Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.y Still Having Problems


  • This topic is locked This topic is locked
14 replies to this topic

#1 hpigeon

hpigeon

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 01 September 2012 - 02:09 AM

Hello, my laptop was experiencing the same problems many others have identified with the sirefef.y trojan, such as Microsoft Security Essentials warning, and the Windows Error warning window that the computer is going to shut down. Prior to the discovery of the sirefef.y trojan, I had also found the win32k.sys infection. I ran TDSS Killer, Malwarebytes, and the ESET online scanner after finding each infection. It seemed to isolate and repair both intrusions. However, I may have inadvertently made it worse, because now it is still shutting off, but there is not a message from MSE, and I no longer see the same infected application running in the task manager or registry (as I understand it, this infection is advanced enough to disguise itself and maneuver into other areas anyhow).

I could not get the computer to stay on long enough to create a DDS file, and the Windows Firewall will not enable. I was able to enable DeFogger. I have also used FRST64 to scan the laptop as well as used that program to search services.exe. The logs are below:

FRST64 Scan:

Scan result of Farbar Recovery Scan Tool Version: 31-08-2012 02
Ran by SYSTEM at 01-09-2012 02:47:56
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~2\Datamngr\DATAMN~1.EXE [1825720 2012-07-08] (Bandoo Media, inc)
HKLM-x32\...\Run: [ParetoLogic Anti-Virus PLUS] "C:\Program Files (x86)\ParetoLogic\PLAV\Pareto_AV.exe" -NM -hidesplash [4550960 2012-02-07] (ParetoLogic Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [154144 2010-01-14] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [154144 2010-01-14] ()
HKU\Kayla Ann\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-22] (Google Inc.)
HKU\kids\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-22] (Google Inc.)
HKU\kids\...\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKU\momma\...\Run: [Best Buy pc app] C:\Users\momma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x]
HKU\momma\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-22] (Google Inc.)
HKU\The Machine\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-22] (Google Inc.)
AppInit_DLLs: C:\PROGRA~2\SEARCH~2\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~2\Datamngr\x64\IEBHO.dll
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Services (Whitelisted) ======

2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [394352 2012-02-28] (PCRx.com, LLC)
2 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [562592 2011-05-27] (Affinegy, Inc.)
2 bProtector; C:\ProgramData\bProtectorForWindows\2.2.453.59\bProtect.exe [1677856 2012-07-14] (bProtector)
2 GamingWonderlandService; C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe [42504 2012-01-19] (COMPANYVERS_NAME)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [519888 2012-01-04] (iWin Inc.)
3 PLAVService; "C:\Program Files (x86)\Common Files\PLAV\PLAVservice.exe" [601008 2012-02-07] (ParetoLogic Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2011-02-03] ()

==================== Drivers (Whitelisted) ===================

1 kl1; C:\Windows\System32\Drivers\kl1.sys [460888 2010-08-09] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [354320 2010-05-28] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [27736 2010-08-09] (Kaspersky Lab ZAO)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 RTL8187B; C:\Windows\System32\Drivers\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation )
2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [55400 2010-11-22] (Exent Technologies Ltd.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [x]
3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [x]
3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-08-31 22:32 - 2012-08-31 22:32 - 00000000 ____A C:\Users\The Machine\defogger_reenable
2012-08-31 15:52 - 2012-08-31 22:41 - 00000506 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2012-08-31 15:52 - 2012-08-31 15:54 - 00000480 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2012-08-31 15:52 - 2012-08-31 15:54 - 00000458 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS.job
2012-08-31 15:52 - 2012-08-31 15:54 - 00000454 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-08-31 15:52 - 2012-08-31 15:54 - 00000434 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
2012-08-31 15:52 - 2012-08-31 15:52 - 00001157 ____A C:\Users\Public\Desktop\ParetoLogic Anti-Virus PLUS.lnk
2012-08-31 15:52 - 2012-08-31 15:52 - 00000000 ____D C:\Users\All Users\PLAV
2012-08-31 15:52 - 2012-08-31 15:52 - 00000000 ____D C:\Users\All Users\ParetoLogic Anti-Virus PLUS
2012-08-31 15:52 - 2012-08-31 15:52 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-08-31 15:52 - 2012-08-31 15:52 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2012-08-06 19:00 - 2012-08-06 19:00 - 00000000 ____D C:\ComboFix
2012-08-06 18:54 - 2012-08-06 18:37 - 04725168 ____R (Swearware) C:\Users\The Machine\Desktop\ComboFix.exe
2012-08-06 18:49 - 2012-08-06 19:39 - 00000000 ____D C:\Qoobox
2012-08-06 18:48 - 2012-08-06 19:39 - 00000000 ___SD C:\32788R22FWJFW
2012-08-06 18:44 - 2012-08-06 18:45 - 00000000 ____D C:\FRST
2012-08-06 18:22 - 2012-08-06 18:22 - 00000000 ____D C:\Program Files (x86)\ESET
2012-08-06 18:05 - 2012-08-06 18:05 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-08-06 17:37 - 2012-08-06 15:27 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\The Machine\Desktop\tdsskiller.exe
2012-08-06 17:31 - 2012-08-06 17:31 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\91949609.sys
2012-08-06 15:24 - 2012-08-06 15:24 - 01017249 ____A C:\Users\The Machine\Downloads\Unconfirmed 26673.crdownload
2012-08-04 11:20 - 2012-08-04 11:20 - 00000000 ____D C:\Users\The Machine\Desktop\searchplugins
2012-08-04 10:53 - 2012-08-04 10:53 - 00001134 ____A C:\Users\The Machine\Desktop\Malwarebytes Anti-Malware (2).lnk
2012-08-04 05:22 - 2012-08-04 05:23 - 00000000 ___DC C:\Users\The Machine\AppData\Local\MigWiz
2012-08-04 04:31 - 2012-08-04 04:31 - 00003416 ____N C:\bootsqm.dat
2012-08-04 01:52 - 2012-08-04 01:52 - 00000000 ____D C:\Users\The Machine\Desktop\word games
2012-08-04 00:54 - 2012-08-04 00:54 - 12621696 ____A (Microsoft Corporation) C:\Users\The Machine\Downloads\mseinstall.exe

==================== 3 Months Modified Files ================================

2012-08-31 22:44 - 2012-07-16 13:21 - 00023810 ____A C:\Windows\setupact.log
2012-08-31 22:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-31 22:42 - 2010-11-02 09:20 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-31 22:41 - 2012-08-31 15:52 - 00000506 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2012-08-31 22:41 - 2012-05-05 22:12 - 00000352 ____A C:\Windows\Tasks\DriverScanner.job
2012-08-31 22:32 - 2012-08-31 22:32 - 00000000 ____A C:\Users\The Machine\defogger_reenable
2012-08-31 21:34 - 2009-07-13 21:08 - 00032588 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-31 17:03 - 2010-11-02 09:20 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-31 15:54 - 2012-08-31 15:52 - 00000480 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2012-08-31 15:54 - 2012-08-31 15:52 - 00000458 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS.job
2012-08-31 15:54 - 2012-08-31 15:52 - 00000454 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-08-31 15:54 - 2012-08-31 15:52 - 00000434 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
2012-08-31 15:52 - 2012-08-31 15:52 - 00001157 ____A C:\Users\Public\Desktop\ParetoLogic Anti-Virus PLUS.lnk
2012-08-31 15:46 - 2009-07-13 21:13 - 00782096 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-09 16:19 - 2011-12-06 12:09 - 00000481 ____A C:\Users\The Machine\Desktop\lisa-bills.txt
2012-08-06 18:37 - 2012-08-06 18:54 - 04725168 ____R (Swearware) C:\Users\The Machine\Desktop\ComboFix.exe
2012-08-06 17:31 - 2012-08-06 17:31 - 00116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\91949609.sys
2012-08-06 15:27 - 2012-08-06 17:37 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\The Machine\Desktop\tdsskiller.exe
2012-08-06 15:24 - 2012-08-06 15:24 - 01017249 ____A C:\Users\The Machine\Downloads\Unconfirmed 26673.crdownload
2012-08-04 11:37 - 2009-07-13 20:45 - 00012288 _____ C:\Windows\System32\umstartup.etl
2012-08-04 11:15 - 2010-08-21 06:07 - 01548260 ____A C:\Windows\WindowsUpdate.log
2012-08-04 10:53 - 2012-08-04 10:53 - 00001134 ____A C:\Users\The Machine\Desktop\Malwarebytes Anti-Malware (2).lnk
2012-08-04 07:39 - 2012-07-16 12:50 - 00000942 ____A C:\Users\The Machine\Desktop\CCleaner.lnk
2012-08-04 04:31 - 2012-08-04 04:31 - 00003416 ____N C:\bootsqm.dat
2012-08-04 01:41 - 2011-12-30 10:54 - 00065032 ____A C:\Users\Kayla Ann\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-04 00:56 - 2012-01-10 16:14 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-04 00:55 - 2010-12-31 22:26 - 00796246 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-04 00:54 - 2012-08-04 00:54 - 12621696 ____A (Microsoft Corporation) C:\Users\The Machine\Downloads\mseinstall.exe
2012-08-04 00:41 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-04 00:41 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-30 00:48 - 2012-01-14 13:57 - 00000334 ____A C:\Users\The Machine\Desktop\CODES.txt
2012-07-28 04:03 - 2012-07-28 04:03 - 01531544 ____A (RealTimeGaming Software) C:\Users\The Machine\Downloads\setup (10).exe
2012-07-28 00:48 - 2011-12-28 21:43 - 00006864 ____A C:\Windows\wininit.ini
2012-07-22 11:17 - 2011-07-16 10:41 - 00065032 ____A C:\Users\kids\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-21 10:15 - 2011-06-06 22:07 - 00000440 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-07-20 17:42 - 2012-07-20 17:29 - 00000023 ____A C:\Users\The Machine\Desktop\johnny.txt
2012-07-18 09:54 - 2012-07-18 09:54 - 00278944 ____A C:\Windows\Minidump\071812-24242-01.dmp
2012-07-18 09:53 - 2012-07-18 09:53 - 303013297 ____A C:\Windows\MEMORY.DMP
2012-07-17 10:03 - 2012-07-13 23:21 - 00000448 ___AH C:\Windows\Tasks\Norton Security Scan for momma.job
2012-07-17 04:08 - 2012-07-17 04:08 - 00001932 ____A C:\Users\momma\Desktop\Plenty Jackpot.lnk
2012-07-17 03:47 - 2012-07-17 03:47 - 01434264 ____A (RealTimeGaming Software) C:\Users\momma\Downloads\setup (5).exe
2012-07-17 03:47 - 2012-07-17 03:47 - 01433752 ____A (RealTimeGaming Software) C:\Users\momma\Downloads\setup (6).exe
2012-07-17 03:40 - 2012-07-17 03:40 - 00001896 ____A C:\Users\momma\Desktop\VIP Lounge.lnk
2012-07-17 00:23 - 2012-07-17 00:23 - 00001932 ____A C:\Users\momma\Desktop\Lucky18 Casino.lnk
2012-07-16 15:00 - 2012-07-16 15:00 - 00010532 ____A C:\Windows\PFRO.log
2012-07-16 13:21 - 2012-07-16 13:21 - 00000000 ____A C:\Windows\setuperr.log
2012-07-16 13:14 - 2012-07-16 13:14 - 00001116 ____A C:\Users\The Machine\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-16 13:09 - 2012-07-12 09:46 - 04503728 ___AT C:\Users\All Users\go_0molg.pad
2012-07-16 12:44 - 2010-11-02 08:54 - 00065032 ____A C:\Users\The Machine\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-16 00:22 - 2012-07-13 21:45 - 00065032 ____A C:\Users\momma\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-16 00:20 - 2009-07-13 20:45 - 00297416 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-15 20:16 - 2012-07-15 20:16 - 00001812 ____A C:\users\Kayla
2012-07-14 23:42 - 2012-07-14 23:42 - 00001160 ____A C:\Users\Public\Desktop\SCRABBLE.lnk
2012-07-14 22:40 - 2012-07-14 22:40 - 01434776 ____A (RealTimeGaming Software) C:\Users\momma\Downloads\setup (4).exe
2012-07-14 22:19 - 2012-01-20 22:31 - 00001541 ____A C:\user.js
2012-07-14 01:00 - 2012-07-14 01:00 - 01530520 ____A (RealTimeGaming Software) C:\Users\momma\Downloads\setup (3).exe
2012-07-14 00:57 - 2012-07-14 00:57 - 01530520 ____A (RealTimeGaming Software) C:\Users\momma\Downloads\setup (2).exe
2012-07-14 00:53 - 2012-07-13 21:58 - 00000191 ____A C:\Users\momma\Desktop\codes.txt
2012-07-13 22:16 - 2012-07-13 22:16 - 01433752 ____A (RealTimeGaming Software) C:\Users\momma\Downloads\setup (1).exe
2012-07-13 22:10 - 2012-07-13 22:10 - 01435288 ____A (RealTimeGaming Software) C:\Users\momma\Downloads\setup.exe
2012-07-13 21:45 - 2012-07-13 21:45 - 00000020 ___SH C:\Users\momma\ntuser.ini
2012-07-13 09:21 - 2012-07-13 09:21 - 01434264 ____A (RealTimeGaming Software) C:\Users\kids\Downloads\setup.exe
2012-07-13 09:18 - 2012-07-13 09:17 - 01532056 ____A (RealTimeGaming Software) C:\Users\kids\Downloads\PalaceofChanceInstaller.exe
2012-07-13 09:04 - 2012-07-13 09:04 - 00001905 ____A C:\Users\kids\Desktop\WinPalace.lnk
2012-07-11 08:25 - 2010-11-29 11:53 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-08 19:57 - 2012-07-08 19:57 - 01530520 ____A (RealTimeGaming Software) C:\Users\The Machine\Downloads\setup (9).exe
2012-07-08 19:50 - 2012-07-08 19:50 - 00384844 ____A C:\Users\The Machine\AppData\Local\funmoods-speeddial.crx
2012-07-08 19:50 - 2012-07-08 19:50 - 00031465 ____A C:\Users\The Machine\AppData\Local\funmoods.crx
2012-07-08 17:51 - 2012-07-08 17:50 - 00665696 ____A (OptimumInstaller) C:\Users\The Machine\Downloads\Setup (8).exe
2012-07-08 13:14 - 2012-04-09 12:27 - 00000460 ___AH C:\Windows\Tasks\Norton Security Scan for The Machine.job
2012-07-07 22:51 - 2012-07-07 22:50 - 01434264 ____A (RealTimeGaming Software) C:\Users\The Machine\Downloads\setup (7).exe
2012-07-03 09:46 - 2012-07-16 13:14 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 20:58 - 2012-07-01 20:58 - 01434264 ____A (RealTimeGaming Software) C:\Users\The Machine\Downloads\CatsEyeCasinoInstaller.exe
2012-06-23 08:24 - 2012-06-23 08:20 - 79225752 ____A (Apple Inc.) C:\Users\The Machine\Downloads\iTunes64Setup (1).exe
2012-06-23 05:14 - 2010-11-07 08:26 - 00070656 ____A C:\Users\The Machine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-23 01:27 - 2012-06-23 01:12 - 357560776 ____A (Acresso Software Inc.) C:\Users\The Machine\Downloads\PSPX4_TBYB30.exe
2012-06-23 01:11 - 2012-06-23 01:11 - 00000000 ____A C:\Users\The Machine\Desktop\OK
2012-06-18 11:18 - 2012-06-18 11:02 - 00000058 ____A C:\Users\The Machine\Desktop\lisa work.txt
2012-06-17 21:59 - 2012-06-17 21:59 - 00126324 ____A C:\Users\The Machine\Downloads\luke_bryan-do_i.m4r
2012-06-16 21:00 - 2012-06-16 21:00 - 05039768 ____A (Auslogics Software Pty Ltd ) C:\Users\The Machine\Downloads\registry-defrag-setup.exe
2012-06-16 21:00 - 2012-06-16 21:00 - 03862112 ____A (Piriform Ltd) C:\Users\The Machine\Downloads\ccsetup319 (1).exe
2012-06-16 20:59 - 2012-06-16 20:59 - 05276392 ____A (Auslogics Software Pty Ltd ) C:\Users\The Machine\Downloads\registry-cleaner-setup.exe
2012-06-16 20:55 - 2012-06-16 20:55 - 03862112 ____A (Piriform Ltd) C:\Users\The Machine\Downloads\ccsetup319.exe
2012-06-16 20:46 - 2012-04-11 19:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-16 20:46 - 2011-07-15 15:27 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-13 18:49 - 2012-06-13 18:49 - 00008387 ____A C:\INSTALLHELPER.LOG
2012-06-11 19:02 - 2012-07-11 08:29 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 14:42 - 2012-06-09 14:42 - 01307080 ____A C:\Users\kids\Downloads\ArcadeCandyGames.exe
2012-06-08 21:30 - 2012-07-10 23:19 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-10 23:19 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 07:18 - 2010-11-07 08:26 - 00003766 __ASH C:\Users\All Users\KGyGaAvL.sys
2012-06-05 21:50 - 2012-07-10 23:19 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-10 23:19 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-10 23:19 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-10 23:19 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll


ZeroAccess:
C:\Windows\Installer\{7b70341c-59ec-588b-b94b-6867bed4e7e9}
C:\Windows\Installer\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\@
C:\Windows\Installer\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\L
C:\Windows\Installer\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\n
C:\Windows\Installer\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\U
C:\Windows\Installer\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\U\00000001.@
C:\Windows\Installer\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\U\80000000.@
C:\Windows\Installer\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\U\800000cb.@

ZeroAccess:
C:\Users\The Machine\AppData\Local\{7b70341c-59ec-588b-b94b-6867bed4e7e9}
C:\Users\The Machine\AppData\Local\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\@
C:\Users\The Machine\AppData\Local\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\L
C:\Users\The Machine\AppData\Local\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\U
C:\Users\The Machine\AppData\Local\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\L\00000004.@
C:\Users\The Machine\AppData\Local\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\L\1afb2d56
C:\Users\The Machine\AppData\Local\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\U\00000004.@
C:\Users\The Machine\AppData\Local\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\U\000000cb.@
C:\Users\The Machine\AppData\Local\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\U\80000000.@
C:\Users\The Machine\AppData\Local\{7b70341c-59ec-588b-b94b-6867bed4e7e9}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 2806.71 MB
Available physical RAM: 2151.05 MB
Total Pagefile: 2804.86 MB
Available Pagefile: 2143.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions ============================

1 Drive c: (Gateway) (Fixed) (Total:284.99 GB) (Free:194.86 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:2.65 GB) NTFS
5 Drive h: () (Removable) (Total:7.45 GB) (Free:7.4 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 284 GB 13 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 13 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 284 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 7633 MB Healthy

==================================================================================

Last Boot: 2012-07-28 02:01

==================== End Of Log =============================


Farbar Recovery Scan Tool Version: 31-08-2012 02
Ran by SYSTEM at 2012-09-01 02:18:15
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\ERDNT\cache64\services.exe
[2012-01-10 09:36] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 01 September 2012 - 02:52 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\ERDNT\cache64\services.exe C:\Windows\System32\services.exe
C:\WINDOWS\assembly\GAC\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\Installer\{7b70341c-59ec-588b-b94b-6867bed4e7e9}
C:\Users\The Machine\AppData\Local\{7b70341c-59ec-588b-b94b-6867bed4e7e9}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 hpigeon

hpigeon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 01 September 2012 - 04:25 AM

Hi Gringo,

Thank you for your quick reply.

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 31-08-2012 02
Ran by SYSTEM at 2012-09-01 05:10:02 Run:2
Running from H:\

==============================================

C:\Windows\ERDNT\cache64\services.exe copied successfully to C:\Windows\System32\services.exe
C:\WINDOWS\assembly\GAC\Desktop.ini not found.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\Installer\{7b70341c-59ec-588b-b94b-6867bed4e7e9} moved successfully.
C:\Users\The Machine\AppData\Local\{7b70341c-59ec-588b-b94b-6867bed4e7e9} moved successfully.

==== End of Fixlog ====

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 01 September 2012 - 11:23 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 hpigeon

hpigeon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 02 September 2012 - 02:28 AM

Hi Gringo,

Sorry for the delay. The first time I ran Combofix it was running for well over an hour. I walked away from the laptop, and when I came back it was constantly restarting itself, in rapid intervals (which it seems to do if it gets to hot, so it is probably unrelated). After it had been powered down and unplugged for a few hours I ran Combofix again. That scan took 45-50 minutes to complete, and the log from it is listed below. Other than the incident I mentioned above during the first scan, the unit seems to be running well.

ComboFix 12-08-31.08 - The Machine 09/02/2012 2:41.3.2 - x64
Running from: c:\users\The Machine\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FunWebProducts
c:\program files (x86)\iWin Games\iWINgameshookie.dll
c:\program files (x86)\RivalGaming\RiVAlgaming.dll
c:\program files (x86)\Savings Sidekick
c:\program files (x86)\Savings Sidekick\Savings Sidekick.dll
c:\program files (x86)\Savings Sidekick\Savings Sidekick.exe
c:\program files (x86)\Savings Sidekick\Savings Sidekick.ico
c:\program files (x86)\Savings Sidekick\Savings Sidekick.ini
c:\program files (x86)\Savings Sidekick\Savings SidekickGui.exe
c:\program files (x86)\Savings Sidekick\Savings SidekickInstaller.log
c:\program files (x86)\Savings Sidekick\Uninstall.exe
c:\programdata\A446F8D08C.sys
c:\programdata\go_0molg.pad
c:\users\momma\AppData\Local\Savings Sidekick
c:\users\momma\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx
c:\users\The Machine\AppData\Roaming\PriceGong
c:\users\The Machine\AppData\Roaming\PriceGong\Data\1.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\a.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\b.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\c.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\d.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\e.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\f.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\g.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\h.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\i.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\j.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\k.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\l.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\m.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\The Machine\AppData\Roaming\PriceGong\Data\n.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\o.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\p.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\q.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\r.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\s.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\t.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\u.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\v.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\w.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\wlu.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\x.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\y.txt
c:\users\The Machine\AppData\Roaming\PriceGong\Data\z.txt
c:\users\The Machine\Documents\ShopToWin
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 07:03 . 2012-09-02 07:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-02 07:03 . 2012-09-02 07:03 -------- d-----w- c:\users\momma\AppData\Local\temp
2012-09-02 07:03 . 2012-09-02 07:03 -------- d-----w- c:\users\kids\AppData\Local\temp
2012-09-02 07:03 . 2012-09-02 07:03 -------- d-----w- c:\users\Kayla Ann\AppData\Local\temp
2012-09-02 07:03 . 2012-09-02 07:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-02 07:03 . 2012-09-02 07:03 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-08-07 02:44 . 2012-08-07 02:45 -------- d-----w- C:\FRST
2012-08-07 02:22 . 2012-08-07 02:22 -------- d-----w- c:\program files (x86)\ESET
2012-08-07 02:05 . 2012-08-07 02:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-07 01:31 . 2012-08-07 01:31 116016 ----a-w- c:\windows\system32\drivers\91949609.sys
2012-08-04 13:22 . 2012-08-04 13:23 -------- dc----w- c:\users\The Machine\AppData\Local\MigWiz
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 07:08 . 2012-09-02 07:08 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5BC2831-665B-439D-A21D-E00F9E072F7D}\offreg.dll
2012-08-31 23:44 . 2012-07-20 18:59 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FBA186A-E4C2-4D33-AAAB-4F8551FF8898}\offreg.dll
2012-08-28 05:49 . 2012-09-02 06:19 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5BC2831-665B-439D-A21D-E00F9E072F7D}\mpengine.dll
2012-07-11 16:25 . 2010-11-29 19:53 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2012-07-16 21:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 10:04 . 2012-07-20 17:00 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FBA186A-E4C2-4D33-AAAB-4F8551FF8898}\mpengine.dll
2012-06-17 04:46 . 2012-04-12 03:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-17 04:46 . 2011-07-15 23:27 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-12 03:02 . 2012-07-11 16:29 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:30 . 2012-07-11 07:19 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 15:18 . 2010-11-07 16:26 3766 --sha-w- c:\programdata\KGyGaAvL.sys
2012-06-06 05:50 . 2012-07-11 07:19 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 07:19 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 07:19 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 07:19 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-04-20 04:57 . 2012-04-20 04:57 3993600 ----a-w- c:\program files (x86)\GUTDFAE.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3d206148-6081-42e4-be5f-614ff2c73ce0}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Jenya_Games\prxtbJen0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}]
2012-04-18 20:57 136192 ----a-w- c:\program files (x86)\HTTO Group, Ltd\FBDownloader IE Add-on\FBDownloader.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3d206148-6081-42e4-be5f-614ff2c73ce0}"= "c:\program files (x86)\Jenya_Games\prxtbJen0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3d206148-6081-42e4-be5f-614ff2c73ce0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-23 39408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2011-06-22 4837808]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 135664]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 416768]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-04 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 24x7HelpSvc;24x7HelpService;c:\program files (x86)\24x7Help\App24x7Svc.exe [2012-02-29 394352]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GamingWonderlandService;GamingWonderlandService;c:\progra~2\GAMING~2\bar\1.bin\gtbarsvc.exe [2012-01-20 42504]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2011-04-08 176848]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-05-25 255744]
S2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe [2012-01-04 519888]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [2010-11-22 55400]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 17:20]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 17:20]
.
2012-07-17 c:\windows\Tasks\Norton Security Scan for momma.job
- c:\progra~2\NORTON~2\Engine\371~1.4\Nss.exe [2012-04-09 06:45]
.
2012-07-08 c:\windows\Tasks\Norton Security Scan for The Machine.job
- c:\progra~2\NORTON~2\Engine\371~1.4\Nss.exe [2012-04-09 06:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://start.funmoods.com/?f=1&a=fmtoby&chnl=fmtoby&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DzztDyC0CyCyDtCtAyDyCtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=918113571
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{cc2e2b99-14d3-4516-883c-9ea147f594ef} - c:\program files (x86)\Zwinky_5q\bar\1.bin\5qSrcAs.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
SafeBoot-45756954.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
Toolbar-!{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
WebBrowser-{3D206148-6081-42E4-BE5F-614FF2C73CE0} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1 - c:\program files (x86)\Uniblue\DriverScanner\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,61,13,
cf,7b,4e,01,0f,be,a1,00,03,db,52,37,55
"{D7E97865-918F-41E4-9CD0-25AB1C574CE8}"=hex:51,66,7a,6c,4c,1d,3b,1b,75,65,f8,
cc,be,ca,83,0e,83,dc,67,eb,1f,17,0f,fd
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,df,09,
38,54,12,b3,5e,84,14,42,d0,24,e5,8e,5a
"{A531D99C-5A22-449B-83DA-872725C6D0ED}"=hex:51,66,7a,6c,4c,1d,3b,1b,8c,c4,20,
be,13,01,fc,0b,9c,d6,c5,67,26,86,93,f8
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,3b,1b,22,a0,88,
f4,ca,9a,b5,5e,96,23,42,d0,24,5d,0c,9d
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,90,56,
19,c8,98,9c,01,84,5d,34,d5,ef,e0,15,65
"{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0c,00,
0a,20,4a,76,5e,0e,1d,53,40,12,62,52,4d
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,ce,
03,9c,b3,e4,0d,ba,9a,b8,17,8f,6e,fe,d6
"{26D675AC-D925-4BBF-A720-62C2AA4A81EB}"=hex:51,66,7a,6c,4c,1d,3b,1b,bc,68,c7,
3d,14,82,d8,04,b8,2c,20,82,a9,0a,c2,fe
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}"=hex:51,66,7a,6c,4c,1d,3b,1b,24,4e,7b,
74,d8,23,fc,02,9e,8e,c9,01,e9,cc,7a,fa
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,05,
6d,c1,8d,4b,09,a9,e7,96,9a,f2,99,6e,56
"{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}"=hex:51,66,7a,6c,4c,1d,3b,1b,85,d2,e4,
9e,be,b7,9b,06,a4,33,7a,87,97,15,88,b7
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,3b,1b,40,ce,97,
91,9a,6c,6d,0e,9a,3d,3f,53,60,b3,54,a6
"{8CA5ED52-F3FB-4414-A105-2E3491156990}"=hex:51,66,7a,6c,4c,1d,3b,1b,42,f0,b4,
97,ca,a8,73,0b,be,09,6c,74,92,55,2a,85
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,21,
8b,33,17,d8,05,91,c0,13,24,75,48,20,d3
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f0,49,
b1,ec,5a,f6,02,9c,3f,8d,50,54,34,30,e2
"{C585D593-E7F3-4852-A200-561686EE02E4}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,c8,94,
de,c2,bc,35,07,bd,0c,14,56,85,ae,41,f1
"{CCB69577-088B-4004-9ED8-FF5BCC83A039}"=hex:51,66,7a,6c,4c,1d,3b,1b,67,88,a7,
d7,ba,53,63,0f,81,d4,bd,1b,cf,c3,e3,2c
"{D3D233D5-9F6D-436C-B6C7-E63F77503B30}"=hex:51,66,7a,6c,4c,1d,3b,1b,c5,2e,c3,
c8,5c,c4,0b,0c,a9,cb,a4,7f,74,10,78,25
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,d9,
c0,74,ff,3c,0c,a3,78,de,65,c2,85,cb,bc
"{C585D593-E7F4-4852-A200-561686EE02E4}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,c8,94,
de,c5,bc,35,07,bd,0c,14,56,85,ae,41,f1
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,38,12,61,38,3e,
49,8c,27,14,02,ef,e3,be,9b,00,6b,3d,61
.
[HKEY_USERS\S-1-5-21-3326882370-3369383339-445709182-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3326882370-3369383339-445709182-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3326882370-3369383339-445709182-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c4,9d,b3,22,0c,10,b0,24,3e,a3,f3,09,21,9c,78,ad,f2,87,a2,95,7b,74,e3,
ad,7d,ab,c5,b4,c6,18,d9,3e,5e,2d,c9,94,19,e6,8e,26,c7,d7,e1,ce,4b,23,c4,1f,\
"??"=hex:d9,76,0f,67,a7,f8,02,62,7e,61,3e,8a,b2,05,d6,77
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-09-02 03:18:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-02 07:18
ComboFix2.txt 2012-01-10 17:38
.
Pre-Run: 213,784,158,208 bytes free
Post-Run: 216,239,222,784 bytes free
.
- - End Of File - - 3DA901286ADDD05B4055F9E9C8F00A40

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 02 September 2012 - 03:48 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 hpigeon

hpigeon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 02 September 2012 - 04:21 AM

TDSS Killer Log:

04:55:21.0429 0436 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
04:55:21.0897 0436 ============================================================
04:55:21.0897 0436 Current date / time: 2012/09/02 04:55:21.0897
04:55:21.0897 0436 SystemInfo:
04:55:21.0897 0436
04:55:21.0897 0436 OS Version: 6.1.7600 ServicePack: 0.0
04:55:21.0897 0436 Product type: Workstation
04:55:21.0897 0436 ComputerName: THEMACHINE-PC
04:55:21.0897 0436 UserName: The Machine
04:55:21.0897 0436 Windows directory: C:\Windows
04:55:21.0897 0436 System windows directory: C:\Windows
04:55:21.0897 0436 Running under WOW64
04:55:21.0897 0436 Processor architecture: Intel x64
04:55:21.0897 0436 Number of processors: 2
04:55:21.0897 0436 Page size: 0x1000
04:55:21.0897 0436 Boot type: Normal boot
04:55:21.0897 0436 ============================================================
04:55:22.0771 0436 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:55:22.0771 0436 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
04:55:22.0787 0436 ============================================================
04:55:22.0787 0436 \Device\Harddisk0\DR0:
04:55:22.0787 0436 MBR partitions:
04:55:22.0787 0436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
04:55:22.0787 0436 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
04:55:22.0787 0436 \Device\Harddisk1\DR1:
04:55:22.0787 0436 MBR partitions:
04:55:22.0787 0436 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
04:55:22.0787 0436 ============================================================
04:55:22.0880 0436 C: <-> \Device\Harddisk0\DR0\Partition2
04:55:22.0880 0436 ============================================================
04:55:22.0880 0436 Initialize success
04:55:22.0880 0436 ============================================================
04:55:25.0922 3020 ============================================================
04:55:25.0922 3020 Scan started
04:55:25.0922 3020 Mode: Manual;
04:55:25.0922 3020 ============================================================
04:55:26.0640 3020 ================ Scan system memory ========================
04:55:26.0640 3020 System memory - ok
04:55:26.0640 3020 ================ Scan services =============================
04:55:28.0496 3020 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
04:55:28.0512 3020 1394ohci - ok
04:55:29.0011 3020 [ 010809ABD1014940FEDEDBDC2F68D440 ] 24x7HelpSvc C:\Program Files (x86)\24x7Help\App24x7Svc.exe
04:55:29.0027 3020 24x7HelpSvc - ok
04:55:29.0073 3020 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
04:55:29.0073 3020 ACPI - ok
04:55:29.0089 3020 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
04:55:29.0089 3020 AcpiPmi - ok
04:55:29.0136 3020 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
04:55:29.0136 3020 adp94xx - ok
04:55:29.0167 3020 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
04:55:29.0167 3020 adpahci - ok
04:55:29.0261 3020 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
04:55:29.0261 3020 adpu320 - ok
04:55:29.0339 3020 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
04:55:29.0339 3020 AeLookupSvc - ok
04:55:29.0401 3020 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
04:55:29.0401 3020 AFD - ok
04:55:29.0573 3020 [ B29BC445561F1AC7B1DAF67AF954C36B ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
04:55:29.0619 3020 AffinegyService - ok
04:55:29.0682 3020 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
04:55:29.0697 3020 agp440 - ok
04:55:29.0744 3020 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
04:55:29.0760 3020 ALG - ok
04:55:29.0791 3020 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
04:55:29.0791 3020 aliide - ok
04:55:29.0853 3020 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
04:55:29.0853 3020 amdide - ok
04:55:29.0885 3020 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
04:55:29.0885 3020 AmdK8 - ok
04:55:29.0916 3020 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
04:55:29.0916 3020 AmdPPM - ok
04:55:29.0963 3020 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
04:55:29.0963 3020 amdsata - ok
04:55:29.0994 3020 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
04:55:29.0994 3020 amdsbs - ok
04:55:30.0009 3020 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
04:55:30.0009 3020 amdxata - ok
04:55:30.0025 3020 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
04:55:30.0041 3020 AppID - ok
04:55:30.0056 3020 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
04:55:30.0056 3020 AppIDSvc - ok
04:55:30.0072 3020 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
04:55:30.0072 3020 Appinfo - ok
04:55:30.0228 3020 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:55:30.0228 3020 Apple Mobile Device - ok
04:55:30.0259 3020 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
04:55:30.0259 3020 arc - ok
04:55:30.0290 3020 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
04:55:30.0290 3020 arcsas - ok
04:55:30.0743 3020 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
04:55:30.0930 3020 aspnet_state - ok
04:55:30.0961 3020 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
04:55:30.0977 3020 AsyncMac - ok
04:55:30.0992 3020 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
04:55:30.0992 3020 atapi - ok
04:55:31.0601 3020 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys
04:55:31.0616 3020 athr - ok
04:55:31.0710 3020 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:55:31.0819 3020 AudioEndpointBuilder - ok
04:55:31.0866 3020 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
04:55:31.0866 3020 AudioSrv - ok
04:55:31.0975 3020 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
04:55:31.0975 3020 AxInstSV - ok
04:55:32.0131 3020 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
04:55:32.0131 3020 b06bdrv - ok
04:55:32.0162 3020 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
04:55:32.0162 3020 b57nd60a - ok
04:55:32.0209 3020 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
04:55:32.0225 3020 BDESVC - ok
04:55:32.0271 3020 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
04:55:32.0271 3020 Beep - ok
04:55:32.0474 3020 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
04:55:32.0490 3020 BFE - ok
04:55:32.0630 3020 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
04:55:32.0661 3020 BITS - ok
04:55:32.0693 3020 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
04:55:32.0693 3020 blbdrive - ok
04:55:32.0849 3020 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
04:55:32.0864 3020 Bonjour Service - ok
04:55:33.0207 3020 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
04:55:33.0207 3020 bowser - ok
04:55:33.0239 3020 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:55:33.0254 3020 BrFiltLo - ok
04:55:33.0270 3020 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:55:33.0270 3020 BrFiltUp - ok
04:55:33.0317 3020 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
04:55:33.0317 3020 BridgeMP - ok
04:55:33.0379 3020 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
04:55:33.0379 3020 Browser - ok
04:55:33.0441 3020 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
04:55:33.0441 3020 Brserid - ok
04:55:33.0473 3020 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
04:55:33.0473 3020 BrSerWdm - ok
04:55:33.0473 3020 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
04:55:33.0488 3020 BrUsbMdm - ok
04:55:33.0504 3020 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
04:55:33.0504 3020 BrUsbSer - ok
04:55:33.0519 3020 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
04:55:33.0519 3020 BTHMODEM - ok
04:55:33.0535 3020 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
04:55:33.0535 3020 bthserv - ok
04:55:33.0551 3020 catchme - ok
04:55:33.0566 3020 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
04:55:33.0566 3020 cdfs - ok
04:55:33.0613 3020 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
04:55:33.0613 3020 cdrom - ok
04:55:33.0644 3020 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
04:55:33.0644 3020 CertPropSvc - ok
04:55:33.0675 3020 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
04:55:33.0675 3020 circlass - ok
04:55:33.0707 3020 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
04:55:33.0707 3020 CLFS - ok
04:55:33.0800 3020 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:55:33.0816 3020 clr_optimization_v2.0.50727_32 - ok
04:55:33.0909 3020 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:55:33.0925 3020 clr_optimization_v2.0.50727_64 - ok
04:55:34.0050 3020 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:55:34.0128 3020 clr_optimization_v4.0.30319_32 - ok
04:55:34.0175 3020 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:55:34.0190 3020 clr_optimization_v4.0.30319_64 - ok
04:55:34.0221 3020 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
04:55:34.0221 3020 CmBatt - ok
04:55:34.0237 3020 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
04:55:34.0253 3020 cmdide - ok
04:55:34.0346 3020 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
04:55:34.0362 3020 CNG - ok
04:55:34.0377 3020 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
04:55:34.0377 3020 Compbatt - ok
04:55:34.0393 3020 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
04:55:34.0393 3020 CompositeBus - ok
04:55:34.0393 3020 COMSysApp - ok
04:55:34.0409 3020 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
04:55:34.0409 3020 crcdisk - ok
04:55:34.0533 3020 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
04:55:34.0533 3020 CryptSvc - ok
04:55:34.0611 3020 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
04:55:34.0611 3020 DcomLaunch - ok
04:55:34.0736 3020 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
04:55:34.0767 3020 defragsvc - ok
04:55:34.0830 3020 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
04:55:34.0830 3020 DfsC - ok
04:55:34.0861 3020 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
04:55:34.0861 3020 Dhcp - ok
04:55:34.0877 3020 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
04:55:34.0877 3020 discache - ok
04:55:34.0923 3020 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
04:55:34.0923 3020 Disk - ok
04:55:34.0970 3020 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
04:55:34.0970 3020 Dnscache - ok
04:55:34.0986 3020 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
04:55:35.0001 3020 dot3svc - ok
04:55:35.0064 3020 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
04:55:35.0079 3020 DPS - ok
04:55:35.0126 3020 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
04:55:35.0126 3020 drmkaud - ok
04:55:35.0235 3020 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
04:55:35.0251 3020 DXGKrnl - ok
04:55:35.0282 3020 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
04:55:35.0282 3020 EapHost - ok
04:55:35.0407 3020 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
04:55:35.0501 3020 ebdrv - ok
04:55:35.0579 3020 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
04:55:35.0579 3020 EFS - ok
04:55:35.0984 3020 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
04:55:35.0984 3020 ehRecvr - ok
04:55:36.0031 3020 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
04:55:36.0047 3020 ehSched - ok
04:55:36.0078 3020 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
04:55:36.0078 3020 elxstor - ok
04:55:36.0343 3020 [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
04:55:36.0359 3020 ePowerSvc - ok
04:55:36.0390 3020 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
04:55:36.0390 3020 ErrDev - ok
04:55:36.0421 3020 [ 0975BF32399A24117E317B5BF1D5D0AA ] ETD C:\Windows\system32\DRIVERS\ETD.sys
04:55:36.0421 3020 ETD - ok
04:55:36.0499 3020 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
04:55:36.0499 3020 EventSystem - ok
04:55:36.0515 3020 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
04:55:36.0530 3020 exfat - ok
04:55:36.0577 3020 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
04:55:36.0577 3020 fastfat - ok
04:55:36.0608 3020 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
04:55:36.0624 3020 Fax - ok
04:55:36.0639 3020 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
04:55:36.0639 3020 fdc - ok
04:55:36.0655 3020 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
04:55:36.0655 3020 fdPHost - ok
04:55:36.0671 3020 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
04:55:36.0686 3020 FDResPub - ok
04:55:36.0702 3020 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
04:55:36.0702 3020 FileInfo - ok
04:55:36.0717 3020 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
04:55:36.0717 3020 Filetrace - ok
04:55:36.0733 3020 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
04:55:36.0733 3020 flpydisk - ok
04:55:36.0858 3020 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
04:55:36.0858 3020 FltMgr - ok
04:55:37.0154 3020 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
04:55:37.0170 3020 FontCache - ok
04:55:37.0263 3020 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:55:37.0263 3020 FontCache3.0.0.0 - ok
04:55:37.0279 3020 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
04:55:37.0279 3020 FsDepends - ok
04:55:37.0326 3020 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
04:55:37.0326 3020 Fs_Rec - ok
04:55:37.0373 3020 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
04:55:37.0373 3020 fvevol - ok
04:55:37.0388 3020 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
04:55:37.0388 3020 gagp30kx - ok
04:55:37.0482 3020 [ 622FCF264119F7DF127BE353F796B319 ] GamingWonderlandService C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe
04:55:37.0482 3020 GamingWonderlandService - ok
04:55:37.0544 3020 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:55:37.0544 3020 GEARAspiWDM - ok
04:55:37.0700 3020 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
04:55:37.0716 3020 gpsvc - ok
04:55:37.0778 3020 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
04:55:37.0778 3020 GREGService - ok
04:55:37.0919 3020 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:55:37.0919 3020 gupdate - ok
04:55:37.0965 3020 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:55:37.0981 3020 gupdatem - ok
04:55:38.0028 3020 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
04:55:38.0043 3020 gusvc - ok
04:55:38.0059 3020 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
04:55:38.0059 3020 hcw85cir - ok
04:55:38.0090 3020 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
04:55:38.0106 3020 HdAudAddService - ok
04:55:38.0137 3020 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
04:55:38.0137 3020 HDAudBus - ok
04:55:38.0184 3020 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
04:55:38.0184 3020 HECIx64 - ok
04:55:38.0199 3020 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
04:55:38.0199 3020 HidBatt - ok
04:55:38.0215 3020 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
04:55:38.0215 3020 HidBth - ok
04:55:38.0231 3020 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
04:55:38.0231 3020 HidIr - ok
04:55:38.0262 3020 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
04:55:38.0262 3020 hidserv - ok
04:55:38.0293 3020 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
04:55:38.0293 3020 HidUsb - ok
04:55:38.0340 3020 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
04:55:38.0340 3020 hkmsvc - ok
04:55:38.0355 3020 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
04:55:38.0371 3020 HomeGroupListener - ok
04:55:38.0433 3020 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
04:55:38.0449 3020 HomeGroupProvider - ok
04:55:38.0496 3020 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
04:55:38.0496 3020 HpSAMD - ok
04:55:38.0527 3020 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
04:55:38.0543 3020 HTTP - ok
04:55:38.0558 3020 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
04:55:38.0558 3020 hwpolicy - ok
04:55:38.0574 3020 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
04:55:38.0574 3020 i8042prt - ok
04:55:38.0652 3020 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
04:55:38.0667 3020 iaStor - ok
04:55:38.0761 3020 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
04:55:38.0761 3020 IAStorDataMgrSvc - ok
04:55:38.0855 3020 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
04:55:38.0870 3020 iaStorV - ok
04:55:38.0964 3020 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:55:39.0011 3020 idsvc - ok
04:55:39.0432 3020 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
04:55:39.0915 3020 igfx - ok
04:55:40.0181 3020 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
04:55:40.0196 3020 iirsp - ok
04:55:40.0274 3020 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
04:55:40.0290 3020 IKEEXT - ok
04:55:40.0352 3020 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
04:55:40.0352 3020 Impcd - ok
04:55:40.0477 3020 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
04:55:40.0493 3020 IntcAzAudAddService - ok
04:55:40.0539 3020 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
04:55:40.0539 3020 IntcDAud - ok
04:55:40.0555 3020 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
04:55:40.0555 3020 intelide - ok
04:55:40.0571 3020 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
04:55:40.0571 3020 intelppm - ok
04:55:40.0586 3020 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
04:55:40.0586 3020 IPBusEnum - ok
04:55:40.0602 3020 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:55:40.0602 3020 IpFilterDriver - ok
04:55:40.0742 3020 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
04:55:40.0742 3020 iphlpsvc - ok
04:55:40.0773 3020 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
04:55:40.0773 3020 IPMIDRV - ok
04:55:40.0805 3020 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
04:55:40.0805 3020 IPNAT - ok
04:55:40.0883 3020 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
04:55:40.0914 3020 iPod Service - ok
04:55:40.0945 3020 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
04:55:40.0945 3020 IRENUM - ok
04:55:40.0976 3020 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
04:55:40.0976 3020 isapnp - ok
04:55:40.0992 3020 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
04:55:41.0007 3020 iScsiPrt - ok
04:55:41.0132 3020 [ FE1A970E7CE330BB844E333C374C6599 ] iWinTrusted C:\Program Files (x86)\iWin Games\iWinTrusted.exe
04:55:41.0132 3020 iWinTrusted - ok
04:55:41.0226 3020 [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
04:55:41.0226 3020 k57nd60a - ok
04:55:41.0273 3020 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
04:55:41.0273 3020 kbdclass - ok
04:55:41.0304 3020 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
04:55:41.0304 3020 kbdhid - ok
04:55:41.0319 3020 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
04:55:41.0319 3020 KeyIso - ok
04:55:41.0491 3020 [ 524503240D2BA280D97E2297102151CE ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
04:55:41.0491 3020 kl1 - ok
04:55:41.0538 3020 [ 6AB7B4B65C5E201CB968DEC20AF10DCB ] KLIF C:\Windows\system32\DRIVERS\klif.sys
04:55:41.0538 3020 KLIF - ok
04:55:41.0569 3020 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
04:55:41.0569 3020 KSecDD - ok
04:55:41.0631 3020 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
04:55:41.0647 3020 KSecPkg - ok
04:55:41.0663 3020 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
04:55:41.0663 3020 ksthunk - ok
04:55:41.0709 3020 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
04:55:41.0709 3020 KtmRm - ok
04:55:41.0772 3020 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
04:55:41.0772 3020 LanmanServer - ok
04:55:41.0819 3020 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:55:41.0819 3020 LanmanWorkstation - ok
04:55:41.0834 3020 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
04:55:41.0834 3020 lltdio - ok
04:55:41.0928 3020 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
04:55:41.0943 3020 lltdsvc - ok
04:55:41.0975 3020 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
04:55:41.0975 3020 lmhosts - ok
04:55:42.0053 3020 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
04:55:42.0068 3020 LMS - ok
04:55:42.0084 3020 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
04:55:42.0084 3020 LSI_FC - ok
04:55:42.0115 3020 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
04:55:42.0115 3020 LSI_SAS - ok
04:55:42.0131 3020 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:55:42.0131 3020 LSI_SAS2 - ok
04:55:42.0146 3020 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:55:42.0146 3020 LSI_SCSI - ok
04:55:42.0177 3020 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
04:55:42.0177 3020 luafv - ok
04:55:42.0224 3020 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
04:55:42.0224 3020 MBAMProtector - ok
04:55:42.0427 3020 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
04:55:42.0443 3020 MBAMService - ok
04:55:42.0474 3020 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
04:55:42.0474 3020 Mcx2Svc - ok
04:55:42.0489 3020 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
04:55:42.0489 3020 megasas - ok
04:55:42.0521 3020 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
04:55:42.0521 3020 MegaSR - ok
04:55:42.0567 3020 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
04:55:42.0567 3020 MMCSS - ok
04:55:42.0599 3020 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
04:55:42.0599 3020 Modem - ok
04:55:42.0630 3020 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
04:55:42.0630 3020 monitor - ok
04:55:42.0661 3020 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
04:55:42.0661 3020 mouclass - ok
04:55:42.0692 3020 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
04:55:42.0692 3020 mouhid - ok
04:55:42.0708 3020 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
04:55:42.0708 3020 mountmgr - ok
04:55:42.0786 3020 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
04:55:42.0786 3020 MpFilter - ok
04:55:42.0817 3020 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
04:55:42.0817 3020 mpio - ok
04:55:42.0833 3020 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
04:55:42.0848 3020 mpsdrv - ok
04:55:42.0895 3020 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
04:55:42.0911 3020 MpsSvc - ok
04:55:42.0942 3020 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
04:55:42.0942 3020 MRxDAV - ok
04:55:43.0020 3020 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
04:55:43.0020 3020 mrxsmb - ok
04:55:43.0113 3020 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:55:43.0113 3020 mrxsmb10 - ok
04:55:43.0145 3020 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:55:43.0145 3020 mrxsmb20 - ok
04:55:43.0160 3020 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
04:55:43.0160 3020 msahci - ok
04:55:43.0191 3020 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
04:55:43.0191 3020 msdsm - ok
04:55:43.0207 3020 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
04:55:43.0207 3020 MSDTC - ok
04:55:43.0254 3020 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
04:55:43.0254 3020 Msfs - ok
04:55:43.0269 3020 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
04:55:43.0269 3020 mshidkmdf - ok
04:55:43.0285 3020 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
04:55:43.0285 3020 msisadrv - ok
04:55:43.0363 3020 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
04:55:43.0363 3020 MSiSCSI - ok
04:55:43.0363 3020 msiserver - ok
04:55:43.0394 3020 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
04:55:43.0394 3020 MSKSSRV - ok
04:55:43.0472 3020 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
04:55:43.0472 3020 MsMpSvc - ok
04:55:43.0503 3020 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
04:55:43.0503 3020 MSPCLOCK - ok
04:55:43.0503 3020 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
04:55:43.0503 3020 MSPQM - ok
04:55:43.0519 3020 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
04:55:43.0535 3020 MsRPC - ok
04:55:43.0566 3020 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
04:55:43.0566 3020 mssmbios - ok
04:55:43.0613 3020 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
04:55:43.0613 3020 MSTEE - ok
04:55:43.0644 3020 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
04:55:43.0644 3020 MTConfig - ok
04:55:43.0659 3020 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
04:55:43.0659 3020 Mup - ok
04:55:43.0753 3020 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
04:55:43.0769 3020 napagent - ok
04:55:43.0800 3020 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
04:55:43.0800 3020 NativeWifiP - ok
04:55:43.0847 3020 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
04:55:43.0847 3020 NDIS - ok
04:55:43.0878 3020 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
04:55:43.0878 3020 NdisCap - ok
04:55:43.0893 3020 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
04:55:43.0893 3020 NdisTapi - ok
04:55:43.0909 3020 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
04:55:43.0909 3020 Ndisuio - ok
04:55:43.0925 3020 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
04:55:43.0940 3020 NdisWan - ok
04:55:43.0956 3020 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
04:55:43.0956 3020 NDProxy - ok
04:55:43.0971 3020 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
04:55:43.0971 3020 NetBIOS - ok
04:55:43.0987 3020 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
04:55:43.0987 3020 NetBT - ok
04:55:44.0003 3020 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
04:55:44.0003 3020 Netlogon - ok
04:55:44.0049 3020 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
04:55:44.0049 3020 Netman - ok
04:55:44.0096 3020 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:55:44.0159 3020 NetMsmqActivator - ok
04:55:44.0159 3020 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:55:44.0159 3020 NetPipeActivator - ok
04:55:44.0221 3020 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
04:55:44.0252 3020 netprofm - ok
04:55:44.0252 3020 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:55:44.0252 3020 NetTcpActivator - ok
04:55:44.0268 3020 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:55:44.0268 3020 NetTcpPortSharing - ok
04:55:44.0283 3020 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
04:55:44.0283 3020 nfrd960 - ok
04:55:44.0330 3020 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:55:44.0330 3020 NisDrv - ok
04:55:44.0377 3020 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
04:55:44.0393 3020 NisSrv - ok
04:55:44.0408 3020 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
04:55:44.0424 3020 NlaSvc - ok
04:55:44.0455 3020 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
04:55:44.0455 3020 Npfs - ok
04:55:44.0502 3020 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
04:55:44.0502 3020 nsi - ok
04:55:44.0533 3020 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
04:55:44.0533 3020 nsiproxy - ok
04:55:44.0595 3020 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
04:55:44.0627 3020 Ntfs - ok
04:55:44.0751 3020 [ 6FD534EDE2905D3C3257CFDD881F9705 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
04:55:44.0751 3020 NTI IScheduleSvc - ok
04:55:44.0783 3020 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
04:55:44.0783 3020 NTIDrvr - ok
04:55:44.0798 3020 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
04:55:44.0798 3020 Null - ok
04:55:44.0814 3020 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
04:55:44.0814 3020 nvraid - ok
04:55:44.0861 3020 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
04:55:44.0861 3020 nvstor - ok
04:55:44.0892 3020 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
04:55:44.0892 3020 nv_agp - ok
04:55:44.0907 3020 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
04:55:44.0907 3020 ohci1394 - ok
04:55:45.0032 3020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
04:55:45.0032 3020 p2pimsvc - ok
04:55:45.0079 3020 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
04:55:45.0095 3020 p2psvc - ok
04:55:45.0126 3020 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
04:55:45.0126 3020 Parport - ok
04:55:45.0173 3020 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
04:55:45.0173 3020 partmgr - ok
04:55:45.0251 3020 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
04:55:45.0251 3020 PcaSvc - ok
04:55:45.0266 3020 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
04:55:45.0282 3020 pci - ok
04:55:45.0297 3020 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
04:55:45.0297 3020 pciide - ok
04:55:45.0329 3020 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
04:55:45.0329 3020 pcmcia - ok
04:55:45.0375 3020 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
04:55:45.0375 3020 pcw - ok
04:55:45.0609 3020 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
04:55:45.0781 3020 PEAUTH - ok
04:55:46.0374 3020 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
04:55:46.0374 3020 PerfHost - ok
04:55:46.0623 3020 [ 8BA0E6570112C4F27571A3C21B3A02A6 ] PGMTrusted C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
04:55:46.0623 3020 PGMTrusted - ok
04:55:46.0764 3020 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
04:55:46.0857 3020 pla - ok
04:55:46.0967 3020 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
04:55:46.0967 3020 PlugPlay - ok
04:55:47.0076 3020 PnkBstrA - ok
04:55:47.0091 3020 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
04:55:47.0091 3020 PNRPAutoReg - ok
04:55:47.0123 3020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
04:55:47.0123 3020 PNRPsvc - ok
04:55:47.0169 3020 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
04:55:47.0185 3020 PolicyAgent - ok
04:55:47.0201 3020 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
04:55:47.0201 3020 Power - ok
04:55:47.0216 3020 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
04:55:47.0232 3020 PptpMiniport - ok
04:55:47.0247 3020 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
04:55:47.0263 3020 Processor - ok
04:55:47.0310 3020 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
04:55:47.0310 3020 ProfSvc - ok
04:55:47.0325 3020 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
04:55:47.0341 3020 ProtectedStorage - ok
04:55:47.0357 3020 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
04:55:47.0357 3020 Psched - ok
04:55:47.0497 3020 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
04:55:47.0497 3020 PSI_SVC_2 - ok
04:55:47.0856 3020 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
04:55:47.0887 3020 ql2300 - ok
04:55:47.0903 3020 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
04:55:47.0903 3020 ql40xx - ok
04:55:47.0934 3020 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
04:55:47.0934 3020 QWAVE - ok
04:55:47.0949 3020 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
04:55:47.0949 3020 QWAVEdrv - ok
04:55:47.0965 3020 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
04:55:47.0965 3020 RasAcd - ok
04:55:48.0012 3020 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
04:55:48.0012 3020 RasAgileVpn - ok
04:55:48.0027 3020 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
04:55:48.0043 3020 RasAuto - ok
04:55:48.0059 3020 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
04:55:48.0059 3020 Rasl2tp - ok
04:55:48.0090 3020 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
04:55:48.0090 3020 RasMan - ok
04:55:48.0121 3020 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
04:55:48.0121 3020 RasPppoe - ok
04:55:48.0137 3020 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
04:55:48.0137 3020 RasSstp - ok
04:55:48.0183 3020 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
04:55:48.0183 3020 rdbss - ok
04:55:48.0230 3020 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
04:55:48.0230 3020 rdpbus - ok
04:55:48.0261 3020 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
04:55:48.0261 3020 RDPCDD - ok
04:55:48.0293 3020 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
04:55:48.0293 3020 RDPENCDD - ok
04:55:48.0308 3020 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
04:55:48.0308 3020 RDPREFMP - ok
04:55:48.0386 3020 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
04:55:48.0386 3020 RDPWD - ok
04:55:48.0402 3020 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
04:55:48.0417 3020 rdyboost - ok
04:55:48.0464 3020 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
04:55:48.0464 3020 RemoteAccess - ok
04:55:48.0495 3020 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
04:55:48.0495 3020 RemoteRegistry - ok
04:55:48.0495 3020 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
04:55:48.0511 3020 RpcEptMapper - ok
04:55:48.0542 3020 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
04:55:48.0542 3020 RpcLocator - ok
04:55:48.0573 3020 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
04:55:48.0573 3020 RpcSs - ok
04:55:48.0605 3020 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
04:55:48.0605 3020 rspndr - ok
04:55:48.0636 3020 RSUSBSTOR - ok
04:55:48.0714 3020 [ F70A9384917659A4C5EF30F0F4EC484D ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
04:55:48.0729 3020 RTL8187B - ok
04:55:48.0729 3020 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
04:55:48.0729 3020 SamSs - ok
04:55:48.0761 3020 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
04:55:48.0761 3020 sbp2port - ok
04:55:48.0792 3020 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
04:55:48.0792 3020 SCardSvr - ok
04:55:48.0807 3020 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
04:55:48.0807 3020 scfilter - ok
04:55:48.0901 3020 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
04:55:48.0901 3020 Schedule - ok
04:55:48.0948 3020 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
04:55:48.0948 3020 SCPolicySvc - ok
04:55:48.0963 3020 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
04:55:48.0979 3020 SDRSVC - ok
04:55:49.0010 3020 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
04:55:49.0010 3020 secdrv - ok
04:55:49.0041 3020 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
04:55:49.0041 3020 seclogon - ok
04:55:49.0057 3020 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
04:55:49.0057 3020 SENS - ok
04:55:49.0073 3020 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
04:55:49.0088 3020 SensrSvc - ok
04:55:49.0119 3020 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
04:55:49.0119 3020 Serenum - ok
04:55:49.0135 3020 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
04:55:49.0135 3020 Serial - ok
04:55:49.0151 3020 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
04:55:49.0151 3020 sermouse - ok
04:55:49.0197 3020 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
04:55:49.0213 3020 SessionEnv - ok
04:55:49.0229 3020 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
04:55:49.0229 3020 sffdisk - ok
04:55:49.0244 3020 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
04:55:49.0244 3020 sffp_mmc - ok
04:55:49.0260 3020 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
04:55:49.0260 3020 sffp_sd - ok
04:55:49.0307 3020 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
04:55:49.0322 3020 sfloppy - ok
04:55:49.0509 3020 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
04:55:49.0525 3020 SharedAccess - ok
04:55:49.0603 3020 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:55:49.0619 3020 ShellHWDetection - ok
04:55:49.0634 3020 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:55:49.0650 3020 SiSRaid2 - ok
04:55:49.0665 3020 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
04:55:49.0665 3020 SiSRaid4 - ok
04:55:49.0697 3020 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
04:55:49.0697 3020 Smb - ok
04:55:49.0728 3020 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
04:55:49.0743 3020 SNMPTRAP - ok
04:55:49.0759 3020 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
04:55:49.0759 3020 spldr - ok
04:55:49.0837 3020 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
04:55:49.0853 3020 Spooler - ok
04:55:49.0993 3020 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
04:55:50.0087 3020 sppsvc - ok
04:55:50.0118 3020 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
04:55:50.0118 3020 sppuinotify - ok
04:55:50.0196 3020 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
04:55:50.0196 3020 srv - ok
04:55:50.0461 3020 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
04:55:50.0648 3020 srv2 - ok
04:55:50.0913 3020 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
04:55:50.0929 3020 srvnet - ok
04:55:50.0991 3020 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
04:55:50.0991 3020 SSDPSRV - ok
04:55:51.0023 3020 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
04:55:51.0038 3020 SstpSvc - ok
04:55:51.0101 3020 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
04:55:51.0101 3020 stexstor - ok
04:55:51.0163 3020 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
04:55:51.0194 3020 stisvc - ok
04:55:51.0225 3020 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
04:55:51.0225 3020 swenum - ok
04:55:51.0272 3020 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
04:55:51.0288 3020 swprv - ok
04:55:51.0381 3020 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
04:55:51.0428 3020 SysMain - ok
04:55:51.0444 3020 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:55:51.0444 3020 TabletInputService - ok
04:55:51.0491 3020 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
04:55:51.0522 3020 TapiSrv - ok
04:55:51.0537 3020 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
04:55:51.0537 3020 TBS - ok
04:55:51.0771 3020 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
04:55:51.0803 3020 Tcpip - ok
04:55:51.0881 3020 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
04:55:51.0912 3020 TCPIP6 - ok
04:55:51.0927 3020 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
04:55:51.0927 3020 tcpipreg - ok
04:55:51.0974 3020 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
04:55:51.0974 3020 TDPIPE - ok
04:55:52.0021 3020 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
04:55:52.0021 3020 TDTCP - ok
04:55:52.0083 3020 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
04:55:52.0099 3020 tdx - ok
04:55:52.0130 3020 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
04:55:52.0130 3020 TermDD - ok
04:55:52.0255 3020 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
04:55:52.0271 3020 TermService - ok
04:55:52.0286 3020 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
04:55:52.0286 3020 Themes - ok
04:55:52.0286 3020 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
04:55:52.0286 3020 THREADORDER - ok
04:55:52.0317 3020 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
04:55:52.0317 3020 TrkWks - ok
04:55:52.0411 3020 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:55:52.0411 3020 TrustedInstaller - ok
04:55:52.0442 3020 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
04:55:52.0442 3020 tssecsrv - ok
04:55:52.0473 3020 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
04:55:52.0473 3020 tunnel - ok
04:55:52.0489 3020 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
04:55:52.0505 3020 uagp35 - ok
04:55:52.0536 3020 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
04:55:52.0536 3020 UBHelper - ok
04:55:52.0567 3020 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
04:55:52.0567 3020 udfs - ok
04:55:52.0614 3020 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
04:55:52.0629 3020 UI0Detect - ok
04:55:52.0645 3020 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
04:55:52.0645 3020 uliagpkx - ok
04:55:52.0661 3020 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
04:55:52.0661 3020 umbus - ok
04:55:52.0692 3020 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
04:55:52.0692 3020 UmPass - ok
04:55:52.0988 3020 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
04:55:53.0019 3020 UNS - ok
04:55:53.0269 3020 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
04:55:53.0269 3020 Updater Service - ok
04:55:53.0300 3020 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
04:55:53.0316 3020 upnphost - ok
04:55:53.0409 3020 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
04:55:53.0425 3020 USBAAPL64 - ok
04:55:53.0472 3020 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
04:55:53.0487 3020 usbaudio - ok
04:55:53.0519 3020 usbbus - ok
04:55:53.0597 3020 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
04:55:53.0597 3020 usbccgp - ok
04:55:53.0628 3020 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
04:55:53.0628 3020 usbcir - ok
04:55:53.0675 3020 UsbDiag - ok
04:55:53.0721 3020 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
04:55:53.0721 3020 usbehci - ok
04:55:53.0768 3020 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
04:55:53.0784 3020 usbhub - ok
04:55:53.0846 3020 USBModem - ok
04:55:53.0877 3020 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
04:55:53.0893 3020 usbohci - ok
04:55:53.0909 3020 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
04:55:53.0909 3020 usbprint - ok
04:55:53.0955 3020 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:55:53.0955 3020 USBSTOR - ok
04:55:53.0971 3020 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
04:55:53.0971 3020 usbuhci - ok
04:55:54.0049 3020 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
04:55:54.0049 3020 usbvideo - ok
04:55:54.0065 3020 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
04:55:54.0065 3020 UxSms - ok
04:55:54.0080 3020 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
04:55:54.0096 3020 VaultSvc - ok
04:55:54.0096 3020 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
04:55:54.0111 3020 vdrvroot - ok
04:55:54.0143 3020 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
04:55:54.0174 3020 vds - ok
04:55:54.0189 3020 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
04:55:54.0189 3020 vga - ok
04:55:54.0221 3020 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
04:55:54.0221 3020 VgaSave - ok
04:55:54.0252 3020 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
04:55:54.0252 3020 vhdmp - ok
04:55:54.0267 3020 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
04:55:54.0267 3020 viaide - ok
04:55:54.0299 3020 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
04:55:54.0299 3020 volmgr - ok
04:55:54.0314 3020 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
04:55:54.0330 3020 volmgrx - ok
04:55:54.0392 3020 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
04:55:54.0392 3020 volsnap - ok
04:55:54.0408 3020 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
04:55:54.0408 3020 vsmraid - ok
04:55:54.0486 3020 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
04:55:54.0533 3020 VSS - ok
04:55:54.0704 3020 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
04:55:54.0720 3020 vwifibus - ok
04:55:54.0891 3020 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
04:55:54.0891 3020 vwififlt - ok
04:55:55.0001 3020 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
04:55:55.0016 3020 vwifimp - ok
04:55:55.0235 3020 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
04:55:55.0250 3020 W32Time - ok
04:55:55.0281 3020 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
04:55:55.0281 3020 WacomPen - ok
04:55:55.0297 3020 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
04:55:55.0297 3020 WANARP - ok
04:55:55.0297 3020 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
04:55:55.0297 3020 Wanarpv6 - ok
04:55:55.0609 3020 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
04:55:55.0640 3020 WatAdminSvc - ok
04:55:55.0921 3020 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
04:55:55.0937 3020 wbengine - ok
04:55:55.0968 3020 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
04:55:55.0983 3020 WbioSrvc - ok
04:55:56.0030 3020 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
04:55:56.0030 3020 wcncsvc - ok
04:55:56.0046 3020 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:55:56.0046 3020 WcsPlugInService - ok
04:55:56.0061 3020 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
04:55:56.0061 3020 Wd - ok
04:55:56.0093 3020 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
04:55:56.0093 3020 Wdf01000 - ok
04:55:56.0108 3020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
04:55:56.0108 3020 WdiServiceHost - ok
04:55:56.0124 3020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
04:55:56.0124 3020 WdiSystemHost - ok
04:55:56.0155 3020 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
04:55:56.0155 3020 WebClient - ok
04:55:56.0186 3020 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
04:55:56.0186 3020 Wecsvc - ok
04:55:56.0202 3020 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
04:55:56.0202 3020 wercplsupport - ok
04:55:56.0217 3020 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
04:55:56.0233 3020 WerSvc - ok
04:55:56.0233 3020 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
04:55:56.0233 3020 WfpLwf - ok
04:55:56.0249 3020 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
04:55:56.0264 3020 WIMMount - ok
04:55:56.0311 3020 WinDefend - ok
04:55:56.0311 3020 WinHttpAutoProxySvc - ok
04:55:56.0420 3020 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
04:55:56.0420 3020 Winmgmt - ok
04:55:56.0498 3020 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
04:55:56.0561 3020 WinRM - ok
04:55:56.0623 3020 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
04:55:56.0639 3020 WinUsb - ok
04:55:56.0685 3020 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
04:55:56.0717 3020 Wlansvc - ok
04:55:57.0013 3020 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:55:57.0029 3020 wlidsvc - ok
04:55:57.0075 3020 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
04:55:57.0075 3020 WmiAcpi - ok
04:55:57.0122 3020 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
04:55:57.0122 3020 wmiApSrv - ok
04:55:57.0169 3020 WMPNetworkSvc - ok
04:55:57.0185 3020 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
04:55:57.0185 3020 WPCSvc - ok
04:55:57.0200 3020 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
04:55:57.0216 3020 WPDBusEnum - ok
04:55:57.0231 3020 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
04:55:57.0231 3020 ws2ifsl - ok
04:55:57.0278 3020 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
04:55:57.0294 3020 wscsvc - ok
04:55:57.0294 3020 WSearch - ok
04:55:57.0512 3020 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
04:55:57.0590 3020 wuauserv - ok
04:55:57.0606 3020 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
04:55:57.0606 3020 WudfPf - ok
04:55:57.0637 3020 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
04:55:57.0637 3020 wudfsvc - ok
04:55:57.0668 3020 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
04:55:57.0684 3020 WwanSvc - ok
04:55:57.0762 3020 [ 8C6413D62C891D8DA084A31DA53A09E6 ] X5XSEx C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys
04:55:57.0762 3020 X5XSEx - ok
04:55:57.0855 3020 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
04:55:57.0871 3020 xnacc - ok
04:55:57.0965 3020 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
04:55:57.0980 3020 YahooAUService - ok
04:55:57.0996 3020 ================ Scan global ===============================
04:55:58.0027 3020 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
04:55:58.0074 3020 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
04:55:58.0089 3020 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
04:55:58.0105 3020 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
04:55:58.0167 3020 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
04:55:58.0167 3020 [Global] - ok
04:55:58.0167 3020 ================ Scan MBR ==================================
04:55:58.0199 3020 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
04:55:58.0511 3020 \Device\Harddisk0\DR0 - ok
04:55:58.0511 3020 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
04:55:58.0526 3020 \Device\Harddisk1\DR1 - ok
04:55:58.0526 3020 ================ Scan VBR ==================================
04:55:58.0526 3020 [ AD8532CDDF9815EF5A252D54DD5307DC ] \Device\Harddisk0\DR0\Partition1
04:55:58.0526 3020 \Device\Harddisk0\DR0\Partition1 - ok
04:55:58.0557 3020 [ AA661E420B87F76290D677B074FBB168 ] \Device\Harddisk0\DR0\Partition2
04:55:58.0557 3020 \Device\Harddisk0\DR0\Partition2 - ok
04:55:58.0557 3020 [ 3644551B4386DF2D8DF3D53253BB8A59 ] \Device\Harddisk1\DR1\Partition1
04:55:58.0557 3020 \Device\Harddisk1\DR1\Partition1 - ok
04:55:58.0557 3020 ============================================================
04:55:58.0557 3020 Scan finished
04:55:58.0557 3020 ============================================================
04:55:58.0573 3772 Detected object count: 0
04:55:58.0573 3772 Actual detected object count: 0



aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-02 04:58:20
-----------------------------
04:58:20.187 OS Version: Windows x64 6.1.7600
04:58:20.187 Number of processors: 2 586 0x2505
04:58:20.187 ComputerName: THEMACHINE-PC UserName: The Machine
04:58:20.952 Initialize success
04:59:58.105 AVAST engine defs: 12090101
05:00:03.658 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
05:00:03.658 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
05:00:03.705 Disk 0 MBR read successfully
05:00:03.705 Disk 0 MBR scan
05:00:03.721 Disk 0 Windows 7 default MBR code
05:00:03.767 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
05:00:03.783 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
05:00:03.799 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 291831 MB offset 27469824
05:00:03.845 Disk 0 scanning C:\Windows\system32\drivers
05:00:34.547 Service scanning
05:00:59.570 Modules scanning
05:00:59.585 Disk 0 trace - called modules:
05:00:59.632 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
05:00:59.632 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046c2060]
05:00:59.648 3 CLASSPNP.SYS[fffff88001b3c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004595050]
05:01:01.286 AVAST engine scan C:\Windows
05:01:05.217 AVAST engine scan C:\Windows\system32
05:03:50.065 AVAST engine scan C:\Windows\system32\drivers
05:04:03.185 AVAST engine scan C:\Users\The Machine
05:15:08.699 AVAST engine scan C:\ProgramData
05:19:18.644 Scan finished successfully
05:19:31.639 Disk 0 MBR has been saved successfully to "C:\Users\The Machine\Desktop\MBR.dat"
05:19:31.655 The log file has been saved successfully to "C:\Users\The Machine\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 02 September 2012 - 04:27 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

DDS::
mStart Page = hxxp://start.funmoods.com/?f=1&a=fmtoby&chnl=fmtoby&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DzztDyC0CyCyDtCtAyDyCtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=918113571

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 hpigeon

hpigeon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 02 September 2012 - 05:05 AM

Hi Gringo,

The computer seemed to be running fine prior to the script, and still seems to not be having any problems. After we finish any additional necessary scans I know I will need to install Windows Updates and Microsoft Security Essentials, as well as activate the Windows Firewall. The latest Combofix log is below:

ComboFix 12-08-31.08 - The Machine 09/02/2012 5:32.4.2 - x64
Running from: c:\users\The Machine\Desktop\ComboFix.exe
Command switches used :: c:\users\The Machine\Desktop\cfscript.txt
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\jestertb.dll
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 09:45 . 2012-09-02 09:45 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-09-02 09:45 . 2012-09-02 09:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-02 09:45 . 2012-09-02 09:45 -------- d-----w- c:\users\momma\AppData\Local\temp
2012-09-02 09:45 . 2012-09-02 09:45 -------- d-----w- c:\users\kids\AppData\Local\temp
2012-09-02 09:45 . 2012-09-02 09:45 -------- d-----w- c:\users\Kayla Ann\AppData\Local\temp
2012-09-02 09:45 . 2012-09-02 09:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-02 09:45 . 2012-09-02 09:45 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-09-02 08:48 . 2012-09-02 08:48 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-09-02 08:46 . 2012-09-02 08:44 381816 ----a-w- c:\windows\system32\PsExec.exe
2012-09-02 08:43 . 2012-09-02 08:46 -------- d-----w- c:\windows\system32\catroot2
2012-09-01 18:27 . 2012-09-02 07:32 -------- d-----w- c:\users\momma\AppData\Local\Apple Computer
2012-09-01 13:10 . 2009-07-14 01:39 328704 ----a-w- c:\windows\system32\services.exe
2012-08-31 23:52 . 2012-09-01 09:27 -------- d-----w- c:\programdata\PLAV
2012-08-31 23:52 . 2012-08-31 23:52 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2012-08-07 02:44 . 2012-08-07 02:45 -------- d-----w- C:\FRST
2012-08-07 02:22 . 2012-08-07 02:22 -------- d-----w- c:\program files (x86)\ESET
2012-08-07 02:05 . 2012-08-07 02:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-07 01:31 . 2012-08-07 01:31 116016 ----a-w- c:\windows\system32\drivers\91949609.sys
2012-08-04 13:22 . 2012-09-02 08:18 -------- dc----w- c:\users\The Machine\AppData\Local\MigWiz
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 09:47 . 2012-09-02 08:52 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5BC2831-665B-439D-A21D-E00F9E072F7D}\offreg.dll
2012-08-28 05:49 . 2012-09-02 09:27 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCF78A1D-1FCB-4D69-8838-D0AA1C644D6A}\mpengine.dll
2012-08-28 05:49 . 2012-09-02 06:19 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5BC2831-665B-439D-A21D-E00F9E072F7D}\mpengine.dll
2012-07-11 16:25 . 2010-11-29 19:53 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2012-07-16 21:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 04:46 . 2012-04-12 03:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-17 04:46 . 2011-07-15 23:27 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-12 03:02 . 2012-07-11 16:29 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:30 . 2012-07-11 07:19 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 15:18 . 2010-11-07 16:26 3766 --sha-w- c:\programdata\KGyGaAvL.sys
2012-06-06 05:50 . 2012-07-11 07:19 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 07:19 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 07:19 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 07:19 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-04-20 04:57 . 2012-04-20 04:57 3993600 ----a-w- c:\program files (x86)\GUTDFAE.tmp
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-02_07.09.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-09-02 09:49 31164 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-16 21:42 . 2012-09-02 09:49 37154 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3326882370-3369383339-445709182-1000_UserData.bin
+ 2010-11-04 22:55 . 2012-09-02 08:00 5724 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-11-04 22:55 . 2012-09-02 00:19 5724 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-09-02 09:47 . 2012-09-02 09:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-02 07:08 . 2012-09-02 07:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-02 07:08 . 2012-09-02 07:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-02 09:47 . 2012-09-02 09:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-23 06:41 . 2012-09-02 09:49 101238 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:01 . 2012-09-02 09:46 257952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-02 07:07 257952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-23 16:26 . 2012-09-02 07:33 380928 c:\windows\Installer\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}\iTunesIco.exe
- 2012-06-23 16:26 . 2012-06-23 16:26 380928 c:\windows\Installer\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}\iTunesIco.exe
+ 2009-07-14 02:34 . 2012-09-02 09:37 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-09-02 06:27 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-12-28 03:31 . 2012-09-02 09:46 36236140 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3326882370-3369383339-445709182-1000-8192.dat
+ 2011-07-15 22:20 . 2012-09-02 09:46 25131538 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3326882370-3369383339-445709182-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3d206148-6081-42e4-be5f-614ff2c73ce0}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Jenya_Games\prxtbJen0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}]
2012-04-18 20:57 136192 ----a-w- c:\program files (x86)\HTTO Group, Ltd\FBDownloader IE Add-on\FBDownloader.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3d206148-6081-42e4-be5f-614ff2c73ce0}"= "c:\program files (x86)\Jenya_Games\prxtbJen0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3d206148-6081-42e4-be5f-614ff2c73ce0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2011-06-22 4837808]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 135664]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 416768]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-04 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 24x7HelpSvc;24x7HelpService;c:\program files (x86)\24x7Help\App24x7Svc.exe [2012-02-29 394352]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GamingWonderlandService;GamingWonderlandService;c:\progra~2\GAMING~2\bar\1.bin\gtbarsvc.exe [2012-01-20 42504]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2011-04-08 176848]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-05-25 255744]
S2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe [2012-01-04 519888]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [2010-11-22 55400]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 17:20]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 17:20]
.
2012-07-17 c:\windows\Tasks\Norton Security Scan for momma.job
- c:\progra~2\NORTON~2\Engine\371~1.4\Nss.exe [2012-04-09 06:45]
.
2012-07-08 c:\windows\Tasks\Norton Security Scan for The Machine.job
- c:\progra~2\NORTON~2\Engine\371~1.4\Nss.exe [2012-04-09 06:45]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
WebBrowser-{3D206148-6081-42E4-BE5F-614FF2C73CE0} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,61,13,
cf,7b,4e,01,0f,be,a1,00,03,db,52,37,55
"{D7E97865-918F-41E4-9CD0-25AB1C574CE8}"=hex:51,66,7a,6c,4c,1d,3b,1b,75,65,f8,
cc,be,ca,83,0e,83,dc,67,eb,1f,17,0f,fd
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,df,09,
38,54,12,b3,5e,84,14,42,d0,24,e5,8e,5a
"{A531D99C-5A22-449B-83DA-872725C6D0ED}"=hex:51,66,7a,6c,4c,1d,3b,1b,8c,c4,20,
be,13,01,fc,0b,9c,d6,c5,67,26,86,93,f8
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,3b,1b,22,a0,88,
f4,ca,9a,b5,5e,96,23,42,d0,24,5d,0c,9d
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,90,56,
19,c8,98,9c,01,84,5d,34,d5,ef,e0,15,65
"{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0c,00,
0a,20,4a,76,5e,0e,1d,53,40,12,62,52,4d
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,ce,
03,9c,b3,e4,0d,ba,9a,b8,17,8f,6e,fe,d6
"{26D675AC-D925-4BBF-A720-62C2AA4A81EB}"=hex:51,66,7a,6c,4c,1d,3b,1b,bc,68,c7,
3d,14,82,d8,04,b8,2c,20,82,a9,0a,c2,fe
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}"=hex:51,66,7a,6c,4c,1d,3b,1b,24,4e,7b,
74,d8,23,fc,02,9e,8e,c9,01,e9,cc,7a,fa
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,05,
6d,c1,8d,4b,09,a9,e7,96,9a,f2,99,6e,56
"{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}"=hex:51,66,7a,6c,4c,1d,3b,1b,85,d2,e4,
9e,be,b7,9b,06,a4,33,7a,87,97,15,88,b7
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,3b,1b,40,ce,97,
91,9a,6c,6d,0e,9a,3d,3f,53,60,b3,54,a6
"{8CA5ED52-F3FB-4414-A105-2E3491156990}"=hex:51,66,7a,6c,4c,1d,3b,1b,42,f0,b4,
97,ca,a8,73,0b,be,09,6c,74,92,55,2a,85
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,21,
8b,33,17,d8,05,91,c0,13,24,75,48,20,d3
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f0,49,
b1,ec,5a,f6,02,9c,3f,8d,50,54,34,30,e2
"{C585D593-E7F3-4852-A200-561686EE02E4}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,c8,94,
de,c2,bc,35,07,bd,0c,14,56,85,ae,41,f1
"{CCB69577-088B-4004-9ED8-FF5BCC83A039}"=hex:51,66,7a,6c,4c,1d,3b,1b,67,88,a7,
d7,ba,53,63,0f,81,d4,bd,1b,cf,c3,e3,2c
"{D3D233D5-9F6D-436C-B6C7-E63F77503B30}"=hex:51,66,7a,6c,4c,1d,3b,1b,c5,2e,c3,
c8,5c,c4,0b,0c,a9,cb,a4,7f,74,10,78,25
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,d9,
c0,74,ff,3c,0c,a3,78,de,65,c2,85,cb,bc
"{C585D593-E7F4-4852-A200-561686EE02E4}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,c8,94,
de,c5,bc,35,07,bd,0c,14,56,85,ae,41,f1
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,38,12,61,38,3e,
49,8c,27,14,02,ef,e3,be,9b,00,6b,3d,61
.
[HKEY_USERS\S-1-5-21-3326882370-3369383339-445709182-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3326882370-3369383339-445709182-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3326882370-3369383339-445709182-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c4,9d,b3,22,0c,10,b0,24,3e,a3,f3,09,21,9c,78,ad,f2,87,a2,95,7b,74,e3,
ad,7d,ab,c5,b4,c6,18,d9,3e,5e,2d,c9,94,19,e6,8e,26,c7,d7,e1,ce,4b,23,c4,1f,\
"??"=hex:d9,76,0f,67,a7,f8,02,62,7e,61,3e,8a,b2,05,d6,77
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-09-02 05:54:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-02 09:54
ComboFix2.txt 2012-01-10 17:38
.
Pre-Run: 215,400,828,928 bytes free
Post-Run: 215,499,182,080 bytes free
.
- - End Of File - - 62E2C1F8A0C315691BB342EEB0B68D4F

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 02 September 2012 - 10:15 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 hpigeon

hpigeon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 02 September 2012 - 04:33 PM

24x7 Help
99 Slot Machine
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1 MUI
Adobe Shockwave Player 11.6
AppGraffiti
Apple Application Support
Apple Software Update
ArcadeCandy
Auslogics Registry Cleaner
Auslogics Registry Defrag
Babylon toolbar on IE
Backup Manager Basic
Bejeweled 3
Belarc Advisor 8.2
Belkin Setup and Router Monitor
BlitzIn 2.8
BlitzIn 3.0
CaptainJack Casino
Casino Titan
CatsEye Casino
Chessmaster Challenge (remove only)
Cirrus Casino
Club Player Casino
Cool Cat Casino
Corel PaintShop Photo Pro X3
Corel PaintShop Pro X4
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
CyberLink PowerDVD 9
D3DX10
Dasher
Desert Nights Casino
ESET Online Scanner v3
Fantapper Player
fbDownloader 1.0.2
FBDownloader IE Add-on
Fliptoast
Free Ride Games Player
GamingWonderland
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 3.05
Grand Parker Casino
Hoyle Blackjack 2005
Hoyle Board Games Demo
Hoyle Card Games Demo
Hoyle Puzzle and Board Games 2011 (remove only)
ICA
Identity Card
iLivid
ImagXpress
iNetBet Casino
InstallIQ Updater
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
IPM_PSP_CL
IPM_PSP_COM
iWin Games (remove only)
Java Auto Updater
Java™ 6 Update 31
Jenya Games Toolbar
Jewel Quest (remove only)
Jewel Quest II (remove only)
Jewel Quest III (remove only)
Junk Mail filter update
Loco Panda Casino
Lucky18 Casino
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Norton Security Scan
Onbling Casino
Palace of Chance
Party City Casino
Playalot Games
PlayChess
Plenty Jackpot
Pogo Games (remove only)
Prism Casino
PSPPContent
PSPPHelp
PSPPRO_DCRAW
Pure Vegas Casino
QuickTime
Real Vegas Online
Realtek High Definition Audio Driver
Ringmaster Casino
RoyalAceCasino.com
SCRABBLE
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Setup
Sierra Utilities
Silver Oak Casino
Slot Madness
Slot Madness Casino
Slot Nuts
Slotastic
SlotLuv
Slotocash Casino
Slots Inferno
Slots Jungle Casino
Slots of Vegas
Soft32 Updater
swMSM
The Weather Channel Desktop 6
Uniblue DriverScanner
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Vegas Strip
Video Web Camera
VIP Lounge
Virtual Casino
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
VLC media player 1.0.1
Wajam
Welcome Center
Wild Vegas
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPalace
Yahoo! Software Update
Yahoo! Toolbar

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 02 September 2012 - 05:53 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1 MUI
Babylon toolbar on IE
iLivid
iWin Games (remove only)
Java™ 6 Update 31
Uniblue DriverScanner
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 04 September 2012 - 11:14 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 08 September 2012 - 12:48 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 10 September 2012 - 11:45 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users