Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.R & Sirefef.AH removal


  • This topic is locked This topic is locked
28 replies to this topic

#1 RimSh0t

RimSh0t

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 28 August 2012 - 07:41 AM

Hello, I hope you can help me with this virus/malware or what it is :(

My computer has been infected with the viruses "Sirefef.R & Sirefef.AH", and Microsoft Security Essentials has been reinstalled duo to it not working after the infection (It did'nt help though). Every the i restart my computer, it results in this warning that the computer will shut down in a minute, and it does.

Edited by RimSh0t, 28 August 2012 - 07:42 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:57 PM

Posted 28 August 2012 - 08:32 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 RimSh0t

RimSh0t
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 29 August 2012 - 01:13 PM

Hello Gringo, and thank you for helping me.
I've had quite some problems getting to the advanced boot options menu. My computer does not respond to the F8 key, but thanks to your advice on booting with the windows cd I have managed to get to the command prompt.

I cannot run the FRST64.exe file. When I type the following in the command prompt: "e:\FRST64.exe" I get a message telling me something like "The version of e:\FRST64.exe is not compatible with this version of windows, contact the software developer to get help about 32/64 bit versions" ???

I have tried everything I can think of, for the past 2½ hours now, I hope you can help me :)

Ps. I'm running Windows Vista 32bit home basic version.

Edited by RimSh0t, 29 August 2012 - 01:15 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:57 PM

Posted 29 August 2012 - 02:41 PM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 RimSh0t

RimSh0t
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 30 August 2012 - 01:28 PM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 29-08-2012 04
Ran by SYSTEM at 30-08-2012 20:16:50
Running from K:\
Windows Vista ™ Home Premium (X86) OS Language: Danish
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [WinampAgent] C:\Users\dennis\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [116128 2009-04-22] (CANON INC.)
HKLM\...\Run: [Garmin Lifetime Updater] C:\Programmer\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446248 2011-12-15] (Garmin)
HKLM\...\Run: [] [x]
HKLM\...\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" [1095560 2012-07-26] (Spigot, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\dennis\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [153136 2007-05-16] (Nero AG)
HKLM\...\Winlogon: [Userinit] [x]
Tcpip\Parameters: [DhcpNameServer] 212.242.40.3 212.242.40.51 192.168.1.1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

========================== Services (Whitelisted) ========================

2 Application Updater; "C:\Program Files\Application Updater\ApplicationUpdater.exe" [794560 2012-07-26] (Spigot, Inc.)
3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2011-07-16] (Google)
3 Sony Ericsson PCCompanion; "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" [155344 2011-06-29] (Avanquest Software)
2 wgsslvpnsrc; C:\Programmer\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [58368 2011-03-28] ()
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

==================== Drivers (Whitelisted) ===================

0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2010-03-15] (MCCI Corporation)
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [101112 2012-01-12] (GFI Software)
3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2011-03-28] (The OpenVPN Project)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) =================


============ One Month Created Files and Folders ==============

2012-08-30 20:16 - 2012-08-30 20:16 - 00000000 ____D C:\FRST
2012-08-29 18:04 - 2012-08-29 17:53 - 01449945 ____A (Farbar) C:\Users\dennis\Desktop\FRST64.exe
2012-08-28 12:46 - 2012-08-28 12:47 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-18 19:10 - 2012-08-19 13:54 - 00000000 ____D C:\Users\dennis\Desktop\Mainstream musik til 1 september
2012-08-17 14:27 - 2012-06-29 01:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-17 14:27 - 2012-06-29 01:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-17 14:27 - 2012-06-29 01:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-17 14:27 - 2012-06-29 01:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-17 14:27 - 2012-06-29 01:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-17 14:27 - 2012-06-29 01:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-17 14:27 - 2012-06-29 01:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-17 14:27 - 2012-06-29 01:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-17 14:27 - 2012-06-29 01:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-17 14:27 - 2012-06-29 01:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-17 14:27 - 2012-06-29 01:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-17 14:27 - 2012-06-29 01:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-17 14:27 - 2012-06-29 01:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-17 14:27 - 2012-06-29 00:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-17 14:26 - 2012-07-04 15:02 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-16 20:56 - 2012-08-19 13:54 - 00000000 ____D C:\Users\dennis\Desktop\House musik til 1 september
2012-08-16 17:27 - 2012-06-29 17:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-16 17:27 - 2012-05-11 16:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-02 18:49 - 2012-08-02 18:52 - 00000078 ____A C:\Users\dennis\Desktop\Julegave ønsker.txt

============ 3 Months Modified Files ========================

2012-08-29 18:47 - 2006-11-02 14:01 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-29 18:47 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-29 18:46 - 2011-07-15 17:49 - 00035757 ____A C:\Users\All Users\nvModes.dat
2012-08-29 18:46 - 2011-07-15 17:49 - 00035757 ____A C:\Users\All Users\nvModes.001
2012-08-29 18:46 - 2006-11-02 13:47 - 00003664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-29 18:46 - 2006-11-02 13:47 - 00003664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-29 18:41 - 2011-07-29 13:50 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-29 17:53 - 2012-08-29 18:04 - 01449945 ____A (Farbar) C:\Users\dennis\Desktop\FRST64.exe
2012-08-28 12:48 - 2006-11-02 13:52 - 01877873 ____A C:\Windows\WindowsUpdate.log
2012-08-28 12:47 - 2011-10-21 18:00 - 00001912 ____A C:\Windows\epplauncher.mif
2012-08-28 12:47 - 2006-11-02 11:33 - 01378766 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-20 21:19 - 2012-05-24 21:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-18 09:41 - 2006-11-02 13:47 - 01591944 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-17 14:28 - 2006-11-02 11:24 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-08-15 18:24 - 2011-07-15 18:31 - 00580169 ____A C:\Users\dennis\danid.log
2012-08-14 19:19 - 2012-05-24 21:25 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-14 19:19 - 2011-12-14 22:20 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-02 18:52 - 2012-08-02 18:49 - 00000078 ____A C:\Users\dennis\Desktop\Julegave ønsker.txt
2012-07-29 17:42 - 2012-02-17 18:17 - 00000000 ____A C:\Users\dennis\temp.dat
2012-07-04 15:02 - 2012-08-17 14:26 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-03 19:30 - 2011-07-15 18:31 - 01054924 ____A C:\Users\dennis\danid.log.1
2012-06-29 17:01 - 2012-08-16 17:27 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-06-29 01:52 - 2012-08-17 14:27 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-29 01:27 - 2012-08-17 14:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-29 01:16 - 2012-08-17 14:27 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-29 01:09 - 2012-08-17 14:27 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-29 01:09 - 2012-08-17 14:27 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-29 01:08 - 2012-08-17 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-29 01:07 - 2012-08-17 14:27 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-29 01:06 - 2012-08-17 14:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-29 01:04 - 2012-08-17 14:27 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-29 01:04 - 2012-08-17 14:27 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-29 01:01 - 2012-08-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-29 01:01 - 2012-08-17 14:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-29 01:00 - 2012-08-17 14:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-29 00:57 - 2012-08-17 14:27 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-21 22:10 - 2012-06-21 22:08 - 00294018 ____A C:\Windows\System32\shimg.dll
2012-06-08 22:36 - 2012-06-08 22:36 - 00000223 ____A C:\Users\dennis\Desktop\24h-le-mans.dk.url
2012-06-08 18:47 - 2012-07-11 22:11 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 19:33 - 2012-06-05 14:19 - 00000041 ____A C:\Users\dennis\AppData\Roaming\D9EC0D.dat
2012-06-05 18:44 - 2012-06-05 18:13 - 00005888 ____A C:\Windows\System32\Drivers\kgpcpy.cfg
2012-06-05 17:47 - 2012-07-11 22:11 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 17:47 - 2012-07-11 22:11 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 16:26 - 2012-07-11 22:11 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 23:19 - 2012-06-22 17:29 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 23:19 - 2012-06-22 17:29 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 23:19 - 2012-06-22 17:29 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 23:19 - 2012-06-22 17:29 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 23:19 - 2012-06-22 17:29 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 23:12 - 2012-06-22 17:29 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 23:12 - 2012-06-22 17:29 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-22 17:29 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-22 17:29 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:04 - 2012-07-11 22:11 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 01:03 - 2012-07-11 22:11 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

ZeroAccess:
C:\Windows\Installer\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}
C:\Windows\Installer\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}\@
C:\Windows\Installer\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}\L
C:\Windows\Installer\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}\n
C:\Windows\Installer\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}\U
C:\Windows\Installer\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}\L\00000004.@

ZeroAccess:
C:\Users\dennis\AppData\Local\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}
C:\Users\dennis\AppData\Local\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}\@
C:\Users\dennis\AppData\Local\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}\L
C:\Users\dennis\AppData\Local\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}\U
C:\Users\dennis\AppData\Local\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}\L\00000004.@
C:\Users\dennis\AppData\Local\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}\U\00000004.@
C:\Users\dennis\AppData\Local\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}\U\00000008.@
C:\Users\dennis\AppData\Local\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}\U\000000cb.@
C:\Users\dennis\AppData\Local\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}\U\80000000.@

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-06-29 22:40:38
Restore point made on: 2012-06-30 21:36:52
Restore point made on: 2012-06-30 21:38:42
Restore point made on: 2012-07-03 19:33:05
Restore point made on: 2012-07-04 16:33:11
Restore point made on: 2012-07-04 16:35:00
Restore point made on: 2012-07-07 12:13:16
Restore point made on: 2012-07-08 20:53:57
Restore point made on: 2012-07-08 20:55:46
Restore point made on: 2012-07-11 11:24:56
Restore point made on: 2012-07-12 09:21:07
Restore point made on: 2012-07-13 16:57:15
Restore point made on: 2012-07-13 16:59:06
Restore point made on: 2012-07-16 17:21:06
Restore point made on: 2012-07-17 16:31:35
Restore point made on: 2012-07-17 16:36:42
Restore point made on: 2012-07-18 19:54:05
Restore point made on: 2012-07-19 17:58:15
Restore point made on: 2012-07-20 16:40:34
Restore point made on: 2012-07-20 16:42:24
Restore point made on: 2012-07-23 16:54:35
Restore point made on: 2012-07-24 20:51:56
Restore point made on: 2012-07-24 20:53:41
Restore point made on: 2012-07-24 23:03:43
Restore point made on: 2012-07-25 21:12:38
Restore point made on: 2012-07-25 21:16:07
Restore point made on: 2012-07-26 17:46:51
Restore point made on: 2012-07-27 16:58:05
Restore point made on: 2012-07-27 16:59:51
Restore point made on: 2012-07-30 17:12:22
Restore point made on: 2012-08-02 18:06:47
Restore point made on: 2012-08-03 18:48:48
Restore point made on: 2012-08-03 18:53:40
Restore point made on: 2012-08-05 22:16:59
Restore point made on: 2012-08-06 19:35:33
Restore point made on: 2012-08-06 19:37:22
Restore point made on: 2012-08-08 16:58:47
Restore point made on: 2012-08-09 20:29:01
Restore point made on: 2012-08-10 17:09:15
Restore point made on: 2012-08-10 17:11:00
Restore point made on: 2012-08-13 17:32:27
Restore point made on: 2012-08-14 19:26:44
Restore point made on: 2012-08-14 19:28:30
Restore point made on: 2012-08-16 20:21:38
Restore point made on: 2012-08-17 14:25:48
Restore point made on: 2012-08-18 17:16:32
Restore point made on: 2012-08-18 17:18:25
Restore point made on: 2012-08-20 17:05:37

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 2045.56 MB
Available physical RAM: 1635.93 MB
Total Pagefile: 1853.59 MB
Available Pagefile: 1690.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.21 MB

==================== Partitions ============================

1 Drive c: (Drev C (298 Gb)) (Fixed) (Total:288.03 GB) (Free:207.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Drev D (298 Gb)) (Fixed) (Total:298.09 GB) (Free:96.31 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.2 GB) NTFS
4 Drive f: (VISTA_32_PREMIUM) (CDROM) (Total:2.59 GB) (Free:0 GB) CDFS
9 Drive k: (RSDH16GB) (Removable) (Total:15.69 GB) (Free:11.92 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Partition ### Type Str. Forskydning
------------- ---------------- ------- -----------
Disk 0 Online 298 GB 596 KB
Disk 1 Online 298 GB 1337 KB
Disk 2 Intet medi 0 B 0 B
Disk 3 Intet medi 0 B 0 B
Disk 4 Intet medi 0 B 0 B
Disk 5 Intet medi 0 B 0 B
Disk 6 Online 16 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Str. Forskydning
------------- ---------------- ------- -----------
Partition 1 OEM 63 MB 32 KB
Partition 2 Prim‘r 10 GB 63 MB
Partition 3 Prim‘r 288 GB 10 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Skjult: Ja
Aktiv : Nej

Diskenhed Bogs. Navn Fs Type Str. Status Oplysn.
--------- ---- ---------- ----- ---------- ------- --------- --------
* Volume 9 FAT Partition 63 MB I orden Skjult

==================================================================================

Disk: 0
Partition 2
Type : 07
Skjult: Nej
Aktiv : Nej

Diskenhed Bogs. Navn Fs Type Str. Status Oplysn.
--------- ---- ---------- ----- ---------- ------- --------- --------
* Volume 5 E RECOVERY NTFS Partition 10 GB I orden

==================================================================================

Disk: 0
Partition 3
Type : 07
Skjult: Nej
Aktiv : Ja

Diskenhed Bogs. Navn Fs Type Str. Status Oplysn.
--------- ---- ---------- ----- ---------- ------- --------- --------
* Volume 4 C Drev C (298 NTFS Partition 288 GB I orden

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Str. Forskydning
------------- ---------------- ------- -----------
Partition 1 Prim‘r 298 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Skjult: Nej
Aktiv : Nej

Diskenhed Bogs. Navn Fs Type Str. Status Oplysn.
--------- ---- ---------- ----- ---------- ------- --------- --------
* Volume 5 D Drev D (298 NTFS Partition 298 GB I orden

==================================================================================

Partitions of Disk 6:
===============

Partition ### Type Str. Forskydning
------------- ---------------- ------- -----------
Partition 1 Prim‘r 16 GB 4096 KB

==================================================================================

Disk: 6
Partition 1
Type : 0C
Skjult: Nej
Aktiv : Nej

Diskenhed Bogs. Navn Fs Type Str. Status Oplysn.
--------- ---- ---------- ----- ---------- ------- --------- --------
* Volume 0 K RSDH16GB FAT32 Flytbar 16 GB I orden

==================================================================================

Last Boot: 2012-08-28 12:47

==================== End Of Log =============================




Farbar Recovery Scan Tool Version: 29-08-2012 04
Ran by SYSTEM at 2012-08-30 20:18:43
Running from K:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2011-07-29 13:50] - [2009-04-11 07:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2011-07-26 16:49] - [2008-01-19 08:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 09:35] - [2006-11-02 10:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2011-07-29 13:50] - [2012-08-29 18:41] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

=== End Of Search ===

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:57 PM

Posted 02 September 2012 - 03:18 AM

Hello RimSh0t

Very sorry for losing you!!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}
C:\Users\dennis\AppData\Local\{5edf6e51-6b62-23ac-fe03-2cad1b197af2}
C:\Windows\assembly\GAC\Desktop.ini
Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\Windows\System32\services.exe
 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 RimSh0t

RimSh0t
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 02 September 2012 - 08:46 AM

Hi again, no worries Gringo I am very thankful that you want to help me :)


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 29-08-2012 04
Ran by SYSTEM at 2012-09-02 15:40:49 Run:1
Running from K:\

==============================================

C:\Windows\Installer\{5edf6e51-6b62-23ac-fe03-2cad1b197af2} moved successfully.
C:\Users\dennis\AppData\Local\{5edf6e51-6b62-23ac-fe03-2cad1b197af2} moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:57 PM

Posted 02 September 2012 - 06:23 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 RimSh0t

RimSh0t
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 03 September 2012 - 02:17 PM

I have executed the aplication combofix.exe, but it ended strangely..

After some time and rebooting once, a message appeared telling me something like the document log.txt does not exist, do you want to create it, and I pressed yes. Notepad opened and after that nothing happened, notepad was open but there were no log/text written.

I have rebooted the computer, but nothing happens. Should I run Combofix.exe again?


I have tried a few things like IE, Windows Mail and so. They appear normal, but when I use IE, everytime I open a new page this message about safety is shown "The pages you want to view is shown through a safe connection, the interaction you have with this website can not be viewed by others" (Translated from Danish).
Most importantly though, Windows does NOT reboot again and again :)

Edited by RimSh0t, 03 September 2012 - 02:18 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:57 PM

Posted 03 September 2012 - 02:29 PM

Greetings

"The pages you want to view is shown through a safe connection, - this was reset by combofix and put a checkmark in "don't show me this again"

yes try combofix once more but try in safe mode



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 RimSh0t

RimSh0t
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 04 September 2012 - 01:48 PM

Hello Gringo.
I ran Combofix.exe again, and this time it ended as planned. I will post the log here, but I also found a log from yesterday when combofix ended unsuspected, it was located in c:\ and I will post that log at the bottom of this post.
I'm looking forward to hear from you.

Best Regards
Dennis
Denmark

LOG FILE FROM 04 SEPTEMBER - WHEN COMBOFIX ENDED AS PLANNED.

ComboFix 12-09-03.07 - dennis 04-09-2012 20:29:15.2.2 - x86
Kører fra: c:\users\dennis\Desktop\ComboFix.exe
* Dannede nyt systemgendannelsespunkt
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2012-08-04 til 2012-09-04 )))))))))))))))))))))))))))))))))))
.
.
2012-09-04 18:35 . 2012-09-04 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-30 19:16 . 2012-08-30 19:16 -------- d-----w- C:\FRST
2012-08-28 11:51 . 2012-02-09 12:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3E0DE77-21AD-4ED2-9A0E-39AB5477F446}\gapaengine.dll
2012-08-28 11:51 . 2012-08-19 23:53 7023536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5796F6B6-2682-4085-A51F-6E27E808D474}\mpengine.dll
2012-08-28 11:46 . 2012-08-28 11:47 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-17 13:26 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 16:27 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 18:19 . 2012-05-24 20:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 18:19 . 2011-12-14 21:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\users\dennis\Winamp\winampa.exe" [2011-07-11 74752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2009-04-22 116128]
"Garmin Lifetime Updater"="c:\programmer\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-26 1095560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Google Desktop.lnk - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-7-16 30192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 18:19]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 212.242.40.3 212.242.40.51 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {8D59819B-2067-4A6B-84F4-7F84570E3C30} - hxxp://192.168.1.200/img/LinksysMLViewer.cab
DPF: {F8F04B07-9BE4-454C-AEF2-6C566FA11E4B} - hxxp://192.168.1.100:5000/surveillance/object/SSEventPlayer.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-04 20:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ...
.
scanner skjulte autostarter ...
.
scanner skjulte filer ...
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Gennemført tid: 2012-09-04 20:38:21
ComboFix-quarantined-files.txt 2012-09-04 18:38
.
Pre-Kørsel: 230.858.772.480 byte ledig
Post-Kørsel: 230.805.999.616 byte ledig
.
- - End Of File - - D3C810AB0D352DFA508811C37A4D7F30






LOG FILE FROM 03 SEPTEMBER - WHEN COMBOFIX DID NOT FINISH

ComboFix 12-09-03.07 - dennis 03-09-2012 20:23:33.1.2 - x86
Kører fra: c:\users\dennis\Desktop\ComboFix.exe
* Dannede nyt systemgendannelsespunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\dennis\AppData\Roaming\D9EC0D.dat
c:\windows\system32\shimg.dll
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2012-08-03 til 2012-09-03 )))))))))))))))))))))))))))))))))))
.
.
2012-08-30 19:16 . 2012-08-30 19:16 -------- d-----w- C:\FRST
2012-08-28 11:51 . 2012-02-09 12:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3E0DE77-21AD-4ED2-9A0E-39AB5477F446}\gapaengine.dll
2012-08-28 11:51 . 2012-08-19 23:53 7023536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5796F6B6-2682-4085-A51F-6E27E808D474}\mpengine.dll
2012-08-28 11:46 . 2012-08-28 11:47 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-17 13:26 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 16:27 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 18:19 . 2012-05-24 20:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 18:19 . 2011-12-14 21:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\users\dennis\Winamp\winampa.exe" [2011-07-11 74752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2009-04-22 116128]
"Garmin Lifetime Updater"="c:\programmer\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-26 1095560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Google Desktop.lnk - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-7-16 30192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andre Services/Drivers i Hukommelsen ---
.
*NewlyCreated* - IPNAT
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 18:19]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 212.242.40.3 212.242.40.51 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {8D59819B-2067-4A6B-84F4-7F84570E3C30} - hxxp://192.168.1.200/img/LinksysMLViewer.cab
DPF: {F8F04B07-9BE4-454C-AEF2-6C566FA11E4B} - hxxp://192.168.1.100:5000/surveillance/object/SSEventPlayer.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-03 20:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ...
.
scanner skjulte autostarter ...
.
scanner skjulte filer ...
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conime.exe
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programmer\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
c:\windows\system32\spool\DRIVERS\W32X86\3\CNABBSWK.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\system32\DllHost.exe
c:\program files\Java\jre6\bin\java.exe
.
**************************************************************************
.
Gennemført tid: 2012-09-03 20:39:45 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-09-03 18:39
.
Pre-Kørsel: 230.962.749.440 byte ledig
Post-Kørsel: 231.075.344.384 byte ledig
.
- - End Of File - - F6208AA856E83C3CDF8482A4424871A3

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:57 PM

Posted 04 September 2012 - 09:34 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 RimSh0t

RimSh0t
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 05 September 2012 - 01:33 PM

20:23:56.0653 1208 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:23:56.0793 1208 ============================================================
20:23:56.0793 1208 Current date / time: 2012/09/05 20:23:56.0793
20:23:56.0793 1208 SystemInfo:
20:23:56.0793 1208
20:23:56.0793 1208 OS Version: 6.0.6002 ServicePack: 2.0
20:23:56.0793 1208 Product type: Workstation
20:23:56.0793 1208 ComputerName: DENNIS303
20:23:56.0793 1208 UserName: dennis
20:23:56.0793 1208 Windows directory: C:\Windows
20:23:56.0793 1208 System windows directory: C:\Windows
20:23:56.0793 1208 Processor architecture: Intel x86
20:23:56.0793 1208 Number of processors: 2
20:23:56.0793 1208 Page size: 0x1000
20:23:56.0793 1208 Boot type: Normal boot
20:23:56.0793 1208 ============================================================
20:23:57.0963 1208 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:23:57.0979 1208 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:23:58.0041 1208 ============================================================
20:23:58.0041 1208 \Device\Harddisk1\DR1:
20:23:58.0041 1208 MBR partitions:
20:23:58.0041 1208 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1400000
20:23:58.0041 1208 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x141F800, BlocksNum 0x2400E800
20:23:58.0041 1208 \Device\Harddisk0\DR0:
20:23:58.0041 1208 MBR partitions:
20:23:58.0041 1208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
20:23:58.0041 1208 ============================================================
20:23:58.0072 1208 C: <-> \Device\Harddisk1\DR1\Partition2
20:23:58.0088 1208 D: <-> \Device\Harddisk0\DR0\Partition1
20:23:58.0135 1208 E: <-> \Device\Harddisk1\DR1\Partition1
20:23:58.0135 1208 ============================================================
20:23:58.0135 1208 Initialize success
20:23:58.0135 1208 ============================================================
20:24:21.0582 2784 ============================================================
20:24:21.0582 2784 Scan started
20:24:21.0582 2784 Mode: Manual;
20:24:21.0582 2784 ============================================================
20:24:25.0310 2784 ================ Scan system memory ========================
20:24:25.0310 2784 System memory - ok
20:24:25.0310 2784 ================ Scan services =============================
20:24:25.0903 2784 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:24:25.0903 2784 ACPI - ok
20:24:25.0981 2784 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:24:25.0981 2784 AdobeARMservice - ok
20:24:26.0028 2784 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:24:26.0074 2784 AdobeFlashPlayerUpdateSvc - ok
20:24:26.0215 2784 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:24:26.0230 2784 adp94xx - ok
20:24:26.0371 2784 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:24:26.0402 2784 adpahci - ok
20:24:26.0496 2784 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:24:26.0511 2784 adpu160m - ok
20:24:26.0558 2784 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:24:26.0574 2784 adpu320 - ok
20:24:26.0683 2784 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:24:26.0714 2784 AeLookupSvc - ok
20:24:26.0917 2784 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
20:24:26.0948 2784 AFD - ok
20:24:27.0057 2784 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:24:27.0057 2784 agp440 - ok
20:24:27.0104 2784 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:24:27.0104 2784 aic78xx - ok
20:24:27.0151 2784 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
20:24:27.0182 2784 ALG - ok
20:24:27.0244 2784 [ 3A99CB23A2D326FD532618705D6E3048 ] aliide C:\Windows\system32\drivers\aliide.sys
20:24:27.0260 2784 aliide - ok
20:24:27.0291 2784 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:24:27.0291 2784 amdagp - ok
20:24:27.0322 2784 [ 4333C133DBD71C7D7FE4FB1B83F9EE3E ] amdide C:\Windows\system32\drivers\amdide.sys
20:24:27.0338 2784 amdide - ok
20:24:27.0369 2784 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:24:27.0385 2784 AmdK7 - ok
20:24:27.0400 2784 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:24:27.0416 2784 AmdK8 - ok
20:24:27.0541 2784 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
20:24:27.0572 2784 Appinfo - ok
20:24:27.0900 2784 [ 0805ECF10476A091999E4D59D0DB71A2 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
20:24:27.0962 2784 Application Updater - ok
20:24:28.0165 2784 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
20:24:28.0196 2784 arc - ok
20:24:28.0258 2784 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:24:28.0274 2784 arcsas - ok
20:24:28.0680 2784 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:24:28.0695 2784 aspnet_state - ok
20:24:28.0804 2784 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:24:28.0820 2784 AsyncMac - ok
20:24:28.0867 2784 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
20:24:28.0867 2784 atapi - ok
20:24:29.0085 2784 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:24:29.0116 2784 AudioEndpointBuilder - ok
20:24:29.0132 2784 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:24:29.0132 2784 Audiosrv - ok
20:24:29.0272 2784 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
20:24:29.0288 2784 Beep - ok
20:24:29.0569 2784 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
20:24:29.0584 2784 BFE - ok
20:24:29.0600 2784 blbdrive - ok
20:24:29.0818 2784 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:24:29.0818 2784 Bonjour Service - ok
20:24:29.0959 2784 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:24:29.0974 2784 bowser - ok
20:24:30.0084 2784 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:24:30.0084 2784 BrFiltLo - ok
20:24:30.0115 2784 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:24:30.0130 2784 BrFiltUp - ok
20:24:30.0162 2784 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
20:24:30.0255 2784 Browser - ok
20:24:30.0567 2784 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:24:30.0583 2784 Brserid - ok
20:24:30.0676 2784 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:24:30.0676 2784 BrSerWdm - ok
20:24:30.0754 2784 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:24:30.0770 2784 BrUsbMdm - ok
20:24:30.0817 2784 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:24:30.0832 2784 BrUsbSer - ok
20:24:30.0942 2784 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:24:30.0957 2784 BTHMODEM - ok
20:24:31.0488 2784 catchme - ok
20:24:31.0597 2784 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:24:31.0628 2784 cdfs - ok
20:24:31.0737 2784 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:24:31.0768 2784 cdrom - ok
20:24:31.0924 2784 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
20:24:31.0940 2784 CertPropSvc - ok
20:24:32.0080 2784 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
20:24:32.0096 2784 circlass - ok
20:24:32.0143 2784 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
20:24:32.0174 2784 CLFS - ok
20:24:32.0299 2784 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:24:32.0314 2784 clr_optimization_v2.0.50727_32 - ok
20:24:32.0517 2784 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:24:32.0533 2784 clr_optimization_v4.0.30319_32 - ok
20:24:32.0595 2784 [ DFB94A6FC3A26972B0461AB5F1D8272B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:24:32.0611 2784 cmdide - ok
20:24:32.0611 2784 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:24:32.0626 2784 Compbatt - ok
20:24:32.0658 2784 COMSysApp - ok
20:24:32.0704 2784 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:24:32.0704 2784 crcdisk - ok
20:24:32.0736 2784 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:24:32.0736 2784 Crusoe - ok
20:24:32.0860 2784 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:24:32.0876 2784 CryptSvc - ok
20:24:33.0001 2784 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:24:33.0032 2784 DcomLaunch - ok
20:24:33.0079 2784 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:24:33.0079 2784 DfsC - ok
20:24:33.0204 2784 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
20:24:33.0250 2784 DFSR - ok
20:24:33.0328 2784 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:24:33.0344 2784 Dhcp - ok
20:24:33.0360 2784 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
20:24:33.0375 2784 disk - ok
20:24:33.0406 2784 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:24:33.0406 2784 Dnscache - ok
20:24:33.0469 2784 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:24:33.0469 2784 dot3svc - ok
20:24:33.0531 2784 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
20:24:33.0531 2784 Dot4 - ok
20:24:33.0594 2784 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:24:33.0594 2784 Dot4Print - ok
20:24:33.0640 2784 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
20:24:33.0640 2784 dot4usb - ok
20:24:33.0734 2784 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
20:24:33.0734 2784 DPS - ok
20:24:33.0781 2784 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:24:33.0781 2784 drmkaud - ok
20:24:33.0906 2784 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:24:33.0937 2784 DXGKrnl - ok
20:24:33.0984 2784 [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
20:24:33.0999 2784 e1express - ok
20:24:34.0030 2784 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:24:34.0046 2784 E1G60 - ok
20:24:34.0124 2784 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
20:24:34.0124 2784 EapHost - ok
20:24:34.0186 2784 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
20:24:34.0202 2784 Ecache - ok
20:24:34.0311 2784 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:24:34.0436 2784 ehRecvr - ok
20:24:34.0530 2784 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
20:24:34.0561 2784 ehSched - ok
20:24:34.0592 2784 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
20:24:34.0592 2784 ehstart - ok
20:24:34.0717 2784 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:24:34.0732 2784 elxstor - ok
20:24:35.0076 2784 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:24:35.0154 2784 EMDMgmt - ok
20:24:35.0294 2784 esgiguard - ok
20:24:35.0356 2784 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
20:24:35.0388 2784 EventSystem - ok
20:24:35.0512 2784 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
20:24:35.0512 2784 exfat - ok
20:24:35.0590 2784 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:24:35.0606 2784 fastfat - ok
20:24:35.0700 2784 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:24:35.0700 2784 fdc - ok
20:24:35.0778 2784 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
20:24:35.0793 2784 fdPHost - ok
20:24:35.0871 2784 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
20:24:35.0887 2784 FDResPub - ok
20:24:36.0043 2784 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:24:36.0058 2784 FileInfo - ok
20:24:36.0121 2784 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:24:36.0121 2784 Filetrace - ok
20:24:36.0386 2784 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:24:36.0464 2784 FLEXnet Licensing Service - ok
20:24:36.0511 2784 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:24:36.0542 2784 flpydisk - ok
20:24:36.0714 2784 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:24:36.0729 2784 FltMgr - ok
20:24:37.0026 2784 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
20:24:37.0119 2784 FontCache - ok
20:24:37.0244 2784 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:24:37.0260 2784 FontCache3.0.0.0 - ok
20:24:37.0306 2784 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:24:37.0306 2784 Fs_Rec - ok
20:24:37.0353 2784 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:24:37.0369 2784 gagp30kx - ok
20:24:37.0509 2784 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:24:37.0509 2784 GoogleDesktopManager-051210-111108 - ok
20:24:37.0759 2784 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
20:24:37.0790 2784 gpsvc - ok
20:24:37.0962 2784 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:24:37.0977 2784 HdAudAddService - ok
20:24:38.0133 2784 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:24:38.0164 2784 HDAudBus - ok
20:24:38.0227 2784 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:24:38.0242 2784 HidBth - ok
20:24:38.0274 2784 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:24:38.0274 2784 HidIr - ok
20:24:38.0336 2784 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
20:24:38.0352 2784 hidserv - ok
20:24:38.0430 2784 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:24:38.0461 2784 HidUsb - ok
20:24:38.0508 2784 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:24:38.0570 2784 hkmsvc - ok
20:24:38.0586 2784 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:24:38.0601 2784 HpCISSs - ok
20:24:38.0820 2784 [ E4E285A3766B4A57401FEEAF66CB07B5 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:24:38.0820 2784 hpqcxs08 - ok
20:24:38.0913 2784 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:24:38.0929 2784 hpqddsvc - ok
20:24:38.0976 2784 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:24:39.0022 2784 HTTP - ok
20:24:39.0054 2784 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:24:39.0069 2784 i2omp - ok
20:24:39.0225 2784 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:24:39.0241 2784 i8042prt - ok
20:24:39.0288 2784 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:24:39.0334 2784 iaStorV - ok
20:24:39.0709 2784 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:24:39.0943 2784 idsvc - ok
20:24:39.0958 2784 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:24:39.0974 2784 iirsp - ok
20:24:40.0036 2784 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
20:24:40.0083 2784 IKEEXT - ok
20:24:40.0161 2784 [ 1C60617D54BC9F035671A44B75D9F7CC ] intelide C:\Windows\system32\drivers\intelide.sys
20:24:40.0192 2784 intelide - ok
20:24:40.0270 2784 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:24:40.0286 2784 intelppm - ok
20:24:40.0333 2784 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:24:40.0364 2784 IPBusEnum - ok
20:24:40.0489 2784 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:24:40.0504 2784 IpFilterDriver - ok
20:24:40.0676 2784 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:24:40.0707 2784 iphlpsvc - ok
20:24:40.0723 2784 IpInIp - ok
20:24:40.0801 2784 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:24:40.0801 2784 IPMIDRV - ok
20:24:40.0848 2784 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:24:40.0848 2784 IPNAT - ok
20:24:40.0894 2784 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:24:40.0910 2784 IRENUM - ok
20:24:40.0941 2784 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:24:40.0941 2784 isapnp - ok
20:24:40.0972 2784 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:24:40.0988 2784 iScsiPrt - ok
20:24:41.0004 2784 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:24:41.0019 2784 iteatapi - ok
20:24:41.0066 2784 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:24:41.0113 2784 iteraid - ok
20:24:41.0206 2784 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:24:41.0206 2784 kbdclass - ok
20:24:41.0253 2784 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:24:41.0253 2784 kbdhid - ok
20:24:41.0269 2784 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
20:24:41.0284 2784 KeyIso - ok
20:24:41.0331 2784 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:24:41.0331 2784 KSecDD - ok
20:24:41.0409 2784 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:24:41.0409 2784 KtmRm - ok
20:24:41.0456 2784 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
20:24:41.0456 2784 LanmanServer - ok
20:24:41.0503 2784 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:24:41.0503 2784 LanmanWorkstation - ok
20:24:41.0596 2784 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:24:41.0596 2784 lltdio - ok
20:24:41.0643 2784 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:24:41.0659 2784 lltdsvc - ok
20:24:41.0690 2784 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:24:41.0690 2784 lmhosts - ok
20:24:41.0721 2784 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:24:41.0721 2784 LSI_FC - ok
20:24:41.0737 2784 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:24:41.0752 2784 LSI_SAS - ok
20:24:41.0799 2784 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:24:41.0799 2784 LSI_SCSI - ok
20:24:41.0830 2784 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
20:24:41.0846 2784 luafv - ok
20:24:41.0893 2784 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:24:41.0893 2784 Mcx2Svc - ok
20:24:41.0924 2784 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
20:24:41.0924 2784 megasas - ok
20:24:41.0971 2784 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
20:24:41.0971 2784 MMCSS - ok
20:24:42.0018 2784 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
20:24:42.0018 2784 Modem - ok
20:24:42.0064 2784 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:24:42.0064 2784 monitor - ok
20:24:42.0111 2784 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:24:42.0111 2784 mouclass - ok
20:24:42.0174 2784 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:24:42.0174 2784 mouhid - ok
20:24:42.0205 2784 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:24:42.0205 2784 MountMgr - ok
20:24:42.0236 2784 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:24:42.0236 2784 MpFilter - ok
20:24:42.0283 2784 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
20:24:42.0283 2784 mpio - ok
20:24:42.0345 2784 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:24:42.0345 2784 mpsdrv - ok
20:24:42.0439 2784 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
20:24:42.0439 2784 MpsSvc - ok
20:24:42.0486 2784 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:24:42.0486 2784 Mraid35x - ok
20:24:42.0517 2784 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:24:42.0532 2784 MRxDAV - ok
20:24:42.0548 2784 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:42.0548 2784 mrxsmb - ok
20:24:42.0564 2784 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:42.0564 2784 mrxsmb10 - ok
20:24:42.0579 2784 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:42.0579 2784 mrxsmb20 - ok
20:24:42.0595 2784 [ F0EC3A4E0693A34B148723B4DA31668C ] msahci C:\Windows\system32\drivers\msahci.sys
20:24:42.0610 2784 msahci - ok
20:24:42.0626 2784 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:24:42.0642 2784 msdsm - ok
20:24:42.0688 2784 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
20:24:42.0688 2784 MSDTC - ok
20:24:42.0766 2784 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:24:42.0782 2784 Msfs - ok
20:24:42.0844 2784 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:24:42.0844 2784 msisadrv - ok
20:24:42.0907 2784 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:24:42.0907 2784 MSiSCSI - ok
20:24:42.0907 2784 msiserver - ok
20:24:42.0985 2784 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:24:42.0985 2784 MSKSSRV - ok
20:24:43.0047 2784 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:24:43.0047 2784 MsMpSvc - ok
20:24:43.0141 2784 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:43.0141 2784 MSPCLOCK - ok
20:24:43.0188 2784 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:24:43.0203 2784 MSPQM - ok
20:24:43.0312 2784 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:24:43.0312 2784 MsRPC - ok
20:24:43.0344 2784 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:24:43.0344 2784 mssmbios - ok
20:24:43.0359 2784 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:24:43.0359 2784 MSTEE - ok
20:24:43.0422 2784 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
20:24:43.0422 2784 Mup - ok
20:24:43.0484 2784 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
20:24:43.0484 2784 napagent - ok
20:24:43.0546 2784 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:24:43.0546 2784 NativeWifiP - ok
20:24:43.0656 2784 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
20:24:43.0687 2784 NBService - ok
20:24:43.0780 2784 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:24:43.0796 2784 NDIS - ok
20:24:43.0858 2784 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:43.0858 2784 NdisTapi - ok
20:24:43.0983 2784 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:43.0983 2784 Ndisuio - ok
20:24:44.0061 2784 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:44.0077 2784 NdisWan - ok
20:24:44.0124 2784 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:24:44.0124 2784 NDProxy - ok
20:24:44.0155 2784 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:24:44.0155 2784 Net Driver HPZ12 - ok
20:24:44.0202 2784 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:24:44.0217 2784 NetBIOS - ok
20:24:44.0280 2784 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:24:44.0280 2784 netbt - ok
20:24:44.0295 2784 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
20:24:44.0295 2784 Netlogon - ok
20:24:44.0389 2784 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
20:24:44.0404 2784 Netman - ok
20:24:44.0451 2784 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:44.0451 2784 NetMsmqActivator - ok
20:24:44.0467 2784 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:44.0467 2784 NetPipeActivator - ok
20:24:44.0498 2784 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
20:24:44.0498 2784 netprofm - ok
20:24:44.0514 2784 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:44.0514 2784 NetTcpActivator - ok
20:24:44.0514 2784 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:44.0514 2784 NetTcpPortSharing - ok
20:24:44.0545 2784 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:24:44.0545 2784 nfrd960 - ok
20:24:44.0576 2784 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:24:44.0592 2784 NisDrv - ok
20:24:44.0607 2784 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:24:44.0607 2784 NisSrv - ok
20:24:44.0670 2784 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:24:44.0670 2784 NlaSvc - ok
20:24:44.0732 2784 [ E32686B4E27D11F83E3F2844E104C66C ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
20:24:44.0732 2784 NMIndexingService - ok
20:24:44.0794 2784 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:24:44.0810 2784 Npfs - ok
20:24:44.0950 2784 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
20:24:44.0950 2784 nsi - ok
20:24:45.0013 2784 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:24:45.0013 2784 nsiproxy - ok
20:24:45.0153 2784 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:24:45.0184 2784 Ntfs - ok
20:24:45.0200 2784 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:24:45.0200 2784 ntrigdigi - ok
20:24:45.0247 2784 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
20:24:45.0247 2784 Null - ok
20:24:45.0621 2784 [ 55526CD7B311236AAB3F73434CBC651E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:24:45.0871 2784 nvlddmkm - ok
20:24:45.0918 2784 [ 6F785DB62A6D8F3FAFD3E5695277E849 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:24:45.0949 2784 nvraid - ok
20:24:45.0996 2784 [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:24:45.0996 2784 nvstor - ok
20:24:46.0027 2784 [ 0316B676A0F4768DBC8A191F65B4A066 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:24:46.0027 2784 nvsvc - ok
20:24:46.0058 2784 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:24:46.0058 2784 nv_agp - ok
20:24:46.0074 2784 NwlnkFlt - ok
20:24:46.0074 2784 NwlnkFwd - ok
20:24:46.0105 2784 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:24:46.0120 2784 ohci1394 - ok
20:24:46.0198 2784 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:24:46.0214 2784 p2pimsvc - ok
20:24:46.0230 2784 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
20:24:46.0230 2784 p2psvc - ok
20:24:46.0261 2784 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
20:24:46.0292 2784 Parport - ok
20:24:46.0354 2784 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:24:46.0354 2784 partmgr - ok
20:24:46.0370 2784 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:24:46.0370 2784 Parvdm - ok
20:24:46.0432 2784 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
20:24:46.0432 2784 PcaSvc - ok
20:24:46.0464 2784 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
20:24:46.0464 2784 pci - ok
20:24:46.0495 2784 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
20:24:46.0495 2784 pciide - ok
20:24:46.0510 2784 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:24:46.0510 2784 pcmcia - ok
20:24:46.0542 2784 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:24:46.0573 2784 PEAUTH - ok
20:24:46.0744 2784 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
20:24:46.0776 2784 pla - ok
20:24:46.0869 2784 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:24:46.0885 2784 PlugPlay - ok
20:24:46.0900 2784 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:24:46.0900 2784 Pml Driver HPZ12 - ok
20:24:46.0916 2784 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:24:46.0932 2784 PNRPAutoReg - ok
20:24:46.0932 2784 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:24:46.0947 2784 PNRPsvc - ok
20:24:47.0072 2784 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:24:47.0088 2784 PolicyAgent - ok
20:24:47.0134 2784 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:24:47.0150 2784 PptpMiniport - ok
20:24:47.0166 2784 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
20:24:47.0166 2784 Processor - ok
20:24:47.0212 2784 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
20:24:47.0212 2784 ProfSvc - ok
20:24:47.0228 2784 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:24:47.0228 2784 ProtectedStorage - ok
20:24:47.0290 2784 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:24:47.0290 2784 PSched - ok
20:24:47.0337 2784 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:24:47.0368 2784 ql2300 - ok
20:24:47.0400 2784 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:24:47.0415 2784 ql40xx - ok
20:24:47.0446 2784 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
20:24:47.0462 2784 QWAVE - ok
20:24:47.0509 2784 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:24:47.0509 2784 QWAVEdrv - ok
20:24:47.0649 2784 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:24:47.0649 2784 RasAcd - ok
20:24:47.0743 2784 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
20:24:47.0743 2784 RasAuto - ok
20:24:47.0790 2784 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:47.0805 2784 Rasl2tp - ok
20:24:47.0930 2784 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
20:24:47.0930 2784 RasMan - ok
20:24:47.0992 2784 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:47.0992 2784 RasPppoe - ok
20:24:48.0070 2784 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:24:48.0086 2784 RasSstp - ok
20:24:48.0117 2784 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:24:48.0164 2784 rdbss - ok
20:24:48.0211 2784 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:48.0211 2784 RDPCDD - ok
20:24:48.0273 2784 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:24:48.0304 2784 rdpdr - ok
20:24:48.0336 2784 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:24:48.0336 2784 RDPENCDD - ok
20:24:48.0382 2784 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:24:48.0398 2784 RDPWD - ok
20:24:48.0445 2784 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:24:48.0445 2784 RemoteAccess - ok
20:24:48.0492 2784 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:24:48.0492 2784 RemoteRegistry - ok
20:24:48.0507 2784 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
20:24:48.0507 2784 RpcLocator - ok
20:24:48.0538 2784 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
20:24:48.0538 2784 RpcSs - ok
20:24:48.0570 2784 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:24:48.0601 2784 rspndr - ok
20:24:48.0632 2784 [ D0EEDC88876B20D42157CDCCA3E647F3 ] s1039bus C:\Windows\system32\DRIVERS\s1039bus.sys
20:24:48.0648 2784 s1039bus - ok
20:24:48.0679 2784 [ 7B35091A7BB597C86262C589B0B57D06 ] s1039mdfl C:\Windows\system32\DRIVERS\s1039mdfl.sys
20:24:48.0694 2784 s1039mdfl - ok
20:24:48.0741 2784 [ 4CB1AB13C9813CBF3E4C6406F8043EC2 ] s1039mdm C:\Windows\system32\DRIVERS\s1039mdm.sys
20:24:48.0741 2784 s1039mdm - ok
20:24:48.0788 2784 [ 2649CA09585A7531126DCC116AD1F88C ] s1039mgmt C:\Windows\system32\DRIVERS\s1039mgmt.sys
20:24:48.0788 2784 s1039mgmt - ok
20:24:48.0835 2784 [ 6D3F549EFD6DAEDD7D12F3DE2175053F ] s1039nd5 C:\Windows\system32\DRIVERS\s1039nd5.sys
20:24:48.0835 2784 s1039nd5 - ok
20:24:48.0882 2784 [ 305E3E3ACA0037AF2E2C1B50A383C91B ] s1039obex C:\Windows\system32\DRIVERS\s1039obex.sys
20:24:48.0882 2784 s1039obex - ok
20:24:48.0928 2784 [ 7DD02A58277C84C043442561589914F4 ] s1039unic C:\Windows\system32\DRIVERS\s1039unic.sys
20:24:48.0928 2784 s1039unic - ok
20:24:48.0928 2784 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
20:24:48.0928 2784 SamSs - ok
20:24:48.0991 2784 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:24:48.0991 2784 sbp2port - ok
20:24:49.0038 2784 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
20:24:49.0038 2784 SBRE - ok
20:24:49.0084 2784 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:24:49.0100 2784 SCardSvr - ok
20:24:49.0131 2784 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
20:24:49.0147 2784 Schedule - ok
20:24:49.0178 2784 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:24:49.0178 2784 SCPolicySvc - ok
20:24:49.0225 2784 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:24:49.0287 2784 SDRSVC - ok
20:24:49.0318 2784 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:24:49.0318 2784 secdrv - ok
20:24:49.0365 2784 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
20:24:49.0365 2784 seclogon - ok
20:24:49.0412 2784 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
20:24:49.0443 2784 SENS - ok
20:24:49.0459 2784 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:24:49.0459 2784 Serenum - ok
20:24:49.0490 2784 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
20:24:49.0490 2784 Serial - ok
20:24:49.0521 2784 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:24:49.0521 2784 sermouse - ok
20:24:49.0599 2784 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
20:24:49.0599 2784 SessionEnv - ok
20:24:49.0630 2784 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:24:49.0630 2784 sffdisk - ok
20:24:49.0662 2784 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:24:49.0662 2784 sffp_mmc - ok
20:24:49.0677 2784 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:24:49.0677 2784 sffp_sd - ok
20:24:49.0708 2784 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:24:49.0708 2784 sfloppy - ok
20:24:49.0755 2784 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:24:49.0771 2784 SharedAccess - ok
20:24:49.0786 2784 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:24:49.0786 2784 ShellHWDetection - ok
20:24:49.0818 2784 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:24:49.0818 2784 sisagp - ok
20:24:49.0833 2784 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:24:49.0849 2784 SiSRaid2 - ok
20:24:49.0864 2784 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:24:49.0864 2784 SiSRaid4 - ok
20:24:50.0020 2784 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
20:24:50.0083 2784 slsvc - ok
20:24:50.0161 2784 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:24:50.0161 2784 SLUINotify - ok
20:24:50.0286 2784 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:24:50.0317 2784 Smb - ok
20:24:50.0364 2784 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:24:50.0364 2784 SNMPTRAP - ok
20:24:50.0457 2784 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
20:24:50.0488 2784 Sony Ericsson PCCompanion - ok
20:24:50.0535 2784 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
20:24:50.0551 2784 spldr - ok
20:24:50.0582 2784 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
20:24:50.0582 2784 Spooler - ok
20:24:50.0613 2784 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:24:50.0629 2784 srv - ok
20:24:50.0644 2784 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:24:50.0644 2784 srv2 - ok
20:24:50.0660 2784 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:24:50.0660 2784 srvnet - ok
20:24:50.0676 2784 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:24:50.0691 2784 SSDPSRV - ok
20:24:50.0769 2784 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:24:50.0800 2784 SstpSvc - ok
20:24:50.0878 2784 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
20:24:50.0894 2784 stisvc - ok
20:24:50.0894 2784 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:24:50.0894 2784 swenum - ok
20:24:50.0956 2784 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
20:24:51.0003 2784 swprv - ok
20:24:51.0050 2784 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:24:51.0050 2784 Symc8xx - ok
20:24:51.0081 2784 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:24:51.0081 2784 Sym_hi - ok
20:24:51.0112 2784 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:24:51.0112 2784 Sym_u3 - ok
20:24:51.0159 2784 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
20:24:51.0175 2784 SysMain - ok
20:24:51.0190 2784 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:24:51.0190 2784 TabletInputService - ok
20:24:51.0222 2784 [ 7BD3EF7BA8D1044132CA4869AA8D5297 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
20:24:51.0222 2784 tap0901 - ok
20:24:51.0284 2784 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:24:51.0284 2784 TapiSrv - ok
20:24:51.0346 2784 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
20:24:51.0362 2784 TBS - ok
20:24:51.0549 2784 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:24:51.0643 2784 Tcpip - ok
20:24:51.0658 2784 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:24:51.0658 2784 Tcpip6 - ok
20:24:51.0705 2784 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:24:51.0721 2784 tcpipreg - ok
20:24:51.0768 2784 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:24:51.0783 2784 TDPIPE - ok
20:24:51.0846 2784 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:24:51.0846 2784 TDTCP - ok
20:24:51.0892 2784 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:24:51.0908 2784 tdx - ok
20:24:51.0924 2784 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:24:51.0924 2784 TermDD - ok
20:24:52.0080 2784 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
20:24:52.0111 2784 TermService - ok
20:24:52.0158 2784 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
20:24:52.0158 2784 Themes - ok
20:24:52.0189 2784 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
20:24:52.0189 2784 THREADORDER - ok
20:24:52.0267 2784 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
20:24:52.0298 2784 TrkWks - ok
20:24:52.0423 2784 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:24:52.0454 2784 TrustedInstaller - ok
20:24:52.0485 2784 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:52.0501 2784 tssecsrv - ok
20:24:52.0563 2784 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:24:52.0594 2784 tunmp - ok
20:24:52.0610 2784 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:24:52.0641 2784 tunnel - ok
20:24:52.0704 2784 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:24:52.0735 2784 uagp35 - ok
20:24:52.0797 2784 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:24:52.0797 2784 udfs - ok
20:24:52.0844 2784 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:24:52.0875 2784 UI0Detect - ok
20:24:52.0906 2784 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:24:52.0922 2784 uliagpkx - ok
20:24:52.0953 2784 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:24:52.0969 2784 uliahci - ok
20:24:52.0984 2784 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:24:52.0984 2784 UlSata - ok
20:24:53.0016 2784 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:24:53.0016 2784 ulsata2 - ok
20:24:53.0078 2784 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:24:53.0078 2784 umbus - ok
20:24:53.0140 2784 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
20:24:53.0156 2784 upnphost - ok
20:24:53.0265 2784 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:24:53.0265 2784 usbaudio - ok
20:24:53.0312 2784 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:53.0312 2784 usbccgp - ok
20:24:53.0359 2784 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:24:53.0359 2784 usbcir - ok
20:24:53.0406 2784 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:24:53.0406 2784 usbehci - ok
20:24:53.0421 2784 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:24:53.0452 2784 usbhub - ok
20:24:53.0499 2784 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:24:53.0499 2784 usbohci - ok
20:24:53.0530 2784 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:24:53.0530 2784 usbprint - ok
20:24:53.0593 2784 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:24:53.0593 2784 usbscan - ok
20:24:53.0624 2784 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:53.0624 2784 USBSTOR - ok
20:24:53.0686 2784 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:24:53.0702 2784 usbuhci - ok
20:24:53.0733 2784 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
20:24:53.0733 2784 UxSms - ok
20:24:53.0796 2784 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
20:24:53.0827 2784 vds - ok
20:24:53.0858 2784 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:53.0858 2784 vga - ok
20:24:53.0905 2784 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
20:24:53.0905 2784 VgaSave - ok
20:24:53.0936 2784 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:24:53.0936 2784 viaagp - ok
20:24:53.0952 2784 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:24:53.0952 2784 ViaC7 - ok
20:24:53.0998 2784 [ 58C8D5AC5C3EEF40E7E704A5CED7987D ] viaide C:\Windows\system32\drivers\viaide.sys
20:24:53.0998 2784 viaide - ok
20:24:54.0061 2784 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:24:54.0076 2784 volmgr - ok
20:24:54.0123 2784 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:24:54.0170 2784 volmgrx - ok
20:24:54.0279 2784 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:24:54.0310 2784 volsnap - ok
20:24:54.0342 2784 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:24:54.0373 2784 vsmraid - ok
20:24:54.0732 2784 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
20:24:54.0810 2784 VSS - ok
20:24:54.0856 2784 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
20:24:54.0872 2784 W32Time - ok
20:24:54.0903 2784 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:24:54.0903 2784 WacomPen - ok
20:24:54.0950 2784 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:24:54.0950 2784 Wanarp - ok
20:24:54.0966 2784 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:24:54.0966 2784 Wanarpv6 - ok
20:24:55.0106 2784 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:24:55.0137 2784 wcncsvc - ok
20:24:55.0231 2784 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:24:55.0246 2784 WcsPlugInService - ok
20:24:55.0324 2784 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
20:24:55.0324 2784 Wd - ok
20:24:55.0527 2784 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:24:55.0574 2784 Wdf01000 - ok
20:24:55.0668 2784 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:24:55.0699 2784 WdiServiceHost - ok
20:24:55.0730 2784 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:24:55.0730 2784 WdiSystemHost - ok
20:24:55.0808 2784 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
20:24:55.0855 2784 WebClient - ok
20:24:55.0948 2784 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:24:55.0964 2784 Wecsvc - ok
20:24:56.0026 2784 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:24:56.0058 2784 wercplsupport - ok
20:24:56.0104 2784 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
20:24:56.0136 2784 WerSvc - ok
20:24:56.0260 2784 wgsslvpnsrc - ok
20:24:56.0494 2784 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:24:56.0494 2784 WinDefend - ok
20:24:56.0510 2784 WinHttpAutoProxySvc - ok
20:24:56.0806 2784 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:24:56.0853 2784 Winmgmt - ok
20:24:57.0181 2784 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
20:24:57.0368 2784 WinRM - ok
20:24:57.0602 2784 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:24:57.0633 2784 Wlansvc - ok
20:24:57.0696 2784 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:24:57.0696 2784 WmiAcpi - ok
20:24:57.0805 2784 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:24:57.0820 2784 wmiApSrv - ok
20:24:58.0210 2784 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:24:58.0257 2784 WMPNetworkSvc - ok
20:24:58.0320 2784 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:24:58.0335 2784 WPCSvc - ok
20:24:58.0398 2784 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:24:58.0413 2784 WPDBusEnum - ok
20:24:58.0460 2784 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:24:58.0460 2784 WpdUsb - ok
20:24:58.0741 2784 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:24:58.0772 2784 WPFFontCache_v0400 - ok
20:24:58.0819 2784 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:24:58.0866 2784 ws2ifsl - ok
20:24:58.0912 2784 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
20:24:58.0944 2784 wscsvc - ok
20:24:58.0944 2784 WSearch - ok
20:24:59.0302 2784 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:24:59.0630 2784 wuauserv - ok
20:24:59.0708 2784 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:24:59.0739 2784 WUDFRd - ok
20:24:59.0802 2784 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:24:59.0817 2784 wudfsvc - ok
20:24:59.0833 2784 ================ Scan global ===============================
20:24:59.0895 2784 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:25:00.0051 2784 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:25:00.0145 2784 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:25:00.0207 2784 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
20:25:00.0223 2784 [Global] - ok
20:25:00.0223 2784 ================ Scan MBR ==================================
20:25:00.0254 2784 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
20:25:01.0128 2784 \Device\Harddisk1\DR1 - ok
20:25:01.0143 2784 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:25:01.0143 2784 \Device\Harddisk0\DR0 - ok
20:25:01.0143 2784 ================ Scan VBR ==================================
20:25:01.0190 2784 [ 9A6B93EF6184A24AEEBA721782C8B0D2 ] \Device\Harddisk1\DR1\Partition1
20:25:01.0206 2784 \Device\Harddisk1\DR1\Partition1 - ok
20:25:01.0221 2784 [ 44A56DDC9F223EE2F9F5FCBB025855AF ] \Device\Harddisk1\DR1\Partition2
20:25:01.0237 2784 \Device\Harddisk1\DR1\Partition2 - ok
20:25:01.0252 2784 [ C0298FDBFCFF13A1B4C317441A288A0F ] \Device\Harddisk0\DR0\Partition1
20:25:01.0252 2784 \Device\Harddisk0\DR0\Partition1 - ok
20:25:01.0252 2784 ============================================================
20:25:01.0252 2784 Scan finished
20:25:01.0252 2784 ============================================================
20:25:01.0268 1996 Detected object count: 0
20:25:01.0268 1996 Actual detected object count: 0
20:25:25.0973 2492 Deinitialize success






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-05 20:25:29
-----------------------------
20:25:29.186 OS Version: Windows 6.0.6002 Service Pack 2
20:25:29.186 Number of processors: 2 586 0xF0D
20:25:29.186 ComputerName: DENNIS303 UserName: dennis
20:25:42.961 Initialize success
20:28:36.064 AVAST engine defs: 12090501
20:31:15.022 The log file has been saved successfully to "C:\aswMBR.txt"


/Dennis

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:57 PM

Posted 05 September 2012 - 03:16 PM

Greetings RimSh0t

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:


ClearJavaCache::

Folder::
c:\program files\Common Files\Spigot


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 RimSh0t

RimSh0t
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 06 September 2012 - 12:24 PM

CFScript.txt -> ComboFix.exe log file:

ComboFix 12-09-03.07 - dennis 06-09-2012 19:12:35.3.2 - x86
Kører fra: c:\users\dennis\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\dennis\Desktop\CFScript.txt
* Dannede nyt systemgendannelsespunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\wth.dll
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2012-08-06 til 2012-09-06 )))))))))))))))))))))))))))))))))))
.
.
2012-09-06 17:18 . 2012-09-06 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-06 17:05 . 2012-09-06 17:05 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5796F6B6-2682-4085-A51F-6E27E808D474}\offreg.dll
2012-09-03 18:29 . 2012-09-06 17:18 -------- d-----w- c:\users\dennis\AppData\Local\temp
2012-08-30 19:16 . 2012-08-30 19:16 -------- d-----w- C:\FRST
2012-08-28 11:51 . 2012-02-09 12:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3E0DE77-21AD-4ED2-9A0E-39AB5477F446}\gapaengine.dll
2012-08-28 11:51 . 2012-08-19 23:53 7023536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5796F6B6-2682-4085-A51F-6E27E808D474}\mpengine.dll
2012-08-28 11:46 . 2012-08-28 11:47 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-17 13:26 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 16:27 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 18:19 . 2012-05-24 20:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 18:19 . 2011-12-14 21:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\users\dennis\Winamp\winampa.exe" [2011-07-11 74752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2009-04-22 116128]
"Garmin Lifetime Updater"="c:\programmer\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Google Desktop.lnk - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-7-16 30192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 18:19]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 212.242.40.3 212.242.40.51 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {8D59819B-2067-4A6B-84F4-7F84570E3C30} - hxxp://192.168.1.200/img/LinksysMLViewer.cab
DPF: {F8F04B07-9BE4-454C-AEF2-6C566FA11E4B} - hxxp://192.168.1.100:5000/surveillance/object/SSEventPlayer.cab
.
- - - - TOMME GENVEJE FJERNET - - - -
.
HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-06 19:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ...
.
scanner skjulte autostarter ...
.
scanner skjulte filer ...
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Gennemført tid: 2012-09-06 19:21:01
ComboFix-quarantined-files.txt 2012-09-06 17:20
ComboFix2.txt 2012-09-04 18:38
.
Pre-Kørsel: 230.211.203.072 byte ledig
Post-Kørsel: 230.297.538.560 byte ledig
.
- - End Of File - - EFDA65C0E66821D3B5686C5A71B716B1


/Dennis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users