Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef Trojan on win32


  • This topic is locked This topic is locked
16 replies to this topic

#1 Skizzak

Skizzak

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 23 August 2012 - 04:42 AM

I was working on trying to figure out why one of my PC games wasn't updating properly when i noticed that my windows firewall automatically turned itself off. After unsuccessful attempts to try and manually turn it back on, I checked Microsoft security essentials only to find that it wasn't working properly either. It displayed a message saying that the program wasn't installed so I went ahead and uninstalled and then reinstalled it and started a quick scan. About halfway through several error messages popped up along with the error message "WINDOWS CRITICAL ERROR REBOOT IN ONE MINUTE. SAVE YOUR WORK." Security essentials displayed several malware with the name Sirefef.AH/.R, and I'm unable to do anything before my pc restarts itself.

After some research on this forum I've found several others with this issue and I'm gonna need help clearing this up. I've prepped a USB device with the Farbar Recovery Scan Tool and successfully retrieved FRST.txt and Search.txt as instructed in another thread just so I can help get the ball rolling on this a little faster.

NOTE: It's going to be difficult to get anything installed on the infected PC due to it restarting in about 60seconds. (I'm using a roommates PC in order to contact you guys.)

Any help will be GREATLY appreciated.

Thanks.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 24 August 2012 - 01:33 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{0f602656-6c54-d245-11e7-93c6d1ec7f44}
C:\Users\Cramer\AppData\Local\{0f602656-6c54-d245-11e7-93c6d1ec7f44}
C:\Windows\assembly\GAC\Desktop.ini 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Skizzak

Skizzak
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 25 August 2012 - 06:58 PM

quick question.

"On Vista or Windows 7: Now please enter System Recovery Options."

Are you talking about the repair section of my windows 7 disc where I retrieved the first logs?

NVM disregard this top part I think I got it.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 22-08-2012 02
Ran by SYSTEM at 2012-08-25 22:50:48 Run:1
Running from E:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{0f602656-6c54-d245-11e7-93c6d1ec7f44} moved successfully.
C:\Users\Cramer\AppData\Local\{0f602656-6c54-d245-11e7-93c6d1ec7f44} moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.

==== End of Fixlog ====

Edited by Skizzak, 25 August 2012 - 09:52 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 25 August 2012 - 10:17 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Skizzak

Skizzak
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 26 August 2012 - 12:39 AM

Ran Combofix and everything went smooth with zero issues. My computer seems to be running fine now hopefully it stays that way.

ComboFix 12-08-25.04 - Cramer 08/26/2012 1:21.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.2212 [GMT -4:00]
Running from: c:\users\Cramer\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Cramer\0.9788684912333627.exe
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\chrome.manifest
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\chrome\content\background.html
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\chrome\content\browser.xul
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossrider.js
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossriderapi.js
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\chrome\content\dialog.js
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.js
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.xul
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\chrome\content\search_dialog.xul
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\chrome\content\update.html
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\defaults\preferences\prefs.js
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\install.rdf
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\locale\en-US\translations.dtd
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\button1.png
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\button2.png
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\button3.png
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\button4.png
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\button5.png
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\crossrider_statusbar.png
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\icon128.png
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\icon16.png
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\icon24.png
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\icon48.png
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\panelarrow-up.png
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\popup.css
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\popup.html
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\popup_binding.xml
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\skin.css
c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\extensions\crossriderapp435@crossrider.com\skin\update.css
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-26 05:31 . 2012-08-26 05:31 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{442A1453-84A3-4835-8E27-76D6E1DA0A3F}\offreg.dll
2012-08-26 05:29 . 2012-08-26 05:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-23 13:18 . 2012-08-23 13:19 -------- d-----w- C:\FRST
2012-08-23 07:21 . 2012-08-26 05:31 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{247158A9-B6BA-44ED-837D-669775AB4A48}\offreg.dll
2012-08-23 07:19 . 2012-02-09 18:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F3A1C4A-8BB2-4842-9292-C2B3D2C226F2}\gapaengine.dll
2012-08-23 07:19 . 2012-08-20 05:53 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{247158A9-B6BA-44ED-837D-669775AB4A48}\mpengine.dll
2012-08-23 07:12 . 2012-08-23 07:12 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-23 07:11 . 2012-08-23 07:11 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-17 00:44 . 2012-08-17 00:44 -------- d-----w- c:\program files\ASIO4ALL v2
2012-08-17 00:41 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2012-08-17 00:41 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2012-08-17 00:40 . 2012-08-17 00:41 -------- d-----w- c:\program files\VstPlugins
2012-08-17 00:40 . 2012-08-17 00:40 -------- d-----w- c:\program files\Outsim
2012-08-17 00:38 . 2012-08-17 00:41 -------- d-----w- c:\program files\Image-Line
2012-08-13 04:29 . 2007-06-29 18:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2012-08-13 04:28 . 2012-08-13 04:28 -------- d-----w- c:\program files\AMD
2012-08-13 04:28 . 2012-08-13 04:28 -------- d-----w- c:\users\Cramer\AppData\Local\Downloaded Installations
2012-08-12 07:25 . 2012-08-12 07:25 -------- d-----w- c:\users\Cramer\AppData\Roaming\Carbon
2012-08-11 17:59 . 2012-08-11 17:59 -------- d-----w- c:\program files\Traffic Simulator Configuration Tool
2012-08-05 23:44 . 2012-08-05 23:44 -------- d-----w- c:\users\Cramer\AppData\Local\Fallout3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 18:50 . 2011-10-25 05:38 140360 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-06 18:50 . 2011-10-25 06:25 283032 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-06 18:50 . 2011-10-25 05:38 283032 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-06 18:49 . 2011-10-25 05:38 298016 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-20 06:20 . 2012-07-20 06:20 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-07-20 04:20 . 2009-08-18 15:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-07-20 04:19 . 2009-08-18 15:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-20 03:25 . 2012-07-20 03:25 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-07-19 02:42 . 2012-07-19 02:42 480256 ----a-w- c:\windows\system32\rzdevicedll.dll
2012-07-16 02:32 . 2012-07-16 02:32 143360 ----a-w- c:\windows\system32\rztouchdll.dll
2012-07-16 02:32 . 2012-07-16 02:32 165888 ----a-w- c:\windows\system32\rzaudiodll.dll
2012-07-16 02:32 . 2012-07-16 02:32 84608 ----a-w- c:\windows\system32\drivers\rzudd.sys
2012-07-10 03:08 . 2011-10-25 05:38 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-07-10 02:55 . 2011-10-25 05:38 138056 ----a-w- c:\users\Cramer\AppData\Roaming\PnkBstrK.sys
2012-07-09 13:25 . 2012-07-10 02:55 3130440 ----a-w- c:\windows\system32\pbsvc_blr.exe
2012-06-11 18:58 . 2012-06-11 18:58 8733696 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 58880 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\system32\atioglxx.dll
2012-06-11 17:50 . 2012-06-11 17:50 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\system32\amdocl.dll
2012-06-11 17:48 . 2012-06-11 17:48 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-04-20 06:09 924160 ----a-w- c:\windows\system32\aticfx32.dll
2012-06-11 17:20 . 2011-10-26 02:01 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 468992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-06-11 17:17 . 2012-06-11 17:17 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-06-11 17:16 . 2011-04-20 05:59 6301696 ----a-w- c:\windows\system32\atidxx32.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-06-11 16:45 . 2011-10-26 01:35 5480448 ----a-w- c:\windows\system32\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-06-11 16:43 . 2011-10-26 01:32 4729344 ----a-w- c:\windows\system32\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\system32\aticaldd.dll
2012-06-11 16:26 . 2011-10-26 01:22 368640 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-06-11 16:25 . 2012-06-11 16:25 295936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-04-20 05:21 42496 ----a-w- c:\windows\system32\atiuxpag.dll
2012-06-11 16:24 . 2011-10-17 01:22 32768 ----a-w- c:\windows\system32\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-06-06 05:05 . 2012-07-11 08:43 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 08:43 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 08:43 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-19 01:29 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 01:29 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 01:28 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 01:28 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 01:29 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 01:29 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 01:28 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 01:28 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-19 01:28 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-11 08:43 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 08:43 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 08:43 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 08:43 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 08:43 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-19 08:31 . 2011-10-25 04:29 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-20 06:20 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll" [2012-07-20 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\Steam\steam.exe" [2012-08-04 1353080]
"Smart PC Cleaner"="c:\program files\Smart PC Cleaner\SPCLauncher.exe" [2012-01-28 80016]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-17 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-01-25 296056]
"Razer Synapse"="c:\program files\Razer\Synapse\RzSynapse.exe" [2012-08-10 316840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-20 1147488]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
uStart Page = https://isearch.avg.com/?cid={48B9DC7F-F40A-4E96-BB1E-1DBF4E77AEE6}&mid=15a37e2dc43147d08d26d1568033e1c2-ca6e408efb1053d1085e756275b17a8fe8830bcd&lang=en&ds=gl011&pr=sa&d=2012-07-20 02:20&v=12.1.0.20&sap=hp
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 69.88.214.131 69.88.214.132
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll
FF - ProfilePath - c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4092379890-2822534315-2594436527-1001\Software\SecuROM\License information*]
"datasecu"=hex:f7,37,5c,ae,68,6b,48,e9,90,96,9b,1c,ac,e8,e0,d5,3f,73,b8,3a,b0,
b5,1e,8b,9e,71,f9,2e,8e,77,11,e4,04,d5,c6,c1,fd,0c,15,6c,b1,07,e8,43,35,43,\
"rkeysecu"=hex:a8,85,34,c4,ef,ca,52,e3,64,39,dd,f5,53,3b,af,3c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4216)
c:\program files\ATI Technologies\HydraVision\HydraDMH.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hi-Rez Studios\HiPatchService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-08-26 01:35:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-26 05:35
.
Pre-Run: 160,050,769,920 bytes free
Post-Run: 166,354,022,400 bytes free
.
- - End Of File - - 6AA0416E2DBB270D6FA6F870E019726A

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 26 August 2012 - 01:13 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Skizzak

Skizzak
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 26 August 2012 - 01:48 AM

02:32:49.0747 5836 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
02:32:50.0083 5836 ============================================================
02:32:50.0083 5836 Current date / time: 2012/08/26 02:32:50.0083
02:32:50.0083 5836 SystemInfo:
02:32:50.0083 5836
02:32:50.0083 5836 OS Version: 6.1.7601 ServicePack: 1.0
02:32:50.0083 5836 Product type: Workstation
02:32:50.0083 5836 ComputerName: BOSSATRON
02:32:50.0083 5836 UserName: Cramer
02:32:50.0083 5836 Windows directory: C:\Windows
02:32:50.0083 5836 System windows directory: C:\Windows
02:32:50.0083 5836 Processor architecture: Intel x86
02:32:50.0083 5836 Number of processors: 4
02:32:50.0083 5836 Page size: 0x1000
02:32:50.0083 5836 Boot type: Normal boot
02:32:50.0083 5836 ============================================================
02:32:51.0143 5836 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:32:55.0089 5836 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:32:55.0091 5836 ============================================================
02:32:55.0091 5836 \Device\Harddisk0\DR0:
02:32:55.0092 5836 MBR partitions:
02:32:55.0092 5836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852FC1
02:32:55.0092 5836 \Device\Harddisk1\DR1:
02:32:55.0092 5836 MBR partitions:
02:32:55.0092 5836 ============================================================
02:32:55.0110 5836 C: <-> \Device\Harddisk0\DR0\Partition1
02:32:55.0110 5836 ============================================================
02:32:55.0110 5836 Initialize success
02:32:55.0110 5836 ============================================================
02:33:10.0198 4416 ============================================================
02:33:10.0198 4416 Scan started
02:33:10.0198 4416 Mode: Manual;
02:33:10.0198 4416 ============================================================
02:33:10.0905 4416 ================ Scan system memory ========================
02:33:10.0905 4416 System memory - ok
02:33:10.0906 4416 ================ Scan services =============================
02:33:11.0019 4416 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
02:33:11.0021 4416 1394ohci - ok
02:33:11.0056 4416 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
02:33:11.0057 4416 ACPI - ok
02:33:11.0094 4416 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
02:33:11.0095 4416 AcpiPmi - ok
02:33:11.0144 4416 [ 23F78687CBF3972704650A799420BFA8 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
02:33:11.0148 4416 ADIHdAudAddService - ok
02:33:11.0217 4416 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
02:33:11.0219 4416 AdobeARMservice - ok
02:33:11.0265 4416 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
02:33:11.0270 4416 adp94xx - ok
02:33:11.0290 4416 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
02:33:11.0294 4416 adpahci - ok
02:33:11.0309 4416 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
02:33:11.0311 4416 adpu320 - ok
02:33:11.0324 4416 [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
02:33:11.0325 4416 AEADIFilters - ok
02:33:11.0362 4416 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
02:33:11.0362 4416 AeLookupSvc - ok
02:33:11.0406 4416 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
02:33:11.0409 4416 AFD - ok
02:33:11.0443 4416 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
02:33:11.0445 4416 agp440 - ok
02:33:11.0480 4416 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
02:33:11.0481 4416 aic78xx - ok
02:33:11.0498 4416 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
02:33:11.0499 4416 ALG - ok
02:33:11.0510 4416 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
02:33:11.0511 4416 aliide - ok
02:33:11.0530 4416 [ B90A4332CF4C6580C845266A656DE4AB ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
02:33:11.0532 4416 AMD External Events Utility - ok
02:33:11.0546 4416 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
02:33:11.0547 4416 amdagp - ok
02:33:11.0559 4416 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
02:33:11.0560 4416 amdide - ok
02:33:11.0569 4416 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
02:33:11.0570 4416 AmdK8 - ok
02:33:11.0733 4416 [ 7844984A5E1E6F18D93AF9E9BCC65436 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
02:33:11.0870 4416 amdkmdag - ok
02:33:11.0884 4416 [ 202DEF509D76105B08741D36C3A7E4D7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
02:33:11.0887 4416 amdkmdap - ok
02:33:11.0915 4416 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\Windows\system32\DRIVERS\AmdLLD.sys
02:33:11.0916 4416 AmdLLD - ok
02:33:11.0931 4416 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
02:33:11.0932 4416 AmdPPM - ok
02:33:11.0966 4416 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
02:33:11.0968 4416 amdsata - ok
02:33:11.0990 4416 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
02:33:11.0992 4416 amdsbs - ok
02:33:12.0005 4416 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
02:33:12.0006 4416 amdxata - ok
02:33:12.0034 4416 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
02:33:12.0036 4416 AppID - ok
02:33:12.0082 4416 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
02:33:12.0083 4416 AppIDSvc - ok
02:33:12.0113 4416 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
02:33:12.0114 4416 Appinfo - ok
02:33:12.0168 4416 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:33:12.0170 4416 Apple Mobile Device - ok
02:33:12.0203 4416 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
02:33:12.0204 4416 arc - ok
02:33:12.0221 4416 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
02:33:12.0223 4416 arcsas - ok
02:33:12.0251 4416 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\Windows\system32\drivers\AsIO.sys
02:33:12.0252 4416 AsIO - ok
02:33:12.0309 4416 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
02:33:12.0310 4416 aspnet_state - ok
02:33:12.0327 4416 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
02:33:12.0328 4416 AsyncMac - ok
02:33:12.0341 4416 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
02:33:12.0341 4416 atapi - ok
02:33:12.0369 4416 [ 6ADC42CF4A6AB84975CA63DCCFAAF5D8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
02:33:12.0370 4416 AtiHDAudioService - ok
02:33:12.0400 4416 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:33:12.0407 4416 AudioEndpointBuilder - ok
02:33:12.0416 4416 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
02:33:12.0419 4416 Audiosrv - ok
02:33:12.0448 4416 [ A870685E10FB2BEEC3125D853450FA58 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
02:33:12.0449 4416 avgtp - ok
02:33:12.0500 4416 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
02:33:12.0502 4416 AxInstSV - ok
02:33:12.0527 4416 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
02:33:12.0532 4416 b06bdrv - ok
02:33:12.0560 4416 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
02:33:12.0563 4416 b57nd60x - ok
02:33:12.0597 4416 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
02:33:12.0599 4416 BDESVC - ok
02:33:12.0612 4416 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
02:33:12.0613 4416 Beep - ok
02:33:12.0661 4416 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
02:33:12.0669 4416 BFE - ok
02:33:12.0684 4416 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
02:33:12.0686 4416 blbdrive - ok
02:33:12.0744 4416 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
02:33:12.0748 4416 Bonjour Service - ok
02:33:12.0764 4416 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
02:33:12.0765 4416 bowser - ok
02:33:12.0779 4416 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:33:12.0780 4416 BrFiltLo - ok
02:33:12.0788 4416 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:33:12.0789 4416 BrFiltUp - ok
02:33:12.0814 4416 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
02:33:12.0815 4416 BridgeMP - ok
02:33:12.0828 4416 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
02:33:12.0830 4416 Browser - ok
02:33:12.0846 4416 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
02:33:12.0850 4416 Brserid - ok
02:33:12.0864 4416 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
02:33:12.0865 4416 BrSerWdm - ok
02:33:12.0881 4416 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
02:33:12.0882 4416 BrUsbMdm - ok
02:33:12.0894 4416 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
02:33:12.0895 4416 BrUsbSer - ok
02:33:12.0908 4416 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
02:33:12.0909 4416 BTHMODEM - ok
02:33:12.0960 4416 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
02:33:12.0961 4416 bthserv - ok
02:33:13.0072 4416 catchme - ok
02:33:13.0093 4416 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
02:33:13.0095 4416 cdfs - ok
02:33:13.0150 4416 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
02:33:13.0151 4416 cdrom - ok
02:33:13.0190 4416 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
02:33:13.0199 4416 CertPropSvc - ok
02:33:13.0309 4416 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
02:33:13.0310 4416 circlass - ok
02:33:13.0409 4416 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
02:33:13.0429 4416 CLFS - ok
02:33:13.0469 4416 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:33:13.0471 4416 clr_optimization_v2.0.50727_32 - ok
02:33:13.0513 4416 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:33:13.0515 4416 clr_optimization_v4.0.30319_32 - ok
02:33:13.0527 4416 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
02:33:13.0528 4416 CmBatt - ok
02:33:13.0549 4416 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
02:33:13.0549 4416 cmdide - ok
02:33:13.0571 4416 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
02:33:13.0576 4416 CNG - ok
02:33:13.0608 4416 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
02:33:13.0609 4416 Compbatt - ok
02:33:13.0641 4416 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
02:33:13.0641 4416 CompositeBus - ok
02:33:13.0645 4416 COMSysApp - ok
02:33:13.0663 4416 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
02:33:13.0664 4416 crcdisk - ok
02:33:13.0692 4416 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
02:33:13.0693 4416 CryptSvc - ok
02:33:13.0730 4416 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
02:33:13.0734 4416 DcomLaunch - ok
02:33:13.0770 4416 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
02:33:13.0773 4416 defragsvc - ok
02:33:13.0806 4416 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
02:33:13.0807 4416 DfsC - ok
02:33:13.0839 4416 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
02:33:13.0843 4416 Dhcp - ok
02:33:13.0854 4416 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
02:33:13.0854 4416 discache - ok
02:33:13.0876 4416 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
02:33:13.0877 4416 Disk - ok
02:33:13.0907 4416 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
02:33:13.0910 4416 Dnscache - ok
02:33:13.0951 4416 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
02:33:13.0954 4416 dot3svc - ok
02:33:13.0987 4416 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
02:33:14.0094 4416 DPS - ok
02:33:14.0133 4416 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
02:33:14.0165 4416 drmkaud - ok
02:33:14.0283 4416 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
02:33:14.0320 4416 DXGKrnl - ok
02:33:14.0354 4416 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
02:33:14.0356 4416 EapHost - ok
02:33:14.0416 4416 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
02:33:14.0468 4416 ebdrv - ok
02:33:14.0488 4416 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
02:33:14.0489 4416 EFS - ok
02:33:14.0521 4416 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
02:33:14.0538 4416 ehRecvr - ok
02:33:14.0571 4416 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
02:33:14.0572 4416 ehSched - ok
02:33:14.0592 4416 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
02:33:14.0597 4416 elxstor - ok
02:33:14.0611 4416 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
02:33:14.0612 4416 ErrDev - ok
02:33:14.0658 4416 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
02:33:14.0662 4416 EventSystem - ok
02:33:14.0675 4416 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
02:33:14.0677 4416 exfat - ok
02:33:14.0692 4416 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
02:33:14.0694 4416 fastfat - ok
02:33:14.0736 4416 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
02:33:14.0753 4416 Fax - ok
02:33:14.0766 4416 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
02:33:14.0767 4416 fdc - ok
02:33:14.0774 4416 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
02:33:14.0775 4416 fdPHost - ok
02:33:14.0786 4416 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
02:33:14.0787 4416 FDResPub - ok
02:33:14.0799 4416 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
02:33:14.0800 4416 FileInfo - ok
02:33:14.0814 4416 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
02:33:14.0814 4416 Filetrace - ok
02:33:14.0822 4416 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
02:33:14.0823 4416 flpydisk - ok
02:33:14.0839 4416 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
02:33:14.0841 4416 FltMgr - ok
02:33:14.0887 4416 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
02:33:14.0905 4416 FontCache - ok
02:33:14.0942 4416 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
02:33:14.0943 4416 FontCache3.0.0.0 - ok
02:33:14.0954 4416 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
02:33:14.0955 4416 FsDepends - ok
02:33:14.0969 4416 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
02:33:14.0970 4416 Fs_Rec - ok
02:33:15.0006 4416 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
02:33:15.0008 4416 fvevol - ok
02:33:15.0041 4416 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
02:33:15.0042 4416 gagp30kx - ok
02:33:15.0072 4416 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:33:15.0073 4416 GEARAspiWDM - ok
02:33:15.0108 4416 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
02:33:15.0125 4416 gpsvc - ok
02:33:15.0143 4416 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
02:33:15.0144 4416 hcw85cir - ok
02:33:15.0180 4416 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:33:15.0184 4416 HdAudAddService - ok
02:33:15.0206 4416 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
02:33:15.0207 4416 HDAudBus - ok
02:33:15.0221 4416 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
02:33:15.0222 4416 HidBatt - ok
02:33:15.0238 4416 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
02:33:15.0240 4416 HidBth - ok
02:33:15.0260 4416 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
02:33:15.0261 4416 HidIr - ok
02:33:15.0295 4416 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
02:33:15.0296 4416 hidserv - ok
02:33:15.0309 4416 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
02:33:15.0310 4416 HidUsb - ok
02:33:15.0364 4416 [ 00C71C3FB915BA353740999ADF447927 ] HiPatchService C:\Program Files\Hi-Rez Studios\HiPatchService.exe
02:33:15.0364 4416 HiPatchService - ok
02:33:15.0399 4416 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
02:33:15.0401 4416 hkmsvc - ok
02:33:15.0433 4416 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:33:15.0437 4416 HomeGroupListener - ok
02:33:15.0475 4416 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:33:15.0479 4416 HomeGroupProvider - ok
02:33:15.0507 4416 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
02:33:15.0509 4416 HpSAMD - ok
02:33:15.0556 4416 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
02:33:15.0571 4416 HTTP - ok
02:33:15.0603 4416 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
02:33:15.0604 4416 hwpolicy - ok
02:33:15.0641 4416 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
02:33:15.0643 4416 i8042prt - ok
02:33:15.0673 4416 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
02:33:15.0677 4416 iaStorV - ok
02:33:15.0730 4416 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:33:15.0732 4416 IDriverT - ok
02:33:15.0789 4416 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:33:15.0807 4416 idsvc - ok
02:33:15.0843 4416 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
02:33:15.0844 4416 iirsp - ok
02:33:15.0884 4416 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
02:33:15.0898 4416 IKEEXT - ok
02:33:15.0938 4416 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
02:33:15.0939 4416 intelide - ok
02:33:15.0960 4416 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
02:33:15.0960 4416 intelppm - ok
02:33:15.0994 4416 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
02:33:15.0996 4416 IPBusEnum - ok
02:33:16.0008 4416 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:33:16.0009 4416 IpFilterDriver - ok
02:33:16.0044 4416 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
02:33:16.0052 4416 iphlpsvc - ok
02:33:16.0088 4416 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
02:33:16.0089 4416 IPMIDRV - ok
02:33:16.0106 4416 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
02:33:16.0107 4416 IPNAT - ok
02:33:16.0155 4416 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
02:33:16.0173 4416 iPod Service - ok
02:33:16.0190 4416 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
02:33:16.0191 4416 IRENUM - ok
02:33:16.0221 4416 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
02:33:16.0223 4416 isapnp - ok
02:33:16.0253 4416 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
02:33:16.0256 4416 iScsiPrt - ok
02:33:16.0277 4416 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
02:33:16.0278 4416 kbdclass - ok
02:33:16.0314 4416 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
02:33:16.0315 4416 kbdhid - ok
02:33:16.0329 4416 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
02:33:16.0331 4416 KeyIso - ok
02:33:16.0349 4416 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
02:33:16.0350 4416 KSecDD - ok
02:33:16.0361 4416 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
02:33:16.0363 4416 KSecPkg - ok
02:33:16.0393 4416 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
02:33:16.0399 4416 KtmRm - ok
02:33:16.0437 4416 [ AC728768DE636093B4D5AE6361CFADAE ] L8042Kbd C:\Windows\system32\DRIVERS\L8042Kbd.sys
02:33:16.0438 4416 L8042Kbd - ok
02:33:16.0481 4416 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
02:33:16.0486 4416 LanmanServer - ok
02:33:16.0496 4416 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:33:16.0500 4416 LanmanWorkstation - ok
02:33:16.0552 4416 [ 75415A95C589A07D6C97BAA2D4143916 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
02:33:16.0553 4416 LHidFilt - ok
02:33:16.0581 4416 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
02:33:16.0582 4416 lltdio - ok
02:33:16.0612 4416 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
02:33:16.0616 4416 lltdsvc - ok
02:33:16.0632 4416 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
02:33:16.0634 4416 lmhosts - ok
02:33:16.0637 4416 [ FCB3F81AC07B8608F921134237823B88 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
02:33:16.0638 4416 LMouFilt - ok
02:33:16.0662 4416 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
02:33:16.0664 4416 LSI_FC - ok
02:33:16.0678 4416 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
02:33:16.0680 4416 LSI_SAS - ok
02:33:16.0688 4416 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:33:16.0689 4416 LSI_SAS2 - ok
02:33:16.0700 4416 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:33:16.0702 4416 LSI_SCSI - ok
02:33:16.0718 4416 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
02:33:16.0719 4416 luafv - ok
02:33:16.0748 4416 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
02:33:16.0751 4416 Mcx2Svc - ok
02:33:16.0769 4416 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
02:33:16.0770 4416 megasas - ok
02:33:16.0788 4416 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
02:33:16.0791 4416 MegaSR - ok
02:33:16.0822 4416 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
02:33:16.0824 4416 MMCSS - ok
02:33:16.0833 4416 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
02:33:16.0834 4416 Modem - ok
02:33:16.0843 4416 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
02:33:16.0844 4416 monitor - ok
02:33:16.0870 4416 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
02:33:16.0871 4416 mouclass - ok
02:33:16.0891 4416 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
02:33:16.0892 4416 mouhid - ok
02:33:16.0924 4416 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
02:33:16.0926 4416 mountmgr - ok
02:33:16.0965 4416 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:33:16.0967 4416 MozillaMaintenance - ok
02:33:17.0002 4416 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
02:33:17.0005 4416 MpFilter - ok
02:33:17.0022 4416 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
02:33:17.0024 4416 mpio - ok
02:33:17.0039 4416 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
02:33:17.0040 4416 mpsdrv - ok
02:33:17.0102 4416 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
02:33:17.0119 4416 MpsSvc - ok
02:33:17.0175 4416 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
02:33:17.0176 4416 MRxDAV - ok
02:33:17.0218 4416 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
02:33:17.0219 4416 mrxsmb - ok
02:33:17.0236 4416 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:33:17.0239 4416 mrxsmb10 - ok
02:33:17.0269 4416 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:33:17.0270 4416 mrxsmb20 - ok
02:33:17.0280 4416 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
02:33:17.0280 4416 msahci - ok
02:33:17.0311 4416 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
02:33:17.0312 4416 msdsm - ok
02:33:17.0345 4416 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
02:33:17.0348 4416 MSDTC - ok
02:33:17.0400 4416 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
02:33:17.0401 4416 Msfs - ok
02:33:17.0411 4416 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
02:33:17.0411 4416 mshidkmdf - ok
02:33:17.0432 4416 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
02:33:17.0432 4416 msisadrv - ok
02:33:17.0477 4416 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
02:33:17.0479 4416 MSiSCSI - ok
02:33:17.0483 4416 msiserver - ok
02:33:17.0505 4416 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
02:33:17.0505 4416 MSKSSRV - ok
02:33:17.0561 4416 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
02:33:17.0562 4416 MsMpSvc - ok
02:33:17.0589 4416 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
02:33:17.0590 4416 MSPCLOCK - ok
02:33:17.0596 4416 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
02:33:17.0597 4416 MSPQM - ok
02:33:17.0614 4416 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
02:33:17.0617 4416 MsRPC - ok
02:33:17.0635 4416 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
02:33:17.0635 4416 mssmbios - ok
02:33:17.0639 4416 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
02:33:17.0640 4416 MSTEE - ok
02:33:17.0650 4416 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
02:33:17.0651 4416 MTConfig - ok
02:33:17.0670 4416 [ 0F24624106D8042E7F27882D9D6FF5C0 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
02:33:17.0670 4416 MTsensor - ok
02:33:17.0681 4416 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
02:33:17.0682 4416 Mup - ok
02:33:17.0716 4416 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
02:33:17.0721 4416 napagent - ok
02:33:17.0765 4416 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
02:33:17.0768 4416 NativeWifiP - ok
02:33:17.0796 4416 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
02:33:17.0801 4416 NDIS - ok
02:33:17.0819 4416 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
02:33:17.0820 4416 NdisCap - ok
02:33:17.0840 4416 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
02:33:17.0841 4416 NdisTapi - ok
02:33:17.0870 4416 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
02:33:17.0871 4416 Ndisuio - ok
02:33:17.0900 4416 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
02:33:17.0902 4416 NdisWan - ok
02:33:17.0933 4416 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
02:33:17.0934 4416 NDProxy - ok
02:33:17.0946 4416 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
02:33:17.0948 4416 NetBIOS - ok
02:33:17.0978 4416 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
02:33:17.0980 4416 NetBT - ok
02:33:17.0987 4416 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
02:33:17.0989 4416 Netlogon - ok
02:33:18.0031 4416 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
02:33:18.0036 4416 Netman - ok
02:33:18.0064 4416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:33:18.0066 4416 NetMsmqActivator - ok
02:33:18.0070 4416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:33:18.0071 4416 NetPipeActivator - ok
02:33:18.0084 4416 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
02:33:18.0089 4416 netprofm - ok
02:33:18.0093 4416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:33:18.0094 4416 NetTcpActivator - ok
02:33:18.0097 4416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:33:18.0098 4416 NetTcpPortSharing - ok
02:33:18.0126 4416 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
02:33:18.0128 4416 nfrd960 - ok
02:33:18.0147 4416 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
02:33:18.0149 4416 NisDrv - ok
02:33:18.0177 4416 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
02:33:18.0179 4416 NisSrv - ok
02:33:18.0213 4416 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
02:33:18.0217 4416 NlaSvc - ok
02:33:18.0221 4416 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:33:18.0222 4416 Npfs - ok
02:33:18.0252 4416 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
02:33:18.0254 4416 nsi - ok
02:33:18.0263 4416 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:33:18.0264 4416 nsiproxy - ok
02:33:18.0314 4416 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:33:18.0340 4416 Ntfs - ok
02:33:18.0348 4416 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
02:33:18.0349 4416 Null - ok
02:33:18.0371 4416 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
02:33:18.0373 4416 nvraid - ok
02:33:18.0402 4416 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
02:33:18.0404 4416 nvstor - ok
02:33:18.0419 4416 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
02:33:18.0421 4416 nv_agp - ok
02:33:18.0445 4416 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
02:33:18.0447 4416 ohci1394 - ok
02:33:18.0494 4416 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
02:33:18.0499 4416 p2pimsvc - ok
02:33:18.0529 4416 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
02:33:18.0535 4416 p2psvc - ok
02:33:18.0565 4416 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
02:33:18.0567 4416 Parport - ok
02:33:18.0584 4416 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
02:33:18.0585 4416 partmgr - ok
02:33:18.0598 4416 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
02:33:18.0599 4416 Parvdm - ok
02:33:18.0618 4416 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
02:33:18.0622 4416 PcaSvc - ok
02:33:18.0631 4416 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
02:33:18.0632 4416 pci - ok
02:33:18.0662 4416 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
02:33:18.0663 4416 pciide - ok
02:33:18.0679 4416 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
02:33:18.0681 4416 pcmcia - ok
02:33:18.0692 4416 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
02:33:18.0693 4416 pcw - ok
02:33:18.0718 4416 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
02:33:18.0735 4416 PEAUTH - ok
02:33:18.0798 4416 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
02:33:18.0824 4416 pla - ok
02:33:18.0871 4416 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
02:33:18.0879 4416 PlugPlay - ok
02:33:18.0904 4416 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
02:33:18.0907 4416 PnkBstrA - ok
02:33:18.0939 4416 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
02:33:18.0942 4416 PNRPAutoReg - ok
02:33:18.0953 4416 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
02:33:18.0956 4416 PNRPsvc - ok
02:33:18.0975 4416 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
02:33:18.0980 4416 PolicyAgent - ok
02:33:19.0018 4416 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
02:33:19.0021 4416 Power - ok
02:33:19.0054 4416 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
02:33:19.0056 4416 PptpMiniport - ok
02:33:19.0074 4416 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
02:33:19.0076 4416 Processor - ok
02:33:19.0099 4416 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
02:33:19.0103 4416 ProfSvc - ok
02:33:19.0112 4416 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:33:19.0114 4416 ProtectedStorage - ok
02:33:19.0156 4416 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
02:33:19.0157 4416 Psched - ok
02:33:19.0193 4416 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
02:33:19.0219 4416 ql2300 - ok
02:33:19.0232 4416 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
02:33:19.0234 4416 ql40xx - ok
02:33:19.0270 4416 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
02:33:19.0274 4416 QWAVE - ok
02:33:19.0287 4416 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
02:33:19.0288 4416 QWAVEdrv - ok
02:33:19.0303 4416 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
02:33:19.0304 4416 RasAcd - ok
02:33:19.0335 4416 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
02:33:19.0363 4416 RasAgileVpn - ok
02:33:19.0367 4416 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
02:33:19.0370 4416 RasAuto - ok
02:33:19.0386 4416 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
02:33:19.0388 4416 Rasl2tp - ok
02:33:19.0428 4416 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
02:33:19.0434 4416 RasMan - ok
02:33:19.0444 4416 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
02:33:19.0445 4416 RasPppoe - ok
02:33:19.0453 4416 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
02:33:19.0455 4416 RasSstp - ok
02:33:19.0490 4416 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
02:33:19.0493 4416 rdbss - ok
02:33:19.0512 4416 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
02:33:19.0513 4416 rdpbus - ok
02:33:19.0542 4416 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
02:33:19.0543 4416 RDPCDD - ok
02:33:19.0556 4416 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
02:33:19.0557 4416 RDPENCDD - ok
02:33:19.0571 4416 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
02:33:19.0571 4416 RDPREFMP - ok
02:33:19.0594 4416 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
02:33:19.0596 4416 RDPWD - ok
02:33:19.0631 4416 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
02:33:19.0633 4416 rdyboost - ok
02:33:19.0664 4416 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
02:33:19.0666 4416 RemoteAccess - ok
02:33:19.0696 4416 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
02:33:19.0700 4416 RemoteRegistry - ok
02:33:19.0737 4416 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
02:33:19.0740 4416 RpcEptMapper - ok
02:33:19.0772 4416 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
02:33:19.0774 4416 RpcLocator - ok
02:33:19.0788 4416 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
02:33:19.0793 4416 RpcSs - ok
02:33:19.0805 4416 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
02:33:19.0807 4416 rspndr - ok
02:33:19.0840 4416 [ A59BA9CF910ABDBE0A06B39FFFFA62F6 ] rzudd C:\Windows\system32\DRIVERS\rzudd.sys
02:33:19.0841 4416 rzudd - ok
02:33:19.0854 4416 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
02:33:19.0855 4416 SamSs - ok
02:33:19.0875 4416 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
02:33:19.0876 4416 sbp2port - ok
02:33:19.0896 4416 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
02:33:19.0899 4416 SCardSvr - ok
02:33:19.0909 4416 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
02:33:19.0910 4416 scfilter - ok
02:33:19.0956 4416 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
02:33:19.0974 4416 Schedule - ok
02:33:19.0998 4416 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
02:33:19.0999 4416 SCPolicySvc - ok
02:33:20.0023 4416 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
02:33:20.0027 4416 SDRSVC - ok
02:33:20.0033 4416 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
02:33:20.0034 4416 secdrv - ok
02:33:20.0065 4416 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
02:33:20.0067 4416 seclogon - ok
02:33:20.0083 4416 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
02:33:20.0086 4416 SENS - ok
02:33:20.0111 4416 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
02:33:20.0114 4416 SensrSvc - ok
02:33:20.0126 4416 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
02:33:20.0127 4416 Serenum - ok
02:33:20.0154 4416 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
02:33:20.0156 4416 Serial - ok
02:33:20.0168 4416 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
02:33:20.0169 4416 sermouse - ok
02:33:20.0207 4416 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
02:33:20.0211 4416 SessionEnv - ok
02:33:20.0244 4416 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
02:33:20.0245 4416 sffdisk - ok
02:33:20.0259 4416 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
02:33:20.0260 4416 sffp_mmc - ok
02:33:20.0269 4416 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
02:33:20.0270 4416 sffp_sd - ok
02:33:20.0297 4416 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
02:33:20.0298 4416 sfloppy - ok
02:33:20.0367 4416 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
02:33:20.0372 4416 SharedAccess - ok
02:33:20.0405 4416 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:33:20.0421 4416 ShellHWDetection - ok
02:33:20.0432 4416 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
02:33:20.0433 4416 sisagp - ok
02:33:20.0454 4416 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:33:20.0456 4416 SiSRaid2 - ok
02:33:20.0471 4416 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
02:33:20.0473 4416 SiSRaid4 - ok
02:33:20.0493 4416 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
02:33:20.0495 4416 Smb - ok
02:33:20.0537 4416 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
02:33:20.0540 4416 SNMPTRAP - ok
02:33:20.0550 4416 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
02:33:20.0551 4416 spldr - ok
02:33:20.0574 4416 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
02:33:20.0578 4416 Spooler - ok
02:33:20.0656 4416 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
02:33:20.0705 4416 sppsvc - ok
02:33:20.0737 4416 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
02:33:20.0740 4416 sppuinotify - ok
02:33:20.0770 4416 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
02:33:20.0773 4416 srv - ok
02:33:20.0785 4416 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
02:33:20.0788 4416 srv2 - ok
02:33:20.0816 4416 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
02:33:20.0818 4416 srvnet - ok
02:33:20.0850 4416 [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
02:33:20.0852 4416 sscdbus - ok
02:33:20.0877 4416 [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
02:33:20.0878 4416 sscdmdfl - ok
02:33:20.0896 4416 [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
02:33:20.0897 4416 sscdmdm - ok
02:33:20.0916 4416 [ 6C239402A3303C66016F5F915E0E8698 ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
02:33:20.0917 4416 sscdserd - ok
02:33:20.0946 4416 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
02:33:20.0950 4416 SSDPSRV - ok
02:33:20.0958 4416 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
02:33:20.0962 4416 SstpSvc - ok
02:33:20.0984 4416 Steam Client Service - ok
02:33:21.0015 4416 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
02:33:21.0016 4416 stexstor - ok
02:33:21.0069 4416 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
02:33:21.0086 4416 StiSvc - ok
02:33:21.0118 4416 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
02:33:21.0119 4416 swenum - ok
02:33:21.0135 4416 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
02:33:21.0151 4416 swprv - ok
02:33:21.0201 4416 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
02:33:21.0228 4416 SysMain - ok
02:33:21.0259 4416 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:33:21.0263 4416 TabletInputService - ok
02:33:21.0293 4416 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
02:33:21.0299 4416 TapiSrv - ok
02:33:21.0333 4416 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
02:33:21.0336 4416 TBS - ok
02:33:21.0376 4416 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
02:33:21.0402 4416 Tcpip - ok
02:33:21.0439 4416 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
02:33:21.0447 4416 TCPIP6 - ok
02:33:21.0478 4416 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
02:33:21.0480 4416 tcpipreg - ok
02:33:21.0509 4416 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
02:33:21.0510 4416 TDPIPE - ok
02:33:21.0536 4416 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
02:33:21.0537 4416 TDTCP - ok
02:33:21.0581 4416 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
02:33:21.0582 4416 tdx - ok
02:33:21.0588 4416 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
02:33:21.0589 4416 TermDD - ok
02:33:21.0623 4416 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
02:33:21.0640 4416 TermService - ok
02:33:21.0648 4416 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
02:33:21.0651 4416 Themes - ok
02:33:21.0663 4416 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
02:33:21.0665 4416 THREADORDER - ok
02:33:21.0673 4416 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
02:33:21.0676 4416 TrkWks - ok
02:33:21.0732 4416 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:33:21.0734 4416 TrustedInstaller - ok
02:33:21.0769 4416 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
02:33:21.0770 4416 tssecsrv - ok
02:33:21.0823 4416 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
02:33:21.0824 4416 TsUsbFlt - ok
02:33:21.0864 4416 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
02:33:21.0866 4416 tunnel - ok
02:33:21.0900 4416 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
02:33:21.0901 4416 uagp35 - ok
02:33:21.0937 4416 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
02:33:21.0940 4416 udfs - ok
02:33:21.0971 4416 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
02:33:21.0974 4416 UI0Detect - ok
02:33:22.0014 4416 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
02:33:22.0016 4416 uliagpkx - ok
02:33:22.0032 4416 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
02:33:22.0033 4416 umbus - ok
02:33:22.0057 4416 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
02:33:22.0057 4416 UmPass - ok
02:33:22.0075 4416 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
02:33:22.0081 4416 upnphost - ok
02:33:22.0101 4416 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
02:33:22.0103 4416 usbaudio - ok
02:33:22.0138 4416 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
02:33:22.0139 4416 usbccgp - ok
02:33:22.0164 4416 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
02:33:22.0165 4416 usbcir - ok
02:33:22.0198 4416 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
02:33:22.0200 4416 usbehci - ok
02:33:22.0216 4416 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
02:33:22.0219 4416 usbhub - ok
02:33:22.0229 4416 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
02:33:22.0231 4416 usbohci - ok
02:33:22.0238 4416 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
02:33:22.0239 4416 usbprint - ok
02:33:22.0248 4416 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:33:22.0250 4416 USBSTOR - ok
02:33:22.0263 4416 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
02:33:22.0264 4416 usbuhci - ok
02:33:22.0301 4416 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
02:33:22.0304 4416 UxSms - ok
02:33:22.0312 4416 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
02:33:22.0314 4416 VaultSvc - ok
02:33:22.0326 4416 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
02:33:22.0327 4416 vdrvroot - ok
02:33:22.0365 4416 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
02:33:22.0382 4416 vds - ok
02:33:22.0427 4416 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
02:33:22.0428 4416 vga - ok
02:33:22.0461 4416 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
02:33:22.0462 4416 VgaSave - ok
02:33:22.0478 4416 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
02:33:22.0480 4416 vhdmp - ok
02:33:22.0496 4416 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
02:33:22.0497 4416 viaagp - ok
02:33:22.0509 4416 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
02:33:22.0511 4416 ViaC7 - ok
02:33:22.0540 4416 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
02:33:22.0541 4416 viaide - ok
02:33:22.0549 4416 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
02:33:22.0551 4416 volmgr - ok
02:33:22.0561 4416 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
02:33:22.0564 4416 volmgrx - ok
02:33:22.0579 4416 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
02:33:22.0582 4416 volsnap - ok
02:33:22.0627 4416 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
02:33:22.0629 4416 vsmraid - ok
02:33:22.0667 4416 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
02:33:22.0693 4416 VSS - ok
02:33:22.0749 4416 [ F98A970D02B35870C8013B43736F7904 ] vToolbarUpdater12.1.3 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe
02:33:22.0767 4416 vToolbarUpdater12.1.3 - ok
02:33:22.0782 4416 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
02:33:22.0783 4416 vwifibus - ok
02:33:22.0817 4416 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
02:33:22.0823 4416 W32Time - ok
02:33:22.0853 4416 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
02:33:22.0854 4416 WacomPen - ok
02:33:22.0875 4416 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
02:33:22.0877 4416 WANARP - ok
02:33:22.0879 4416 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
02:33:22.0880 4416 Wanarpv6 - ok
02:33:22.0926 4416 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
02:33:22.0952 4416 WatAdminSvc - ok
02:33:22.0986 4416 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
02:33:23.0012 4416 wbengine - ok
02:33:23.0027 4416 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
02:33:23.0032 4416 WbioSrvc - ok
02:33:23.0061 4416 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
02:33:23.0066 4416 wcncsvc - ok
02:33:23.0073 4416 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:33:23.0077 4416 WcsPlugInService - ok
02:33:23.0089 4416 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
02:33:23.0090 4416 Wd - ok
02:33:23.0113 4416 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
02:33:23.0128 4416 Wdf01000 - ok
02:33:23.0138 4416 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
02:33:23.0142 4416 WdiServiceHost - ok
02:33:23.0146 4416 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
02:33:23.0149 4416 WdiSystemHost - ok
02:33:23.0183 4416 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
02:33:23.0188 4416 WebClient - ok
02:33:23.0220 4416 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
02:33:23.0225 4416 Wecsvc - ok
02:33:23.0234 4416 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
02:33:23.0238 4416 wercplsupport - ok
02:33:23.0257 4416 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
02:33:23.0260 4416 WerSvc - ok
02:33:23.0280 4416 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
02:33:23.0281 4416 WfpLwf - ok
02:33:23.0299 4416 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
02:33:23.0300 4416 WIMMount - ok
02:33:23.0377 4416 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
02:33:23.0394 4416 WinDefend - ok
02:33:23.0401 4416 WinHttpAutoProxySvc - ok
02:33:23.0452 4416 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
02:33:23.0455 4416 Winmgmt - ok
02:33:23.0503 4416 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
02:33:23.0529 4416 WinRM - ok
02:33:23.0567 4416 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
02:33:23.0568 4416 WinUsb - ok
02:33:23.0612 4416 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
02:33:23.0629 4416 Wlansvc - ok
02:33:23.0684 4416 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:33:23.0711 4416 wlidsvc - ok
02:33:23.0747 4416 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
02:33:23.0748 4416 WmiAcpi - ok
02:33:23.0782 4416 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
02:33:23.0784 4416 wmiApSrv - ok
02:33:23.0833 4416 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
02:33:23.0858 4416 WMPNetworkSvc - ok
02:33:23.0876 4416 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
02:33:23.0880 4416 WPCSvc - ok
02:33:23.0918 4416 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
02:33:23.0922 4416 WPDBusEnum - ok
02:33:23.0952 4416 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
02:33:23.0954 4416 ws2ifsl - ok
02:33:23.0983 4416 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
02:33:23.0987 4416 wscsvc - ok
02:33:23.0990 4416 WSearch - ok
02:33:24.0051 4416 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
02:33:24.0085 4416 wuauserv - ok
02:33:24.0102 4416 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
02:33:24.0104 4416 WudfPf - ok
02:33:24.0154 4416 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
02:33:24.0156 4416 WUDFRd - ok
02:33:24.0181 4416 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
02:33:24.0185 4416 wudfsvc - ok
02:33:24.0213 4416 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
02:33:24.0218 4416 WwanSvc - ok
02:33:24.0244 4416 [ C26C68BCBAC1F33F890C226769759209 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
02:33:24.0245 4416 xusb21 - ok
02:33:24.0288 4416 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
02:33:24.0291 4416 yukonw7 - ok
02:33:24.0306 4416 ================ Scan global ===============================
02:33:24.0339 4416 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
02:33:24.0373 4416 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
02:33:24.0389 4416 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
02:33:24.0418 4416 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
02:33:24.0449 4416 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
02:33:24.0453 4416 [Global] - ok
02:33:24.0455 4416 ================ Scan MBR ==================================
02:33:24.0469 4416 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
02:33:24.0647 4416 \Device\Harddisk0\DR0 - ok
02:33:24.0665 4416 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
02:33:24.0695 4416 \Device\Harddisk1\DR1 - ok
02:33:24.0696 4416 ================ Scan VBR ==================================
02:33:24.0698 4416 [ 4D13D4BD0E1682E86E34A941D8026FCE ] \Device\Harddisk0\DR0\Partition1
02:33:24.0699 4416 \Device\Harddisk0\DR0\Partition1 - ok
02:33:24.0700 4416 ============================================================
02:33:24.0700 4416 Scan finished
02:33:24.0700 4416 ============================================================
02:33:24.0708 4184 Detected object count: 0
02:33:24.0708 4184 Actual detected object count: 0


-----------------------------------------------------------------------------------------------


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-26 02:35:03
-----------------------------
02:35:03.596 OS Version: Windows 6.1.7601 Service Pack 1
02:35:03.596 Number of processors: 4 586 0x1707
02:35:03.597 ComputerName: BOSSATRON UserName: Cramer
02:35:20.189 Initialize success
02:38:36.462 AVAST engine defs: 12082501
02:38:48.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
02:38:48.393 Disk 0 Vendor: WDC_WD6400AAKS-00A7B0 01.03B01 Size: 610480MB BusType: 3
02:38:48.396 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
02:38:48.398 Disk 1 Vendor: WDC_WD1600AAJS-00B4A0 01.03A01 Size: 152627MB BusType: 3
02:38:48.416 Disk 0 MBR read successfully
02:38:48.419 Disk 0 MBR scan
02:38:48.424 Disk 0 Windows 7 default MBR code
02:38:48.428 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610469 MB offset 63
02:38:48.434 Disk 0 scanning sectors +1250242560
02:38:48.495 Disk 0 scanning C:\Windows\system32\drivers
02:38:56.522 Service scanning
02:39:12.012 Modules scanning
02:39:17.707 Disk 0 trace - called modules:
02:39:17.724 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys dxgkrnl.sys atikmpag.sys atikmdag.sys dxgmms1.sys watchdog.sys rassstp.sys
02:39:17.729 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863fd030]
02:39:17.735 3 CLASSPNP.SYS[8bd9e59e] -> nt!IofCallDriver -> [0x85f08918]
02:39:17.741 5 ACPI.sys[8b89f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85f02030]
02:39:20.403 AVAST engine scan C:\Windows
02:39:23.144 AVAST engine scan C:\Windows\system32
02:41:21.029 AVAST engine scan C:\Windows\system32\drivers
02:41:31.438 AVAST engine scan C:\Users\Cramer
02:46:18.244 AVAST engine scan C:\ProgramData
02:47:12.037 Scan finished successfully
02:47:35.717 Disk 0 MBR has been saved successfully to "C:\Users\Cramer\Desktop\MBR.dat"
02:47:35.723 The log file has been saved successfully to "C:\Users\Cramer\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 26 August 2012 - 03:54 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Skizzak

Skizzak
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 26 August 2012 - 05:23 AM

Everything went smoothly.

ComboFix 12-08-25.04 - Cramer 08/26/2012 6:12.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.2334 [GMT -4:00]
Running from: c:\users\Cramer\Desktop\ComboFix.exe
Command switches used :: c:\users\Cramer\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-26 10:19 . 2012-08-26 10:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-26 06:55 . 2012-08-20 05:53 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30746758-1654-4E1D-A71D-AFC050107FF2}\mpengine.dll
2012-08-23 13:18 . 2012-08-23 13:19 -------- d-----w- C:\FRST
2012-08-23 07:19 . 2012-02-09 18:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F3A1C4A-8BB2-4842-9292-C2B3D2C226F2}\gapaengine.dll
2012-08-23 07:12 . 2012-08-23 07:12 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-23 07:11 . 2012-08-23 07:11 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-17 00:44 . 2012-08-17 00:44 -------- d-----w- c:\program files\ASIO4ALL v2
2012-08-17 00:41 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2012-08-17 00:41 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2012-08-17 00:40 . 2012-08-17 00:41 -------- d-----w- c:\program files\VstPlugins
2012-08-17 00:40 . 2012-08-17 00:40 -------- d-----w- c:\program files\Outsim
2012-08-17 00:38 . 2012-08-17 00:41 -------- d-----w- c:\program files\Image-Line
2012-08-13 04:29 . 2007-06-29 18:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2012-08-13 04:28 . 2012-08-13 04:28 -------- d-----w- c:\program files\AMD
2012-08-13 04:28 . 2012-08-13 04:28 -------- d-----w- c:\users\Cramer\AppData\Local\Downloaded Installations
2012-08-12 07:25 . 2012-08-12 07:25 -------- d-----w- c:\users\Cramer\AppData\Roaming\Carbon
2012-08-11 17:59 . 2012-08-11 17:59 -------- d-----w- c:\program files\Traffic Simulator Configuration Tool
2012-08-05 23:44 . 2012-08-05 23:44 -------- d-----w- c:\users\Cramer\AppData\Local\Fallout3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 18:50 . 2011-10-25 05:38 140360 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-06 18:50 . 2011-10-25 06:25 283032 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-06 18:50 . 2011-10-25 05:38 283032 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-06 18:49 . 2011-10-25 05:38 298016 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-20 06:20 . 2012-07-20 06:20 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-07-20 04:20 . 2009-08-18 15:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-07-20 04:19 . 2009-08-18 15:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-20 03:25 . 2012-07-20 03:25 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-07-19 02:42 . 2012-07-19 02:42 480256 ----a-w- c:\windows\system32\rzdevicedll.dll
2012-07-16 02:32 . 2012-07-16 02:32 143360 ----a-w- c:\windows\system32\rztouchdll.dll
2012-07-16 02:32 . 2012-07-16 02:32 165888 ----a-w- c:\windows\system32\rzaudiodll.dll
2012-07-16 02:32 . 2012-07-16 02:32 84608 ----a-w- c:\windows\system32\drivers\rzudd.sys
2012-07-10 03:08 . 2011-10-25 05:38 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-07-10 02:55 . 2011-10-25 05:38 138056 ----a-w- c:\users\Cramer\AppData\Roaming\PnkBstrK.sys
2012-07-09 13:25 . 2012-07-10 02:55 3130440 ----a-w- c:\windows\system32\pbsvc_blr.exe
2012-06-11 18:58 . 2012-06-11 18:58 8733696 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 58880 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\system32\atioglxx.dll
2012-06-11 17:50 . 2012-06-11 17:50 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\system32\amdocl.dll
2012-06-11 17:48 . 2012-06-11 17:48 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-04-20 06:09 924160 ----a-w- c:\windows\system32\aticfx32.dll
2012-06-11 17:20 . 2011-10-26 02:01 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 468992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-06-11 17:17 . 2012-06-11 17:17 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-06-11 17:16 . 2011-04-20 05:59 6301696 ----a-w- c:\windows\system32\atidxx32.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-06-11 16:45 . 2011-10-26 01:35 5480448 ----a-w- c:\windows\system32\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-06-11 16:43 . 2011-10-26 01:32 4729344 ----a-w- c:\windows\system32\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\system32\aticaldd.dll
2012-06-11 16:26 . 2011-10-26 01:22 368640 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-06-11 16:25 . 2012-06-11 16:25 295936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-04-20 05:21 42496 ----a-w- c:\windows\system32\atiuxpag.dll
2012-06-11 16:24 . 2011-10-17 01:22 32768 ----a-w- c:\windows\system32\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-06-06 05:05 . 2012-07-11 08:43 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 08:43 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 08:43 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-19 01:29 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 01:29 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 01:28 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 01:28 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 01:29 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 01:29 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 01:28 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 01:28 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-19 01:28 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-11 08:43 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 08:43 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 08:43 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 08:43 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 08:43 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-19 08:31 . 2011-10-25 04:29 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-20 06:20 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll" [2012-07-20 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\Steam\steam.exe" [2012-08-04 1353080]
"Smart PC Cleaner"="c:\program files\Smart PC Cleaner\SPCLauncher.exe" [2012-01-28 80016]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-17 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-01-25 296056]
"Razer Synapse"="c:\program files\Razer\Synapse\RzSynapse.exe" [2012-08-10 316840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-20 1147488]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 57051653
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - 57051653
*Deregistered* - aswMBR
.
.
------- Supplementary Scan -------
.
uStart Page = https://isearch.avg.com/?cid={48B9DC7F-F40A-4E96-BB1E-1DBF4E77AEE6}&mid=15a37e2dc43147d08d26d1568033e1c2-ca6e408efb1053d1085e756275b17a8fe8830bcd&lang=en&ds=gl011&pr=sa&d=2012-07-20 02:20&v=12.1.0.20&sap=hp
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 69.88.214.131 69.88.214.132
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll
FF - ProfilePath - c:\users\Cramer\AppData\Roaming\Mozilla\Firefox\Profiles\a1os5m45.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4092379890-2822534315-2594436527-1001\Software\SecuROM\License information*]
"datasecu"=hex:f7,37,5c,ae,68,6b,48,e9,90,96,9b,1c,ac,e8,e0,d5,3f,73,b8,3a,b0,
b5,1e,8b,9e,71,f9,2e,8e,77,11,e4,04,d5,c6,c1,fd,0c,15,6c,b1,07,e8,43,35,43,\
"rkeysecu"=hex:a8,85,34,c4,ef,ca,52,e3,64,39,dd,f5,53,3b,af,3c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2688)
c:\program files\ATI Technologies\HydraVision\HydraDMH.dll
.
Completion time: 2012-08-26 06:21:15
ComboFix-quarantined-files.txt 2012-08-26 10:21
ComboFix2.txt 2012-08-26 05:35
.
Pre-Run: 150,644,981,760 bytes free
Post-Run: 150,536,294,400 bytes free
.
- - End Of File - - 8E8DACE3F790D5D3D483AE007C786610

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 26 August 2012 - 06:01 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Skizzak

Skizzak
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 26 August 2012 - 01:24 PM

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Age of Empires III
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD AVIVO Codecs
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Amnesia: The Dark Descent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
AVG Security Toolbar
Awesomenauts
Batman: Arkham Asylum GOTY Edition
Batman: Arkham City™
Battlefield 3™
Battlefield Heroes
Blacklight: Retribution
Bonjour
Breath of Death VII
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Codec-V
Cool & Quiet
Counter-Strike: Global Offensive Beta
Crusader Kings II
Cthulhu Saves the World
DC Universe Online
Diablo III
Diablo III Beta
Dota 2
Dual-Core Optimizer
ESN Sonar
Fallout 3 - Game of the Year Edition
FL Studio 9
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Grand Theft Auto: San Andreas
Hardcore
Hi-Rez Studios Authenticate and Update Service
Hitman: Blood Money
Host OpenAL (ADI)
HydraVision
IL Download Manager
iTunes
Java Auto Updater
Java™ 6 Update 31
Killing Floor
League of Legends
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 4.0
Mount & Blade: Warband
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Mplayer 0.6.9
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Addon Mod Version 30 with Essentials r132
Nexus Mod Manager
NVIDIA PhysX
Origin
Pando Media Booster
PAYDAY: The Heist
Planetside
PoiZone
PunkBuster Services
Razer Synapse 2.0
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Recettear: An Item Shop's Tale
Red Orchestra 2: Heroes of Stalingrad
RGF HotSpot version 0.6b
Sakura
Sawer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SimCity 4 Deluxe
Smart PC Cleaner v3.0
SoundMAX
SpaceChem
Spiral Knights
Star Wars: The Old Republic
Steam
Super Monday Night Combat
Team Fortress 2
TeamSpeak 3 Client
TERA
Terraria
The Elder Scrolls V: Skyrim
Torchlight
Toxic Biohazard
Tribes: Ascend
Trine 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Ventrilo Client
Windows Live ID Sign-in Assistant
WinRAR 4.20 (32-bit)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 26 August 2012 - 03:24 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 31 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Skizzak

Skizzak
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 27 August 2012 - 11:12 PM

Sorry for the Delay. I had a bunch of work that I needed to get done. Did everything with zero issues. Computer still seems to be running great.

MBAM

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.28.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Cramer :: BOSSATRON [administrator]

Protection: Enabled

8/27/2012 11:51:37 PM
mbam-log-2012-08-27 (23-51-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193367
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.BHO.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Cramer\Downloads\Codec-V.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Cramer\Downloads\movie_player_1280.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\Cramer\Downloads\mplayer_tuguu_1271.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\Cramer\Downloads\winrar setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.

(end)

Hijackthis


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:03 AM, on 8/28/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Razer\Synapse\RzSynapse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cramer\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={48B9DC7F-F40A-4E96-BB1E-1DBF4E77AEE6}&mid=15a37e2dc43147d08d26d1568033e1c2-ca6e408efb1053d1085e756275b17a8fe8830bcd&lang=en&ds=gl011&pr=sa&d=2012-07-20 02:20:13&v=12.1.0.20&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Smart PC Cleaner] C:\Program Files\Smart PC Cleaner\SPCLauncher.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files\Hi-Rez Studios\HiPatchService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: vToolbarUpdater12.1.3 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe

--
End of file - 6965 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 28 August 2012 - 06:10 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Smart PC Cleaner] C:\Program Files\Smart PC Cleaner\SPCLauncher.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 31 August 2012 - 10:35 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users