928 amdsbs - ok
16:56:12.0722 3928 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:56:12.0737 3928 amdxata - ok
16:56:12.0846 3928 [ A289FB3BB1894F14AC9C7230EF28F0BE ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
16:56:12.0846 3928 AnyDVD - ok
16:56:12.0956 3928 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:56:13.0002 3928 AppID - ok
16:56:13.0034 3928 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:56:13.0049 3928 AppIDSvc - ok
16:56:13.0143 3928 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
16:56:13.0158 3928 Appinfo - ok
16:56:13.0502 3928 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:56:13.0533 3928 Apple Mobile Device - ok
16:56:13.0751 3928 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
16:56:13.0767 3928 AppMgmt - ok
16:56:13.0892 3928 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:56:13.0923 3928 arc - ok
16:56:13.0970 3928 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:56:13.0985 3928 arcsas - ok
16:56:14.0063 3928 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:56:14.0079 3928 AsyncMac - ok
16:56:14.0126 3928 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:56:14.0126 3928 atapi - ok
16:56:14.0344 3928 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:56:14.0391 3928 AudioEndpointBuilder - ok
16:56:14.0500 3928 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:56:14.0516 3928 Audiosrv - ok
16:56:14.0609 3928 AVG Security Toolbar Service - ok
16:56:14.0656 3928 AVGIDSAgent - ok
16:56:14.0718 3928 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:56:14.0734 3928 AxInstSV - ok
16:56:14.0921 3928 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:56:14.0952 3928 b06bdrv - ok
16:56:15.0108 3928 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:56:15.0140 3928 b57nd60x - ok
16:56:15.0296 3928 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:56:15.0311 3928 BDESVC - ok
16:56:15.0374 3928 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:56:15.0374 3928 Beep - ok
16:56:15.0717 3928 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:56:15.0748 3928 BFE - ok
16:56:15.0966 3928 BITCOMET_HELPER_SERVICE - ok
16:56:16.0060 3928 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:56:16.0076 3928 blbdrive - ok
16:56:16.0325 3928 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:56:16.0372 3928 Bonjour Service - ok
16:56:16.0403 3928 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:56:16.0419 3928 bowser - ok
16:56:16.0450 3928 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:56:16.0466 3928 BrFiltLo - ok
16:56:16.0497 3928 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:56:16.0528 3928 BrFiltUp - ok
16:56:16.0715 3928 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:56:16.0731 3928 BridgeMP - ok
16:56:16.0778 3928 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
16:56:16.0809 3928 Browser - ok
16:56:16.0918 3928 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:56:16.0965 3928 Brserid - ok
16:56:17.0012 3928 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:56:17.0027 3928 BrSerWdm - ok
16:56:17.0074 3928 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:56:17.0074 3928 BrUsbMdm - ok
16:56:17.0121 3928 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:56:17.0136 3928 BrUsbSer - ok
16:56:17.0168 3928 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:56:17.0183 3928 BTHMODEM - ok
16:56:17.0261 3928 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:56:17.0277 3928 bthserv - ok
16:56:17.0823 3928 catchme - ok
16:56:17.0885 3928 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:56:17.0901 3928 cdfs - ok
16:56:18.0026 3928 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:56:18.0041 3928 cdrom - ok
16:56:18.0244 3928 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:56:18.0260 3928 CertPropSvc - ok
16:56:18.0322 3928 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:56:18.0353 3928 circlass - ok
16:56:18.0494 3928 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:56:18.0540 3928 CLFS - ok
16:56:19.0601 3928 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:56:19.0866 3928 clr_optimization_v2.0.50727_32 - ok
16:56:20.0568 3928 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:56:20.0958 3928 clr_optimization_v4.0.30319_32 - ok
16:56:21.0005 3928 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:56:21.0036 3928 CmBatt - ok
16:56:21.0068 3928 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:56:21.0099 3928 cmdide - ok
16:56:21.0270 3928 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
16:56:21.0333 3928 CNG - ok
16:56:21.0395 3928 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:56:21.0411 3928 Compbatt - ok
16:56:21.0520 3928 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:56:21.0520 3928 CompositeBus - ok
16:56:21.0582 3928 COMSysApp - ok
16:56:21.0676 3928 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:56:21.0707 3928 crcdisk - ok
16:56:21.0816 3928 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:56:21.0832 3928 CryptSvc - ok
16:56:21.0941 3928 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
16:56:21.0988 3928 CSC - ok
16:56:22.0128 3928 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
16:56:22.0144 3928 CscService - ok
16:56:22.0269 3928 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:56:22.0284 3928 DcomLaunch - ok
16:56:22.0362 3928 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:56:22.0362 3928 defragsvc - ok
16:56:22.0425 3928 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:56:22.0456 3928 DfsC - ok
16:56:22.0565 3928 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:56:22.0643 3928 Dhcp - ok
16:56:22.0659 3928 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:56:22.0659 3928 discache - ok
16:56:22.0721 3928 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:56:22.0721 3928 Disk - ok
16:56:22.0768 3928 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:56:22.0784 3928 Dnscache - ok
16:56:22.0846 3928 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:56:22.0846 3928 dot3svc - ok
16:56:22.0893 3928 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:56:22.0893 3928 DPS - ok
16:56:22.0940 3928 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:56:22.0940 3928 drmkaud - ok
16:56:22.0986 3928 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:56:22.0986 3928 DXGKrnl - ok
16:56:23.0049 3928 [ 20DE769B84960606D8DBB2AEC123021A ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
16:56:23.0064 3928 E100B - ok
16:56:23.0127 3928 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:56:23.0127 3928 EapHost - ok
16:56:23.0423 3928 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:56:23.0532 3928 ebdrv - ok
16:56:23.0579 3928 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:56:23.0595 3928 EFS - ok
16:56:23.0720 3928 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:56:23.0735 3928 ehRecvr - ok
16:56:23.0782 3928 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:56:23.0798 3928 ehSched - ok
16:56:23.0860 3928 [ 76CAD4F1291990FC47824B845032E997 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
16:56:23.0860 3928 ElbyCDIO - ok
16:56:23.0938 3928 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:56:23.0954 3928 elxstor - ok
16:56:23.0985 3928 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:56:23.0985 3928 ErrDev - ok
16:56:24.0078 3928 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:56:24.0078 3928 EventSystem - ok
16:56:24.0110 3928 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:56:24.0125 3928 exfat - ok
16:56:24.0172 3928 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:56:24.0172 3928 fastfat - ok
16:56:24.0250 3928 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:56:24.0266 3928 Fax - ok
16:56:24.0312 3928 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:56:24.0328 3928 fdc - ok
16:56:24.0375 3928 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:56:24.0375 3928 fdPHost - ok
16:56:24.0406 3928 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:56:24.0406 3928 FDResPub - ok
16:56:24.0437 3928 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:56:24.0437 3928 FileInfo - ok
16:56:24.0484 3928 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:56:24.0484 3928 Filetrace - ok
16:56:24.0515 3928 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:56:24.0515 3928 flpydisk - ok
16:56:24.0546 3928 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:56:24.0546 3928 FltMgr - ok
16:56:24.0593 3928 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
16:56:24.0624 3928 FontCache - ok
16:56:24.0718 3928 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:56:24.0718 3928 FontCache3.0.0.0 - ok
16:56:24.0765 3928 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:56:24.0765 3928 FsDepends - ok
16:56:24.0812 3928 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:56:24.0812 3928 Fs_Rec - ok
16:56:24.0890 3928 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:56:24.0890 3928 fvevol - ok
16:56:24.0952 3928 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:56:24.0952 3928 gagp30kx - ok
16:56:25.0030 3928 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:56:25.0030 3928 GEARAspiWDM - ok
16:56:25.0092 3928 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:56:25.0108 3928 gpsvc - ok
16:56:25.0155 3928 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:56:25.0155 3928 hcw85cir - ok
16:56:25.0202 3928 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:56:25.0202 3928 HDAudBus - ok
16:56:25.0233 3928 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:56:25.0233 3928 HidBatt - ok
16:56:25.0248 3928 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:56:25.0248 3928 HidBth - ok
16:56:25.0327 3928 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:56:25.0327 3928 HidIr - ok
16:56:25.0373 3928 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
16:56:25.0389 3928 hidserv - ok
16:56:25.0451 3928 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:56:25.0451 3928 HidUsb - ok
16:56:25.0498 3928 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:56:25.0498 3928 hkmsvc - ok
16:56:25.0561 3928 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:56:25.0561 3928 HomeGroupListener - ok
16:56:25.0623 3928 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:56:25.0623 3928 HomeGroupProvider - ok
16:56:25.0685 3928 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:56:25.0685 3928 HpSAMD - ok
16:56:25.0748 3928 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:56:25.0763 3928 HTTP - ok
16:56:25.0810 3928 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:56:25.0810 3928 hwpolicy - ok
16:56:25.0873 3928 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:56:25.0873 3928 i8042prt - ok
16:56:25.0904 3928 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:56:25.0935 3928 iaStorV - ok
16:56:26.0013 3928 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:56:26.0044 3928 idsvc - ok
16:56:26.0107 3928 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:56:26.0107 3928 iirsp - ok
16:56:26.0169 3928 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:56:26.0200 3928 IKEEXT - ok
16:56:26.0247 3928 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:56:26.0247 3928 intelide - ok
16:56:26.0309 3928 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:56:26.0309 3928 intelppm - ok
16:56:26.0356 3928 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:56:26.0372 3928 IPBusEnum - ok
16:56:26.0387 3928 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:56:26.0387 3928 IpFilterDriver - ok
16:56:26.0465 3928 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:56:26.0481 3928 iphlpsvc - ok
16:56:26.0512 3928 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:56:26.0512 3928 IPMIDRV - ok
16:56:26.0575 3928 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:56:26.0575 3928 IPNAT - ok
16:56:26.0637 3928 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:56:26.0653 3928 iPod Service - ok
16:56:26.0731 3928 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:56:26.0731 3928 IRENUM - ok
16:56:26.0777 3928 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:56:26.0777 3928 isapnp - ok
16:56:26.0809 3928 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:56:26.0824 3928 iScsiPrt - ok
16:56:26.0871 3928 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:56:26.0871 3928 kbdclass - ok
16:56:26.0902 3928 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:56:26.0902 3928 kbdhid - ok
16:56:26.0933 3928 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:56:26.0933 3928 KeyIso - ok
16:56:26.0996 3928 [ 4635935FC972C582632BF45C26BFCB0E ] KMService C:\Windows\system32\srvany.exe
16:56:26.0996 3928 KMService - ok
16:56:27.0027 3928 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:56:27.0027 3928 KSecDD - ok
16:56:27.0074 3928 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:56:27.0074 3928 KSecPkg - ok
16:56:27.0136 3928 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:56:27.0136 3928 KtmRm - ok
16:56:27.0183 3928 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
16:56:27.0183 3928 LanmanServer - ok
16:56:27.0245 3928 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:56:27.0245 3928 LanmanWorkstation - ok
16:56:27.0355 3928 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:56:27.0355 3928 LightScribeService - ok
16:56:27.0417 3928 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:56:27.0417 3928 lltdio - ok
16:56:27.0479 3928 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:56:27.0479 3928 lltdsvc - ok
16:56:27.0495 3928 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:56:27.0511 3928 lmhosts - ok
16:56:27.0573 3928 [ 9A84F41E421287A712C90E5384400E4F ] LPDSVC C:\Windows\system32\lpdsvc.dll
16:56:27.0573 3928 LPDSVC - ok
16:56:27.0635 3928 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:56:27.0651 3928 LSI_FC - ok
16:56:27.0667 3928 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:56:27.0667 3928 LSI_SAS - ok
16:56:27.0698 3928 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:56:27.0698 3928 LSI_SAS2 - ok
16:56:27.0713 3928 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:56:27.0713 3928 LSI_SCSI - ok
16:56:27.0745 3928 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:56:27.0745 3928 luafv - ok
16:56:27.0791 3928 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:56:27.0791 3928 Mcx2Svc - ok
16:56:27.0838 3928 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:56:27.0838 3928 megasas - ok
16:56:27.0901 3928 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:56:27.0901 3928 MegaSR - ok
16:56:27.0947 3928 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:56:27.0947 3928 MMCSS - ok
16:56:27.0979 3928 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:56:27.0979 3928 Modem - ok
16:56:28.0041 3928 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:56:28.0041 3928 monitor - ok
16:56:28.0072 3928 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:56:28.0072 3928 mouclass - ok
16:56:28.0150 3928 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:56:28.0150 3928 mouhid - ok
16:56:28.0213 3928 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:56:28.0213 3928 mountmgr - ok
16:56:28.0291 3928 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:56:28.0291 3928 MozillaMaintenance - ok
16:56:28.0337 3928 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:56:28.0337 3928 MpFilter - ok
16:56:28.0369 3928 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:56:28.0384 3928 mpio - ok
16:56:28.0431 3928 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:56:28.0431 3928 mpsdrv - ok
16:56:28.0525 3928 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:56:28.0540 3928 MpsSvc - ok
16:56:28.0587 3928 [ 7E7370BF64462A09D5E82FCF4A481D78 ] MRV6X32P C:\Windows\system32\DRIVERS\MRVW13B.sys
16:56:28.0587 3928 MRV6X32P - ok
16:56:28.0634 3928 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:56:28.0634 3928 MRxDAV - ok
16:56:28.0681 3928 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:56:28.0681 3928 mrxsmb - ok
16:56:28.0712 3928 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:56:28.0727 3928 mrxsmb10 - ok
16:56:28.0743 3928 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:56:28.0759 3928 mrxsmb20 - ok
16:56:28.0790 3928 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:56:28.0790 3928 msahci - ok
16:56:28.0837 3928 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:56:28.0837 3928 msdsm - ok
16:56:28.0868 3928 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:56:28.0868 3928 MSDTC - ok
16:56:28.0930 3928 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:56:28.0930 3928 Msfs - ok
16:56:28.0961 3928 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:56:28.0961 3928 mshidkmdf - ok
16:56:28.0993 3928 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:56:28.0993 3928 msisadrv - ok
16:56:29.0055 3928 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:56:29.0055 3928 MSiSCSI - ok
16:56:29.0071 3928 msiserver - ok
16:56:29.0149 3928 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:56:29.0149 3928 MSKSSRV - ok
16:56:29.0242 3928 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:56:29.0242 3928 MsMpSvc - ok
16:56:29.0273 3928 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:56:29.0273 3928 MSPCLOCK - ok
16:56:29.0320 3928 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:56:29.0320 3928 MSPQM - ok
16:56:29.0351 3928 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:56:29.0351 3928 MsRPC - ok
16:56:29.0398 3928 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:56:29.0398 3928 mssmbios - ok
16:56:29.0461 3928 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:56:29.0461 3928 MSTEE - ok
16:56:29.0476 3928 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:56:29.0476 3928 MTConfig - ok
16:56:29.0507 3928 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:56:29.0507 3928 Mup - ok
16:56:29.0585 3928 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:56:29.0585 3928 napagent - ok
16:56:29.0648 3928 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:56:29.0663 3928 NativeWifiP - ok
16:56:29.0773 3928 [ E4534BCCDD1EA7A7A256BB9D6688A5FC ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
16:56:29.0788 3928 NAUpdate - ok
16:56:29.0866 3928 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:56:29.0882 3928 NDIS - ok
16:56:29.0929 3928 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:56:29.0944 3928 NdisCap - ok
16:56:29.0975 3928 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:56:29.0975 3928 NdisTapi - ok
16:56:30.0038 3928 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:56:30.0038 3928 Ndisuio - ok
16:56:30.0100 3928 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:56:30.0100 3928 NdisWan - ok
16:56:30.0163 3928 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:56:30.0163 3928 NDProxy - ok
16:56:30.0225 3928 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:56:30.0225 3928 NetBIOS - ok
16:56:30.0287 3928 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:56:30.0287 3928 NetBT - ok
16:56:30.0303 3928 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:56:30.0303 3928 Netlogon - ok
16:56:30.0381 3928 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:56:30.0381 3928 Netman - ok
16:56:30.0412 3928 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:56:30.0428 3928 netprofm - ok
16:56:30.0490 3928 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:56:30.0490 3928 NetTcpPortSharing - ok
16:56:30.0553 3928 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:56:30.0553 3928 nfrd960 - ok
16:56:30.0615 3928 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:56:30.0615 3928 NisDrv - ok
16:56:30.0646 3928 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
16:56:30.0646 3928 NisSrv - ok
16:56:30.0709 3928 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:56:30.0709 3928 NlaSvc - ok
16:56:30.0724 3928 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:56:30.0740 3928 Npfs - ok
16:56:30.0787 3928 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:56:30.0802 3928 nsi - ok
16:56:30.0849 3928 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:56:30.0849 3928 nsiproxy - ok
16:56:30.0927 3928 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:56:30.0958 3928 Ntfs - ok
16:56:30.0989 3928 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:56:30.0989 3928 Null - ok
16:56:31.0317 3928 [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:56:31.0395 3928 nvlddmkm - ok
16:56:31.0442 3928 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:56:31.0442 3928 nvraid - ok
16:56:31.0489 3928 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:56:31.0489 3928 nvstor - ok
16:56:31.0551 3928 [ 782945716AD010AC3D41758E8E52C735 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:56:31.0582 3928 nvsvc - ok
16:56:31.0691 3928 [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:56:31.0723 3928 nvUpdatusService - ok
16:56:31.0754 3928 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:56:31.0754 3928 nv_agp - ok
16:56:31.0801 3928 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:56:31.0816 3928 ohci1394 - ok
16:56:31.0910 3928 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:56:31.0910 3928 ose - ok
16:56:32.0113 3928 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:56:32.0222 3928 osppsvc - ok
16:56:32.0300 3928 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:56:32.0300 3928 p2pimsvc - ok
16:56:32.0331 3928 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:56:32.0347 3928 p2psvc - ok
16:56:32.0409 3928 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:56:32.0409 3928 Parport - ok
16:56:32.0440 3928 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:56:32.0440 3928 partmgr - ok
16:56:32.0471 3928 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:56:32.0471 3928 Parvdm - ok
16:56:32.0518 3928 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:56:32.0534 3928 PcaSvc - ok
16:56:32.0565 3928 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:56:32.0565 3928 pci - ok
16:56:32.0596 3928 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:56:32.0596 3928 pciide - ok
16:56:32.0659 3928 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:56:32.0659 3928 pcmcia - ok
16:56:32.0690 3928 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:56:32.0690 3928 pcw - ok
16:56:32.0721 3928 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:56:32.0737 3928 PEAUTH - ok
16:56:32.0815 3928 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:56:32.0861 3928 PeerDistSvc - ok
16:56:32.0971 3928 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:56:33.0002 3928 pla - ok
16:56:33.0049 3928 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:56:33.0064 3928 PlugPlay - ok
16:56:33.0080 3928 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:56:33.0080 3928 PNRPAutoReg - ok
16:56:33.0111 3928 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:56:33.0127 3928 PNRPsvc - ok
16:56:33.0173 3928 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:56:33.0189 3928 PolicyAgent - ok
16:56:33.0251 3928 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:56:33.0267 3928 Power - ok
16:56:33.0329 3928 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:56:33.0329 3928 PptpMiniport - ok
16:56:33.0376 3928 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:56:33.0392 3928 Processor - ok
16:56:33.0439 3928 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:56:33.0439 3928 ProfSvc - ok
16:56:33.0454 3928 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:56:33.0470 3928 ProtectedStorage - ok
16:56:33.0501 3928 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:56:33.0501 3928 Psched - ok
16:56:33.0563 3928 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:56:33.0595 3928 ql2300 - ok
16:56:33.0641 3928 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:56:33.0641 3928 ql40xx - ok
16:56:33.0704 3928 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:56:33.0704 3928 QWAVE - ok
16:56:33.0735 3928 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:56:33.0735 3928 QWAVEdrv - ok
16:56:33.0751 3928 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:56:33.0751 3928 RasAcd - ok
16:56:33.0813 3928 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:56:33.0813 3928 RasAgileVpn - ok
16:56:33.0860 3928 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:56:33.0860 3928 RasAuto - ok
16:56:33.0922 3928 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:56:33.0938 3928 Rasl2tp - ok
16:56:34.0000 3928 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:56:34.0000 3928 RasMan - ok
16:56:34.0031 3928 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:56:34.0047 3928 RasPppoe - ok
16:56:34.0078 3928 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:56:34.0078 3928 RasSstp - ok
16:56:34.0125 3928 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:56:34.0141 3928 rdbss - ok
16:56:34.0203 3928 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:56:34.0203 3928 rdpbus - ok
16:56:34.0250 3928 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:56:34.0250 3928 RDPCDD - ok
16:56:34.0312 3928 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:56:34.0312 3928 RDPDR - ok
16:56:34.0375 3928 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:56:34.0375 3928 RDPENCDD - ok
16:56:34.0406 3928 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:56:34.0406 3928 RDPREFMP - ok
16:56:34.0484 3928 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:56:34.0499 3928 RdpVideoMiniport - ok
16:56:34.0562 3928 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:56:34.0593 3928 RDPWD - ok
16:56:34.0687 3928 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:56:34.0687 3928 rdyboost - ok
16:56:34.0749 3928 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:56:34.0749 3928 RemoteAccess - ok
16:56:34.0796 3928 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:56:34.0811 3928 RemoteRegistry - ok
16:56:34.0858 3928 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:56:34.0874 3928 RpcEptMapper - ok
16:56:34.0921 3928 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:56:34.0921 3928 RpcLocator - ok
16:56:34.0952 3928 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:56:34.0952 3928 RpcSs - ok
16:56:35.0030 3928 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:56:35.0030 3928 rspndr - ok
16:56:35.0077 3928 [ 9CE8DEFFAFFCCBF473015D76AE8EE514 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
16:56:35.0092 3928 RTL8192su - ok
16:56:35.0123 3928 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:56:35.0123 3928 s3cap - ok
16:56:35.0139 3928 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:56:35.0139 3928 SamSs - ok
16:56:35.0201 3928 [ 9C9BCC79AEF0AA97F16766C498002D36 ] SbFw C:\Windows\system32\drivers\SbFw.sys
16:56:35.0201 3928 SbFw - ok
16:56:35.0248 3928 [ F27B38D70B7621378161D6F48BE04D2C ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
16:56:35.0248 3928 SBFWIMCL - ok
16:56:35.0295 3928 [ F27B38D70B7621378161D6F48BE04D2C ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
16:56:35.0295 3928 SBFWIMCLMP - ok
16:56:35.0357 3928 [ 53E5E7DC26BB920B97F258BBD52ABFDC ] sbhips C:\Windows\system32\drivers\sbhips.sys
16:56:35.0357 3928 sbhips - ok
16:56:35.0389 3928 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:56:35.0404 3928 sbp2port - ok
16:56:35.0404 3928 SBRE - ok
16:56:35.0467 3928 [ 6468E2973E04525DECC105947DDD0D34 ] SbTis C:\Windows\system32\drivers\sbtis.sys
16:56:35.0467 3928 SbTis - ok
16:56:35.0529 3928 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:56:35.0529 3928 SCardSvr - ok
16:56:35.0576 3928 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:56:35.0576 3928 scfilter - ok
16:56:35.0654 3928 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:56:35.0669 3928 Schedule - ok
16:56:35.0716 3928 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:56:35.0716 3928 SCPolicySvc - ok
16:56:35.0763 3928 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:56:35.0779 3928 SDRSVC - ok
16:56:35.0825 3928 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:56:35.0825 3928 secdrv - ok
16:56:35.0888 3928 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:56:35.0888 3928 seclogon - ok
16:56:35.0919 3928 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
16:56:35.0919 3928 SENS - ok
16:56:35.0966 3928 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:56:35.0966 3928 SensrSvc - ok
16:56:35.0997 3928 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:56:35.0997 3928 Serenum - ok
16:56:36.0059 3928 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:56:36.0059 3928 Serial - ok
16:56:36.0091 3928 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:56:36.0106 3928 sermouse - ok
16:56:36.0169 3928 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:56:36.0184 3928 SessionEnv - ok
16:56:36.0215 3928 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:56:36.0215 3928 sffdisk - ok
16:56:36.0231 3928 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:56:36.0231 3928 sffp_mmc - ok
16:56:36.0247 3928 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:56:36.0262 3928 sffp_sd - ok
16:56:36.0309 3928 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:56:36.0309 3928 sfloppy - ok
16:56:36.0387 3928 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:56:36.0403 3928 SharedAccess - ok
16:56:36.0434 3928 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:56:36.0449 3928 ShellHWDetection - ok
16:56:36.0481 3928 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:56:36.0481 3928 sisagp - ok
16:56:36.0543 3928 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:56:36.0543 3928 SiSRaid2 - ok
16:56:36.0574 3928 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:56:36.0574 3928 SiSRaid4 - ok
16:56:36.0605 3928 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:56:36.0605 3928 Smb - ok
16:56:36.0683 3928 [ C80B84E4843B33DA56A806E1A1275BA0 ] smwdm C:\Windows\system32\drivers\smwdm.sys
16:56:36.0683 3928 smwdm - ok
16:56:36.0746 3928 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:56:36.0746 3928 SNMPTRAP - ok
16:56:36.0808 3928 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:56:36.0808 3928 spldr - ok
16:56:36.0855 3928 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
16:56:36.0871 3928 Spooler - ok
16:56:37.0011 3928 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:56:37.0105 3928 sppsvc - ok
16:56:37.0167 3928 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:56:37.0183 3928 sppuinotify - ok
16:56:37.0214 3928 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:56:37.0245 3928 srv - ok
16:56:37.0276 3928 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:56:37.0307 3928 srv2 - ok
16:56:37.0323 3928 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:56:37.0323 3928 srvnet - ok
16:56:37.0401 3928 [ FFE42941E0326C322F40B0B79A46493C ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
16:56:37.0401 3928 sscdbus - ok
16:56:37.0432 3928 [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
16:56:37.0448 3928 sscdmdfl - ok
16:56:37.0463 3928 [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
16:56:37.0479 3928 sscdmdm - ok
16:56:37.0541 3928 [ D04BD59F28C78E2E66632092CAFC0A2B ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
16:56:37.0541 3928 sscdserd - ok
16:56:37.0604 3928 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:56:37.0604 3928 SSDPSRV - ok
16:56:37.0635 3928 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:56:37.0635 3928 SstpSvc - ok
16:56:37.0760 3928 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:56:37.0775 3928 Stereo Service - ok
16:56:37.0838 3928 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:56:37.0838 3928 stexstor - ok
16:56:37.0869 3928 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
16:56:37.0869 3928 StillCam - ok
16:56:37.0931 3928 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:56:37.0947 3928 StiSvc - ok
16:56:37.0978 3928 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:56:37.0978 3928 storflt - ok
16:56:38.0025 3928 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:56:38.0025 3928 storvsc - ok
16:56:38.0041 3928 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
16:56:38.0041 3928 swenum - ok
16:56:38.0212 3928 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:56:38.0228 3928 SwitchBoard - ok
16:56:38.0290 3928 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:56:38.0306 3928 swprv - ok
16:56:38.0321 3928 Synth3dVsc - ok
16:56:38.0415 3928 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:56:38.0446 3928 SysMain - ok
16:56:38.0509 3928 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:56:38.0509 3928 TabletInputService - ok
16:56:38.0571 3928 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:56:38.0571 3928 TapiSrv - ok
16:56:38.0618 3928 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:56:38.0633 3928 TBS - ok
16:56:38.0711 3928 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:56:38.0743 3928 Tcpip - ok
16:56:38.0805 3928 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:56:38.0821 3928 TCPIP6 - ok
16:56:38.0883 3928 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:56:38.0883 3928 tcpipreg - ok
16:56:38.0945 3928 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:56:38.0945 3928 TDPIPE - ok
16:56:38.0977 3928 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:56:38.0977 3928 TDTCP - ok
16:56:39.0023 3928 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:56:39.0039 3928 tdx - ok
16:56:39.0055 3928 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:56:39.0055 3928 TermDD - ok
16:56:39.0117 3928 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:56:39.0148 3928 TermService - ok
16:56:39.0195 3928 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:56:39.0195 3928 Themes - ok
16:56:39.0211 3928 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:56:39.0211 3928 THREADORDER - ok
16:56:39.0335 3928 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
16:56:39.0335 3928 TomTomHOMEService - ok
16:56:39.0398 3928 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:56:39.0398 3928 TrkWks - ok
16:56:39.0507 3928 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:56:39.0507 3928 TrustedInstaller - ok
16:56:39.0569 3928 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:56:39.0569 3928 tssecsrv - ok
16:56:39.0632 3928 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:56:39.0632 3928 TsUsbFlt - ok
16:56:39.0647 3928 tsusbhub - ok
16:56:39.0694 3928 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:56:39.0694 3928 tunnel - ok
16:56:39.0757 3928 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:56:39.0757 3928 uagp35 - ok
16:56:39.0788 3928 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:56:39.0803 3928 udfs - ok
16:56:39.0866 3928 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:56:39.0881 3928 UI0Detect - ok
16:56:39.0913 3928 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:56:39.0913 3928 uliagpkx - ok
16:56:39.0944 3928 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
16:56:39.0944 3928 umbus - ok
16:56:39.0991 3928 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:56:39.0991 3928 UmPass - ok
16:56:40.0053 3928 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
16:56:40.0069 3928 UmRdpService - ok
16:56:40.0115 3928 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:56:40.0131 3928 upnphost - ok
16:56:40.0178 3928 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:56:40.0178 3928 USBAAPL - ok
16:56:40.0209 3928 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:56:40.0209 3928 usbaudio - ok
16:56:40.0256 3928 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:56:40.0256 3928 usbccgp - ok
16:56:40.0287 3928 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:56:40.0287 3928 usbcir - ok
16:56:40.0334 3928 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:56:40.0334 3928 usbehci - ok
16:56:40.0365 3928 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:56:40.0381 3928 usbhub - ok
16:56:40.0427 3928 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:56:40.0427 3928 usbohci - ok
16:56:40.0459 3928 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:56:40.0459 3928 usbprint - ok
16:56:40.0505 3928 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:56:40.0505 3928 usbscan - ok
16:56:40.0537 3928 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:56:40.0537 3928 USBSTOR - ok
16:56:40.0568 3928 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:56:40.0568 3928 usbuhci - ok
16:56:40.0630 3928 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:56:40.0646 3928 UxSms - ok
16:56:40.0661 3928 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:56:40.0661 3928 VaultSvc - ok
16:56:40.0708 3928 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:56:40.0708 3928 vdrvroot - ok
16:56:40.0771 3928 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:56:40.0786 3928 vds - ok
16:56:40.0849 3928 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:56:40.0849 3928 vga - ok
16:56:40.0864 3928 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:56:40.0864 3928 VgaSave - ok
16:56:40.0895 3928 VGPU - ok
16:56:40.0927 3928 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:56:40.0927 3928 vhdmp - ok
16:56:40.0989 3928 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:56:40.0989 3928 viaagp - ok
16:56:41.0036 3928 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:56:41.0036 3928 ViaC7 - ok
16:56:41.0067 3928 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:56:41.0083 3928 viaide - ok
16:56:41.0098 3928 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:56:41.0098 3928 vmbus - ok
16:56:41.0129 3928 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:56:41.0129 3928 VMBusHID - ok
16:56:41.0176 3928 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:56:41.0176 3928 volmgr - ok
16:56:41.0239 3928 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:56:41.0239 3928 volmgrx - ok
16:56:41.0270 3928 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:56:41.0270 3928 volsnap - ok
16:56:41.0317 3928 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:56:41.0317 3928 vsmraid - ok
16:56:41.0395 3928 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:56:41.0426 3928 VSS - ok
16:56:41.0488 3928 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:56:41.0488 3928 vwifibus - ok
16:56:41.0519 3928 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:56:41.0519 3928 vwififlt - ok
16:56:41.0566 3928 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:56:41.0566 3928 vwifimp - ok
16:56:41.0613 3928 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:56:41.0629 3928 W32Time - ok
16:56:41.0691 3928 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:56:41.0691 3928 WacomPen - ok
16:56:41.0722 3928 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:56:41.0722 3928 WANARP - ok
16:56:41.0738 3928 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:56:41.0738 3928 Wanarpv6 - ok
16:56:41.0831 3928 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:56:41.0878 3928 WatAdminSvc - ok
16:56:41.0941 3928 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:56:41.0987 3928 wbengine - ok
16:56:42.0034 3928 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:56:42.0050 3928 WbioSrvc - ok
16:56:42.0097 3928 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:56:42.0112 3928 wcncsvc - ok
16:56:42.0143 3928 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:56:42.0159 3928 WcsPlugInService - ok
16:56:42.0206 3928 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:56:42.0206 3928 Wd - ok
16:56:42.0237 3928 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:56:42.0253 3928 Wdf01000 - ok
16:56:42.0284 3928 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:56:42.0299 3928 WdiServiceHost - ok
16:56:42.0315 3928 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:56:42.0315 3928 WdiSystemHost - ok
16:56:42.0377 3928 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:56:42.0393 3928 WebClient - ok
16:56:42.0440 3928 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:56:42.0455 3928 Wecsvc - ok
16:56:42.0471 3928 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:56:42.0471 3928 wercplsupport - ok
16:56:42.0549 3928 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:56:42.0549 3928 WerSvc - ok
16:56:42.0611 3928 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:56:42.0611 3928 WfpLwf - ok
16:56:42.0643 3928 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:56:42.0643 3928 WIMMount - ok
16:56:42.0767 3928 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:56:42.0783 3928 WinDefend - ok
16:56:42.0799 3928 WinHttpAutoProxySvc - ok
16:56:42.0892 3928 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:56:42.0892 3928 Winmgmt - ok
16:56:42.0970 3928 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:56:43.0001 3928 WinRM - ok
16:56:43.0064 3928 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:56:43.0064 3928 WinUsb - ok
16:56:43.0142 3928 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:56:43.0157 3928 Wlansvc - ok
16:56:43.0204 3928 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:56:43.0204 3928 WmiAcpi - ok
16:56:43.0282 3928 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:56:43.0282 3928 wmiApSrv - ok
16:56:43.0423 3928 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:56:43.0469 3928 WMPNetworkSvc - ok
16:56:43.0516 3928 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:56:43.0516 3928 WPCSvc - ok
16:56:43.0579 3928 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:56:43.0579 3928 WPDBusEnum - ok
16:56:43.0625 3928 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:56:43.0625 3928 ws2ifsl - ok
16:56:43.0688 3928 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
16:56:43.0688 3928 wscsvc - ok
16:56:43.0703 3928 WSearch - ok
16:56:43.0797 3928 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:56:43.0859 3928 wuauserv - ok
16:56:43.0906 3928 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:56:43.0906 3928 WudfPf - ok
16:56:43.0969 3928 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:56:43.0969 3928 WUDFRd - ok
16:56:44.0031 3928 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:56:44.0047 3928 wudfsvc - ok
16:56:44.0093 3928 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:56:44.0109 3928 WwanSvc - ok
16:56:44.0171 3928 ================ Scan global ===============================
16:56:44.0234 3928 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:56:44.0281 3928 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
16:56:44.0296 3928 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
16:56:44.0343 3928 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:56:44.0374 3928 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:56:44.0374 3928 [Global] - ok
16:56:44.0390 3928 ================ Scan MBR ==================================
16:56:44.0405 3928 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:56:44.0811 3928 \Device\Harddisk0\DR0 - ok
16:56:44.0827 3928 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
16:56:44.0827 3928 \Device\Harddisk1\DR1 - ok
16:56:44.0827 3928 ================ Scan VBR ==================================
16:56:44.0858 3928 [ 1947135F38609C6067A67E5F28445944 ] \Device\Harddisk0\DR0\Partition1
16:56:44.0858 3928 \Device\Harddisk0\DR0\Partition1 - ok
16:56:44.0873 3928 [ FEE89751B7DA4BEE35DB883F2166F996 ] \Device\Harddisk0\DR0\Partition2
16:56:44.0873 3928 \Device\Harddisk0\DR0\Partition2 - ok
16:56:44.0889 3928 [ D5F4DDCCD48162D8353F86A8F345D8C0 ] \Device\Harddisk1\DR1\Partition1
16:56:44.0889 3928 \Device\Harddisk1\DR1\Partition1 - ok
16:56:44.0889 3928 ============================================================
16:56:44.0889 3928 Scan finished
16:56:44.0889 3928 ============================================================
16:56:44.0920 3920 Detected object count: 0
16:56:44.0920 3920 Actual detected object count: 0
17:03:48.0913 1324 Deinitialize success


aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-22 17:21:50
-----------------------------
17:21:50.484 OS Version: Windows 6.1.7601 Service Pack 1
17:21:50.484 Number of processors: 1 586 0x401
17:21:50.484 ComputerName: CHAD-PC UserName: Chad
17:22:12.699 Initialize success
17:24:35.272 AVAST engine defs: 12082201
17:24:53.477 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:24:53.477 Disk 0 Vendor: ST340014AS 8.12 Size: 38146MB BusType: 3
17:24:53.493 Disk 0 MBR read successfully
17:24:53.508 Disk 0 MBR scan
17:24:53.508 Disk 0 Windows 7 default MBR code
17:24:53.508 Disk 0 Partition - 00 0F Extended LBA 3137 MB offset 71682030
17:24:53.524 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 35000 MB offset 63
17:24:53.586 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 3137 MB offset 71682093
17:24:53.617 Disk 0 scanning sectors +78108030
17:24:53.664 Disk 0 scanning C:\Windows\system32\drivers
17:25:09.155 Service scanning
17:26:16.173 Modules scanning
17:27:03.612 Disk 0 trace - called modules:
17:27:04.158 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys AnyDVD.sys Wdf01000.sys
17:27:04.158 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d3d568]
17:27:04.174 3 CLASSPNP.SYS[8afbb59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85c78908]
17:27:04.361 AVAST engine scan C:\Windows
17:27:10.445 AVAST engine scan C:\Windows\system32
17:31:34.476 AVAST engine scan C:\Windows\system32\drivers
17:32:04.100 AVAST engine scan C:\Users\Chad
17:36:54.370 AVAST engine scan C:\ProgramData
17:38:39.982 Scan finished successfully
17:39:55.767 Disk 0 MBR has been saved successfully to "C:\Users\Chad\Desktop\MBR.dat"
17:39:55.767 The log file has been saved successfully to "C:\Users\Chad\Desktop\aswMBR.txt"


I did run into one small problem. When i ran aswMBR it ran for a few minutes fine, then i got a blue screen error that said "A problem has been detected and windows has been shut down to prevent damage to your computer.
Bad_Pool_Header"
Then it went on to dump physical memory.
I shut my computer down and rebooted. Everything booted up fine and appeared to have no ill effect. So, i ran aswMBR a second time. This time it ran fine with no problems or errors.

Thanks again for helping!!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 22 August 2012 - 08:41 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 spitdrumr

spitdrumr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 22 August 2012 - 10:51 PM

Hi Gringo,

Ok here is the ComboFix Log as requested. Everything ran smoothly. Computer seems to be operating just fine. Haven't had any issues to report.
Thanks again!

ComboFix 12-08-22.03 - Chad 08/22/2012 21:22:47.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2190 [GMT -6:00]
Running from: c:\users\Chad\Desktop\ComboFix.exe
Command switches used :: c:\users\Chad\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-23 03:31 . 2012-08-23 03:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-23 03:31 . 2012-08-23 03:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-23 03:12 . 2012-08-23 03:12 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CED7D655-8FA0-4EED-B726-AA5E57BF179E}\offreg.dll
2012-08-20 23:39 . 2012-08-20 23:40 -------- d-----w- C:\FRST
2012-08-20 01:13 . 2012-08-20 01:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-18 03:12 . 2012-08-18 03:12 43480 ----a-w- c:\windows\system32\drivers\vrucxwhp.sys
2012-08-18 02:03 . 2012-02-09 20:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-08-18 02:03 . 2012-02-09 20:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{634B871E-884D-4391-B05D-2500D1BE76E6}\gapaengine.dll
2012-08-18 02:02 . 2012-07-16 08:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CED7D655-8FA0-4EED-B726-AA5E57BF179E}\mpengine.dll
2012-08-18 01:52 . 2012-08-18 01:52 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-17 01:23 . 2012-08-17 01:23 -------- d-----w- c:\users\Chad\AppData\Local\ElevatedDiagnostics
2012-08-17 01:04 . 2012-08-17 01:04 -------- d-----w- c:\programdata\AVG Security Toolbar
2012-08-17 00:19 . 2012-08-17 00:19 -------- d--h--w- c:\programdata\Common Files
2012-08-17 00:15 . 2012-08-17 01:07 -------- d-----w- c:\programdata\AVG10
2012-08-17 00:05 . 2012-08-17 00:12 -------- d-----w- c:\programdata\MFAData
2012-08-10 02:01 . 2012-08-10 02:01 -------- d-----w- c:\users\Chad\AppData\Local\Mozilla
2012-08-10 02:01 . 2012-08-10 02:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-19 03:11 . 2012-05-31 01:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-19 03:11 . 2012-05-31 01:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-12 02:40 . 2012-07-11 09:02 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-11 07:18 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 07:18 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 07:18 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-21 03:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 03:39 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 03:38 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 03:38 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 03:38 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 03:38 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 03:38 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19 . 2012-06-21 03:38 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:12 . 2012-06-21 03:38 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-11 09:07 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 09:07 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 09:07 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 09:07 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 09:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-11 07:18 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 07:18 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 07:18 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 07:18 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 07:18 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-14 00:17 . 2012-08-10 02:01 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"MusicManager"="c:\users\Chad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="g:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"BCSSync"="g:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0g:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0g:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart\0SBBD.exe /d \Device\HarddiskVolume3\Program Files\Ad-Aware Antivirus\Engine\Definitions
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"MusicManager"="c:\users\Chad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" -s
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SelectRebates"=c:\program files\SelectRebates\SelectRebates.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;g:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;g:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 RTL8192su;RNX-N180UBE Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1166799441-644486007-2581645919-1002Core.job
- c:\users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 22:11]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1166799441-644486007-2581645919-1002UA.job
- c:\users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - g:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - g:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\wyad956n.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4040)
c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-08-22 21:35:41
ComboFix-quarantined-files.txt 2012-08-23 03:35
ComboFix2.txt 2012-08-22 02:13
.
Pre-Run: 1,039,519,744 bytes free
Post-Run: 1,123,991,552 bytes free
.
- - End Of File - - D3D1E56D2CDF3DBD86E6E411ED63719C

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 22 August 2012 - 11:21 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 spitdrumr

spitdrumr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 23 August 2012 - 07:05 PM

µTorrent
Ad-Aware Browsing Protection
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.3)
AirPort
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
BitComet 1.30
BitComet 1.30 64-bit
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CoreAAC Audio Decoder (remove only)
Coupon Printer for Windows
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
DVD Shrink 3.2
Feedback Tool
ffdshow [rev 3299] [2010-03-03]
Google Chrome
High-Definition Video Playback 10
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Officejet Pro 8500 A910 Product Improvement Study
HP Update
I.R.I.S. OCR
iTunes
Java Auto Updater
Java™ 6 Update 31
Java™ 6 Update 32
LightScribe System Software
Marketsplash Shortcuts
Microsoft .NET Framework 4 Client Profile
Microsoft Excel 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Word 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2010
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NVIDIA 3D Vision Controller Driver 301.42
NVIDIA 3D Vision Driver 301.42
NVIDIA Control Panel 301.42
NVIDIA Display Control Panel
NVIDIA Graphics Driver 301.42
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.8.15
NVIDIA Update Components
PDF Settings CS5
Privacy SafeGuard version 1.0
PVSonyDll
QuickTime
RNX-N180UBE 11n USB Wireless LAN Driver
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WinRAR archiver
Xvid 1.2.2 final uninstall

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 AM

Posted 23 August 2012 - 09:15 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 31
Java™ 6 Update 32
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 spitdrumr

spitdrumr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 23 August 2012 - 11:08 PM

Hi Gringo, here are the requested logs:

MBAM:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.24.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Chad :: CHAD-PC [administrator]

Protection: Enabled

8/23/2012 9:34:49 PM
mbam-log-2012-08-23 (21-34-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210942
Time elapsed: 11 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Highjackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:52 PM, on 8/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
G:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chad\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - G:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NBAgent] "G:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "G:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Chad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-21-1166799441-644486007-2581645919-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1166799441-644486007-2581645919-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://G:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - G:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - G:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - G:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVG10\avgpp.dll (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - G:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVGIDSAgent - Unknown owner - G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - G:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8618 bytes


Everything has been running great! No problems or issues with any of the steps listed in this reply. Everything installed, uninstalled, and ran perfectly!
BTW, i'm heading out of town for the weekend and will not have access to my computer. I will be back Monday morning and can resume this process then.
Thanks again for all of your help!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users