Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Services.exe Infected with Zero Access


  • This topic is locked This topic is locked
37 replies to this topic

#1 Miss__Brittany

Miss__Brittany

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:27 PM

Posted 22 September 2012 - 01:07 PM

Hey there,

I'm very sorry to bother you all, but I've tried everything now and am unable to get rid of the infection. I've used multiple tools, read numerous threads, and nothing has worked!! So here I am :)


I'll post all the logs that I've created over the past few days.

BC AdBot (Login to Remove)

 


#2 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:27 PM

Posted 22 September 2012 - 01:20 PM

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19328 BrowserJavaVersion: 1.6.0_30
Run by Admin at 14:05:03 on 2012-09-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.4094.2377 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\psia.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Save video on Savevid.com - C:\Program Files (x86)\SavevidPlug-in\redirect.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4010B40D-4D48-48B7-995C-A4A386AF1D0D} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {00000000-0000-0000-0000-000000000000} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-8-4 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-8-4 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-1 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-22 250288]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-1 136176]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-20 89920]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-09-22 08:56:53 -------- d-----w- C:\Users\Admin\AppData\Local\temp
2012-09-22 08:51:36 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-22 04:58:09 -------- d-----w- C:\Program Files\Windows Journal
2012-09-22 04:16:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-22 02:40:54 -------- d-----w- C:\FRST
2012-09-22 02:22:27 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-09-22 02:22:02 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-09-22 02:19:29 -------- d-----w- C:\Program Files\Realtek
2012-09-22 00:24:36 -------- d-----w- C:\_OTL
2012-09-19 07:06:06 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-09-18 13:17:13 610816 ----a-w- C:\Windows\System32\vbscript.dll
2012-09-18 13:17:13 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-09-18 13:17:01 788480 ----a-w- C:\Windows\System32\localspl.dll
2012-09-18 13:17:01 623616 ----a-w- C:\Windows\SysWow64\localspl.dll
2012-09-17 16:22:56 -------- d-----w- C:\Users\Admin\AppData\Local\Macromedia
2012-09-17 16:22:18 -------- d-----w- C:\Users\Admin\AppData\Local\Wajam
2012-09-17 16:22:16 137000 ----a-w- C:\Windows\SysWow64\msmapi32.ocx
2012-09-17 16:22:16 -------- d-----w- C:\Users\Admin\AppData\Roaming\Bidgood Svcs
2012-09-17 16:22:16 -------- d-----w- C:\Program Files\Picture Resize
2012-09-04 00:30:14 -------- d-----w- C:\Program Files (x86)\DriverTuner
2012-08-25 02:34:40 -------- d-----w- C:\Program Files (x86)\Angry Birds
.
==================== Find3M ====================
.
2012-09-21 15:59:21 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 15:59:21 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-30 21:28:28 384512 ----a-w- C:\Windows\System32\services.exe
2012-08-25 11:50:39 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-25 11:44:53 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-08-25 11:44:29 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-25 11:44:13 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-08-25 11:44:13 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-08-25 10:11:12 385024 ----a-w- C:\Windows\SysWow64\html.iec
2012-08-25 08:31:40 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-25 08:29:22 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-25 06:50:35 1147392 ----a-w- C:\Windows\System32\wininet.dll
2012-08-25 06:45:40 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2012-08-25 06:45:22 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-25 06:45:06 77312 ----a-w- C:\Windows\System32\iesetup.dll
2012-08-25 06:45:06 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2012-08-25 05:51:10 479232 ----a-w- C:\Windows\System32\html.iec
2012-08-25 05:08:12 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-25 05:07:00 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-06 01:48:36 319488 ----a-w- C:\Windows\HideWin.exe
2012-07-24 16:41:16 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-18 22:05:10 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-07-18 22:05:10 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
.
============= FINISH: 14:05:20.25 ===============

#3 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:27 PM

Posted 22 September 2012 - 01:26 PM

I haven't added the attach file, because it is too large.

Edited by Miss__Brittany, 22 September 2012 - 01:27 PM.


#4 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:27 PM

Posted 22 September 2012 - 01:38 PM

The gmer log was completely blank?
It finished the scan and said nothing was modified. When I saved it, the file was blank.

Now here are the scans that I've done on my own.... (I know, I'm not supposed to)

OTL:

OTL logfile created on: 22/09/2012 12:20:09 AM - Run 2
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Admin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 70.07% Memory free
8.17 Gb Paging File | 6.95 Gb Available in Paging File | 85.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.89 Gb Total Space | 349.38 Gb Free Space | 59.73% Space Free | Partition Type: NTFS
Drive D: | 11.28 Gb Total Space | 1.51 Gb Free Space | 13.41% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\WINDOWS\SysWOW64\PnkBstrA.exe ()
PRC - C:\WINDOWS\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (PnkBstrA) -- C:\WINDOWS\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NBVol) -- C:\Windows\SysNative\DRIVERS\NBVol.sys (Nero AG)
DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\DRIVERS\NBVolUp.sys (Nero AG)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\DRIVERS\psi_mf.sys (Secunia)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (CAXHWBS2) -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation)
DRV:64bit: - (VST64_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (VST64HWBS2) -- C:\Windows\SysNative\DRIVERS\VSTBS26.SYS (Conexant Systems, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mcdbus) -- C:\WINDOWS\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C6CB6EAB-67ED-4BF8-94F2-154AF92B4213}
IE:64bit: - HKLM\..\SearchScopes\{BED87460-7E8D-44CA-B3EC-54E4CCFC9FD6}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{C6CB6EAB-67ED-4BF8-94F2-154AF92B4213}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {C6CB6EAB-67ED-4BF8-94F2-154AF92B4213}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{BED87460-7E8D-44CA-B3EC-54E4CCFC9FD6}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{C6CB6EAB-67ED-4BF8-94F2-154AF92B4213}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C6CB6EAB-67ED-4BF8-94F2-154AF92B4213}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{BED87460-7E8D-44CA-B3EC-54E4CCFC9FD6}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
IE - HKCU\..\SearchScopes\{C6CB6EAB-67ED-4BF8-94F2-154AF92B4213}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: File not found

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C97D1564-D438-11E1-8270-B8AC6F996F26}: C:\Users\Admin\AppData\Local\{C97D1564-D438-11E1-8270-B8AC6F996F26}\ [2012/07/22 16:07:00 | 000,000,000 | ---D | M]

[2012/09/17 14:06:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/13 14:53:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2012/01/13 14:53:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2012/07/22 15:57:31 | 000,001,908 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.nero.com
O1 - Hosts: 127.0.0.1 www.nero.com/rus/index.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/support.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/support-customer-service-product-registration.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/store-upgrade-center.html
O1 - Hosts: 127.0.0.1 www.nero.com/rus/store-volume-licensing.html
O1 - Hosts: 127.0.0.1 www.nero.com/eng/support.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
O1 - Hosts: 127.0.0.1 www.nero.com/eng/store-upgrade-center.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
O1 - Hosts: 127.0.0.1 www.nero.com/eng/support-customer-service-product-registration.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
O1 - Hosts: 127.0.0.1 www.nero.com/eng/index.html
O1 - Hosts: 127.0.0.1 www.nero.com/eng/store-upgrade-center.html&sa=X&oi=smap&resnum=1&ct=result&cd=6&usg=AFQjCNFRzc_q0umeKlIj7pPYNNBYCFbXkg
O1 - Hosts: 127.0.0.1 www.nero.com/enu/support-nero8.html
O1 - Hosts: 127.0.0.1 my.nero.com
O1 - Hosts: 127.0.0.1 secure.nero.com/us/secure.asp
O1 - Hosts: 127.0.0.1 activation@nero.com
O1 - Hosts: 127.0.0.1 registernero.com
O1 - Hosts: 127.0.0.1 www.registernero.com
O1 - Hosts: 127.0.0.1 nero.com
O1 - Hosts: 127.0.0.1 www.nero.com/eng/privacy.html
O1 - Hosts: 127.0.0.1 legal@nero.com
O1 - Hosts: 127.0.0.1 support.nero.com
O1 - Hosts: 127.0.0.1 register.nero.com
O1 - Hosts: 127.0.0.1 activation.nero.com
O1 - Hosts: 1 more lines...
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\SavevidPlug-in\redirect.htm ()
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\SavevidPlug-in\redirect.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-ca.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4010B40D-4D48-48B7-995C-A4A386AF1D0D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\Desktop\Pictures\Giorgos' Baptism\New Folder (2)\IMG_4261.JPG
O24 - Desktop BackupWallPaper: C:\Users\Admin\Desktop\Pictures\Giorgos' Baptism\New Folder (2)\IMG_4261.JPG
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/22 00:16:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/21 23:11:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\RK_Quarantine
[2012/09/21 22:40:54 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/21 22:40:38 | 001,454,509 | ---- | C] (Farbar) -- C:\Users\Admin\Desktop\FRST64.exe
[2012/09/21 22:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/09/21 22:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/09/21 22:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/09/21 22:18:04 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Admin\Desktop\rkill.exe
[2012/09/21 22:11:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/21 20:40:01 | 000,000,000 | --SD | C] -- C:\prp
[2012/09/21 20:24:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/21 20:14:08 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/09/21 16:11:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/09/21 15:20:02 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/21 15:20:02 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/21 15:20:01 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/21 15:20:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/21 15:20:01 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/09/21 15:20:01 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/09/21 15:20:01 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/09/21 15:20:01 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/09/21 15:20:01 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/21 15:20:01 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/09/21 15:20:01 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/21 15:20:01 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/21 15:20:01 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/09/21 15:20:01 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/21 15:20:01 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/21 15:20:01 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/09/21 15:20:01 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/09/21 15:20:01 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/09/21 15:20:00 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/09/21 15:20:00 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/09/21 15:20:00 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/21 15:20:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/09/21 15:20:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/09/21 15:20:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/09/21 15:20:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/21 15:20:00 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/09/21 15:20:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/09/21 15:20:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/09/21 15:20:00 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/09/18 09:17:13 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/18 09:17:13 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/18 09:17:13 | 000,610,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/18 09:17:01 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/09/18 09:17:01 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012/09/18 09:16:59 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/09/17 14:12:22 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/09/17 14:12:12 | 004,754,243 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\prp.exe
[2012/09/17 14:10:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\tdsskiller
[2012/09/17 12:22:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Macromedia
[2012/09/17 12:22:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Wajam
[2012/09/17 12:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picture Resize
[2012/09/17 12:22:16 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmapi32.ocx
[2012/09/17 12:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PricePeep
[2012/09/17 12:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Picture Resize
[2012/09/17 12:22:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Bidgood Svcs
[2012/09/03 20:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[2012/09/03 20:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner
[2012/08/24 22:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Angry Birds

========== Files - Modified Within 30 Days ==========

[2012/09/22 00:14:03 | 000,145,669 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/09/22 00:14:01 | 000,145,669 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/09/22 00:12:08 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/22 00:12:03 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 00:12:03 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 00:11:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/22 00:10:01 | 002,193,278 | ---- | M] () -- C:\Users\Admin\Desktop\tdsskiller.zip
[2012/09/21 23:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/21 23:31:17 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/21 23:11:35 | 001,388,032 | ---- | M] () -- C:\Users\Admin\Desktop\RogueKiller.exe
[2012/09/21 22:40:40 | 001,454,509 | ---- | M] (Farbar) -- C:\Users\Admin\Desktop\FRST64.exe
[2012/09/21 22:35:52 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Admin\Desktop\rkill.exe
[2012/09/21 22:30:32 | 000,000,194 | ---- | M] () -- C:\Users\Admin\Desktop\hosts-perm.bat
[2012/09/21 20:39:29 | 004,754,243 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\prp.exe
[2012/09/21 20:14:09 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/09/21 16:17:52 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
[2012/09/21 16:11:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/09/21 11:59:21 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/21 11:59:21 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/19 03:36:45 | 004,962,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/19 03:16:16 | 000,713,408 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/19 03:16:16 | 000,598,702 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/19 03:16:16 | 000,104,716 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/17 13:36:27 | 000,000,685 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/09/11 16:38:48 | 000,235,008 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/30 17:28:28 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2012/08/25 07:50:20 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/25 07:48:12 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/08/25 07:45:36 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/25 07:44:53 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/08/25 07:44:29 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/25 07:44:13 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/25 07:44:13 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/08/25 07:44:13 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/08/25 07:44:11 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/08/25 07:44:11 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/08/25 06:11:12 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/08/25 04:31:40 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/25 04:31:30 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/08/25 04:30:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/08/25 02:50:21 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/25 02:48:50 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/08/25 02:46:13 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/25 02:46:08 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/25 02:45:40 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/08/25 02:45:22 | 001,538,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/25 02:45:06 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/25 02:45:06 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/08/25 02:45:06 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/08/25 02:45:05 | 000,252,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/08/25 02:45:05 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/08/25 01:51:10 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/08/25 01:08:12 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/25 01:07:50 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/08/25 01:07:22 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/08/24 22:37:48 | 000,000,761 | ---- | M] () -- C:\Users\Admin\Desktop\Angry Birds.lnk

========== Files Created - No Company Name ==========

[2012/09/21 23:11:33 | 001,388,032 | ---- | C] () -- C:\Users\Admin\Desktop\RogueKiller.exe
[2012/09/21 22:30:36 | 000,000,194 | ---- | C] () -- C:\Users\Admin\Desktop\hosts-perm.bat
[2012/09/21 16:17:52 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2012/09/17 14:09:34 | 002,193,278 | ---- | C] () -- C:\Users\Admin\Desktop\tdsskiller.zip
[2012/09/17 13:36:27 | 000,000,685 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/09/06 18:04:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/24 22:37:48 | 000,000,761 | ---- | C] () -- C:\Users\Admin\Desktop\Angry Birds.lnk
[2012/08/05 17:38:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/05 17:38:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/05 17:38:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/05 17:38:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/05 17:38:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/02 09:33:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\xpsacdma01.dll
[2012/07/17 23:49:52 | 000,000,632 | RHS- | C] () -- C:\Users\Admin\ntuser.pol
[2012/07/17 23:48:54 | 000,000,104 | ---- | C] () -- C:\Users\Admin\all the games - Shortcut (2).lnk
[2012/07/17 23:48:53 | 000,000,104 | ---- | C] () -- C:\Users\Admin\all the games - Shortcut.lnk
[2012/06/11 21:22:59 | 000,155,154 | ---- | C] () -- C:\Windows\hpoins16.dat
[2012/06/11 21:22:59 | 000,004,602 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2012/05/01 15:24:41 | 000,155,132 | ---- | C] () -- C:\Windows\hpoins16.dat.temp
[2012/05/01 15:24:41 | 000,004,602 | ---- | C] () -- C:\Windows\hpomdl16.dat.temp
[2012/04/19 19:07:43 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2012/01/13 14:29:49 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2012/01/13 10:57:09 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/01/11 02:00:38 | 000,010,244 | -HS- | C] () -- C:\Users\Admin\AppData\Local\npu3ju2caavny60c78xwc13
[2012/01/11 02:00:38 | 000,010,244 | -HS- | C] () -- C:\ProgramData\npu3ju2caavny60c78xwc13
[2011/11/24 10:04:50 | 000,000,448 | ---- | C] () -- C:\ProgramData\CcbHhq9xMZNNvu
[2011/06/12 12:11:11 | 000,002,798 | -HS- | C] () -- C:\Users\Admin\AppData\Local\4m666nv5n7w0f40616u43h672hx0k7i42f8y7k040632
[2011/06/12 12:11:11 | 000,002,798 | -HS- | C] () -- C:\ProgramData\4m666nv5n7w0f40616u43h672hx0k7i42f8y7k040632
[2011/06/10 21:02:03 | 000,009,612 | -HS- | C] () -- C:\Users\Admin\AppData\Local\g5ofu55gh14c3mt5c
[2011/06/10 21:02:03 | 000,009,612 | -HS- | C] () -- C:\ProgramData\g5ofu55gh14c3mt5c
[2011/01/07 13:42:42 | 000,000,190 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\default.rss
[2010/12/10 23:18:27 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/10 23:18:21 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/10/15 15:04:43 | 000,700,310 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/12 00:47:49 | 000,145,669 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/08/12 00:47:49 | 000,145,669 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/11 16:35:32 | 000,000,732 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps64.dat
[2009/08/09 16:42:53 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2008/12/20 19:02:12 | 000,235,008 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/07/22 18:06:41 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HU6CHB5E\t.cxt.ms\lso.swf\u.sol
[2012/07/24 17:28:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HU6CHB5E\www8.agame.com\mirror\flash\n
[2010/11/01 07:32:42 | 000,065,760 | ---- | M] () -- C:\Users\Admin\AppData\LocalLow\PriceGong\Data\l.xml
[2010/11/01 07:32:42 | 000,027,608 | ---- | M] () -- C:\Users\Admin\AppData\LocalLow\PriceGong\Data\n.xml
[2010/11/01 07:32:42 | 000,014,432 | ---- | M] () -- C:\Users\Admin\AppData\LocalLow\PriceGong\Data\u.xml
[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 328 bytes -> C:\ProgramData\TEMP:23ABA437
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:1B262C29
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F35F4269
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:48866078
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:47C57855
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:26A148EB
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:751D6870
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

RKILL:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/22/2012 01:33:26 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Possibly Patched Files.

* C:\Windows\system32\services.exe

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* iphlpsvc [Missing Service]
* WMPNetworkSvc [Missing Service]
* WSearch [Missing Service]

* msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* C:\Windows\System32\services.exe [NoSig]
+-> C:\Windows\SysWOW64\services.exe : 279,552 : 04/11/2009 00:27 AM : d4e6d91c1349b7bfb3599a6ada56851b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe : 384,512 : 01/20/2008 09:49 PM : dfac660f0f139276cc9299812de42719 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe : 384,512 : 04/11/2009 09:10 AM : 934e0b7d77ff78c18d9f8891221b6de3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe : 279,040 : 01/20/2008 09:50 PM : 2b336ab6286d6c81fa02cbab914e3c6c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe : 279,552 : 04/11/2009 09:27 AM : d4e6d91c1349b7bfb3599a6ada56851b [Pos Repl]

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.nero.com
127.0.0.1 www.nero.com/rus/index.html
127.0.0.1 www.nero.com/rus/support.html
127.0.0.1 www.nero.com/rus/support-customer-service-product-registration.html
127.0.0.1 www.nero.com/rus/store-upgrade-center.html
127.0.0.1 www.nero.com/rus/store-volume-licensing.html
127.0.0.1 www.nero.com/eng/support.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
127.0.0.1 www.nero.com/eng/store-upgrade-center.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
127.0.0.1 www.nero.com/eng/support-customer-service-product-registration.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
127.0.0.1 www.nero.com/eng/index.html
127.0.0.1 www.nero.com/eng/store-upgrade-center.html&sa=X&oi=smap&resnum=1&ct=result&cd=6&usg=AFQjCNFRzc_q0umeKlIj7pPYNNBYCFbXkg
127.0.0.1 www.nero.com/enu/support-nero8.html
127.0.0.1 my.nero.com
127.0.0.1 secure.nero.com/us/secure.asp
127.0.0.1 activation@nero.com
127.0.0.1 registernero.com
127.0.0.1 www.registernero.com
127.0.0.1 nero.com

20 out of 25 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 09/22/2012 01:33:36 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

ASWMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-21 16:11:34
-----------------------------
16:11:34.807 OS Version: Windows x64 6.0.6002 Service Pack 2
16:11:34.807 Number of processors: 4 586 0xF0B
16:11:34.807 ComputerName: ADMIN-PC UserName: Admin
16:11:37.365 Initialize success
16:12:03.222 AVAST engine defs: 12092100
16:12:24.001 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:12:24.001 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
16:12:24.017 Disk 0 MBR read successfully
16:12:24.017 Disk 0 MBR scan
16:12:24.048 Disk 0 unknown MBR code
16:12:24.048 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 598923 MB offset 63
16:12:24.079 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11554 MB offset 1226594880
16:12:24.142 Disk 0 scanning C:\Windows\system32\drivers
16:12:35.094 Service scanning
16:12:52.847 Modules scanning
16:12:52.847 Disk 0 trace - called modules:
16:12:52.862 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
16:12:52.862 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f12460]
16:12:53.377 3 CLASSPNP.SYS[fffffa6001202c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c22050]
16:12:56.684 AVAST engine scan C:\Windows
16:13:01.333 AVAST engine scan C:\Windows\system32
16:17:01.812 AVAST engine scan C:\Windows\system32\drivers
16:17:14.729 AVAST engine scan C:\Users\Admin
16:17:52.777 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
16:17:52.777 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

#5 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:27 PM

Posted 22 September 2012 - 01:59 PM

THIS IS MY FIRST ROGUE KILLER REPORT:

RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Admin [Admin rights]
Mode : Scan -- Date : 09/21/2012 23:11:53

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{7d5b4525-86d5-8746-11eb-c4e1015c591a}\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{7d5b4525-86d5-8746-11eb-c4e1015c591a}\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.nero.com
127.0.0.1 www.nero.com/rus/index.html
127.0.0.1 www.nero.com/rus/support.html
127.0.0.1 www.nero.com/rus/support-customer-service-product-registration.html
127.0.0.1 www.nero.com/rus/store-upgrade-center.html
127.0.0.1 www.nero.com/rus/store-volume-licensing.html
127.0.0.1 www.nero.com/eng/support.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
127.0.0.1 www.nero.com/eng/store-upgrade-center.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
127.0.0.1 www.nero.com/eng/support-customer-service-product-registration.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
127.0.0.1 www.nero.com/eng/index.html
127.0.0.1 www.nero.com/eng/store-upgrade-center.html&sa=X&oi=smap&resnum=1&ct=result&cd=6&usg=AFQjCNFRzc_q0umeKlIj7pPYNNBYCFbXkg
127.0.0.1 www.nero.com/enu/support-nero8.html
127.0.0.1 my.nero.com
127.0.0.1 secure.nero.com/us/secure.asp
127.0.0.1 activation@nero.com
127.0.0.1 registernero.com
127.0.0.1 www.registernero.com
127.0.0.1 nero.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 9a641e40186dae2fa29c921a25dc290c
[BSP] 71339deca483a23fa636a5820d05946e : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 598923 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1226594880 | Size: 11554 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

AND THIS IS THE MOST RECENT:

RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Admin [Admin rights]
Mode : HOSTSFix -- Date : 09/22/2012 13:32:33

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.nero.com
127.0.0.1 www.nero.com/rus/index.html
127.0.0.1 www.nero.com/rus/support.html
127.0.0.1 www.nero.com/rus/support-customer-service-product-registration.html
127.0.0.1 www.nero.com/rus/store-upgrade-center.html
127.0.0.1 www.nero.com/rus/store-volume-licensing.html
127.0.0.1 www.nero.com/eng/support.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
127.0.0.1 www.nero.com/eng/store-upgrade-center.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
127.0.0.1 www.nero.com/eng/support-customer-service-product-registration.html?NeroSID=392cba06859c3dcd87b47525e97a3b80
127.0.0.1 www.nero.com/eng/index.html
127.0.0.1 www.nero.com/eng/store-upgrade-center.html&sa=X&oi=smap&resnum=1&ct=result&cd=6&usg=AFQjCNFRzc_q0umeKlIj7pPYNNBYCFbXkg
127.0.0.1 www.nero.com/enu/support-nero8.html
127.0.0.1 my.nero.com
127.0.0.1 secure.nero.com/us/secure.asp
127.0.0.1 activation@nero.com
127.0.0.1 registernero.com
127.0.0.1 www.registernero.com
127.0.0.1 nero.com
[...]


¤¤¤ Resetted HOSTS: ¤¤¤


Finished : << RKreport[11].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ;
RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ;
RKreport[9].txt

#6 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:27 PM

Posted 22 September 2012 - 02:35 PM

FARBAR SERVICE SCANNER:

Farbar Service Scanner Version: 19-09-2012
Ran by Admin (administrator) on 22-09-2012 at 01:35:13
Running from "C:\Users\Admin\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-10-20 23:24] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 09:47] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:56] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-15 14:15] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-10-20 23:24] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-10-20 23:24] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-10-20 23:25] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-10-20 23:23] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-10-20 23:24] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-10-20 23:25] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-10-20 23:25] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-07-11 06:25] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-10-20 23:25] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

#7 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:27 PM

Posted 22 September 2012 - 02:36 PM

ROGUE KILLER QUARANTINE REPORT:


Time : 21/09/2012 23:11:53
--------------------------
ERROR [n..vir] -> \\.\globalroot\systemroot\Installer\{7d5b4525-86d5-8746-11eb-c4e1015c591a}\n.
ERROR [n..vir] -> \\.\globalroot\systemroot\Installer\{7d5b4525-86d5-8746-11eb-c4e1015c591a}\n.


Time : 21/09/2012 23:17:01
--------------------------
ERROR [n..vir] -> \\.\globalroot\systemroot\Installer\{7d5b4525-86d5-8746-11eb-c4e1015c591a}\n.
ERROR [n..vir] -> \\.\globalroot\systemroot\Installer\{7d5b4525-86d5-8746-11eb-c4e1015c591a}\n.
ERROR [n..vir] -> \\.\globalroot\systemroot\Installer\{7d5b4525-86d5-8746-11eb-c4e1015c591a}\n.


Time : 21/09/2012 23:17:37
--------------------------
ERROR [n..vir] -> \\.\globalroot\systemroot\Installer\{7d5b4525-86d5-8746-11eb-c4e1015c591a}\n.
ERROR [n..vir] -> \\.\globalroot\systemroot\Installer\{7d5b4525-86d5-8746-11eb-c4e1015c591a}\n.
ERROR [n..vir] -> \\.\globalroot\systemroot\Installer\{7d5b4525-86d5-8746-11eb-c4e1015c591a}\n.


Time : 21/09/2012 23:18:19
--------------------------
ERROR [n..vir] -> \\.\globalroot\systemroot\Installer\{7d5b4525-86d5-8746-11eb-c4e1015c591a}\n.
ERROR [n..vir] -> \\.\globalroot\systemroot\Installer\{7d5b4525-86d5-8746-11eb-c4e1015c591a}\n.
ERROR [n..vir] -> \\.\globalroot\systemroot\Installer\{7d5b4525-86d5-8746-11eb-c4e1015c591a}\n.


Time : 21/09/2012 23:30:34
--------------------------


Time : 21/09/2012 23:36:22
--------------------------


Time : 22/09/2012 00:02:58
--------------------------


Time : 22/09/2012 13:31:10
--------------------------


Time : 22/09/2012 13:32:08
--------------------------


Time : 22/09/2012 13:32:21
--------------------------


Time : 22/09/2012 13:32:33
--------------------------


Time : 22/09/2012 13:33:19
--------------------------

#8 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:27 PM

Posted 22 September 2012 - 02:40 PM

MOST RECENT TDSS REPORT

13:55:21.0697 1808 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:55:21.0947 1808 ============================================================
13:55:21.0947 1808 Current date / time: 2012/09/22 13:55:21.0947
13:55:21.0947 1808 SystemInfo:
13:55:21.0947 1808
13:55:21.0947 1808 OS Version: 6.0.6002 ServicePack: 2.0
13:55:21.0947 1808 Product type: Workstation
13:55:21.0947 1808 ComputerName: ADMIN-PC
13:55:21.0947 1808 UserName: Admin
13:55:21.0947 1808 Windows directory: C:\Windows
13:55:21.0947 1808 System windows directory: C:\Windows
13:55:21.0947 1808 Running under WOW64
13:55:21.0947 1808 Processor architecture: Intel x64
13:55:21.0947 1808 Number of processors: 4
13:55:21.0947 1808 Page size: 0x1000
13:55:21.0947 1808 Boot type: Normal boot
13:55:21.0947 1808 ============================================================
13:55:22.0274 1808 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:55:22.0290 1808 Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:55:22.0290 1808 ============================================================
13:55:22.0290 1808 \Device\Harddisk0\DR0:
13:55:22.0290 1808 MBR partitions:
13:55:22.0290 1808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x491C5A01
13:55:22.0290 1808 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x491C5A40, BlocksNum 0x1691481
13:55:22.0290 1808 \Device\Harddisk1\DR1:
13:55:22.0290 1808 MBR partitions:
13:55:22.0290 1808 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x777FD0
13:55:22.0290 1808 ============================================================
13:55:22.0337 1808 C: <-> \Device\Harddisk0\DR0\Partition1
13:55:22.0399 1808 D: <-> \Device\Harddisk0\DR0\Partition2
13:55:22.0399 1808 ============================================================
13:55:22.0399 1808 Initialize success
13:55:22.0399 1808 ============================================================
13:55:25.0550 2728 ============================================================
13:55:25.0550 2728 Scan started
13:55:25.0550 2728 Mode: Manual;
13:55:25.0550 2728 ============================================================
13:55:25.0940 2728 ================ Scan system memory ========================
13:55:25.0940 2728 System memory - ok
13:55:25.0940 2728 ================ Scan services =============================
13:55:26.0065 2728 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:55:26.0065 2728 ACPI - ok
13:55:26.0159 2728 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:55:26.0159 2728 AdobeFlashPlayerUpdateSvc - ok
13:55:26.0190 2728 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:55:26.0205 2728 adp94xx - ok
13:55:26.0252 2728 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:55:26.0268 2728 adpahci - ok
13:55:26.0299 2728 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:55:26.0299 2728 adpu160m - ok
13:55:26.0330 2728 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:55:26.0346 2728 adpu320 - ok
13:55:26.0377 2728 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:55:26.0377 2728 AeLookupSvc - ok
13:55:26.0408 2728 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
13:55:26.0408 2728 AFD - ok
13:55:26.0424 2728 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:55:26.0424 2728 agp440 - ok
13:55:26.0439 2728 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:55:26.0439 2728 aic78xx - ok
13:55:26.0471 2728 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
13:55:26.0471 2728 ALG - ok
13:55:26.0486 2728 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
13:55:26.0486 2728 aliide - ok
13:55:26.0502 2728 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
13:55:26.0502 2728 amdide - ok
13:55:26.0517 2728 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:55:26.0533 2728 AmdK8 - ok
13:55:26.0595 2728 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:55:26.0611 2728 AntiVirSchedulerService - ok
13:55:26.0642 2728 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:55:26.0658 2728 AntiVirService - ok
13:55:26.0673 2728 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
13:55:26.0673 2728 Appinfo - ok
13:55:26.0689 2728 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
13:55:26.0689 2728 arc - ok
13:55:26.0705 2728 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:55:26.0720 2728 arcsas - ok
13:55:26.0736 2728 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:55:26.0736 2728 AsyncMac - ok
13:55:26.0751 2728 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
13:55:26.0751 2728 atapi - ok
13:55:26.0783 2728 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:55:26.0783 2728 AudioEndpointBuilder - ok
13:55:26.0798 2728 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:55:26.0798 2728 AudioSrv - ok
13:55:26.0829 2728 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:55:26.0829 2728 avgntflt - ok
13:55:26.0861 2728 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:55:26.0876 2728 avipbb - ok
13:55:26.0892 2728 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:55:26.0892 2728 avkmgr - ok
13:55:26.0923 2728 Beep - ok
13:55:26.0954 2728 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
13:55:26.0954 2728 BFE - ok
13:55:27.0017 2728 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
13:55:27.0032 2728 BITS - ok
13:55:27.0048 2728 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:55:27.0063 2728 blbdrive - ok
13:55:27.0095 2728 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:55:27.0095 2728 bowser - ok
13:55:27.0110 2728 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:55:27.0110 2728 BrFiltLo - ok
13:55:27.0126 2728 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:55:27.0126 2728 BrFiltUp - ok
13:55:27.0157 2728 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
13:55:27.0157 2728 Browser - ok
13:55:27.0188 2728 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
13:55:27.0188 2728 Brserid - ok
13:55:27.0219 2728 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:55:27.0235 2728 BrSerWdm - ok
13:55:27.0251 2728 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:55:27.0251 2728 BrUsbMdm - ok
13:55:27.0266 2728 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:55:27.0266 2728 BrUsbSer - ok
13:55:27.0282 2728 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:55:27.0282 2728 BTHMODEM - ok
13:55:27.0297 2728 catchme - ok
13:55:27.0344 2728 [ 6C2DD66A3DB32450D661BA89B18B1941 ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
13:55:27.0344 2728 CAXHWBS2 - ok
13:55:27.0360 2728 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:55:27.0360 2728 cdfs - ok
13:55:27.0391 2728 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:55:27.0391 2728 cdrom - ok
13:55:27.0407 2728 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
13:55:27.0422 2728 CertPropSvc - ok
13:55:27.0438 2728 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
13:55:27.0438 2728 circlass - ok
13:55:27.0469 2728 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
13:55:27.0485 2728 CLFS - ok
13:55:27.0516 2728 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:55:27.0531 2728 clr_optimization_v2.0.50727_32 - ok
13:55:27.0563 2728 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:55:27.0563 2728 clr_optimization_v2.0.50727_64 - ok
13:55:27.0625 2728 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:55:27.0625 2728 clr_optimization_v4.0.30319_32 - ok
13:55:27.0656 2728 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:55:27.0656 2728 clr_optimization_v4.0.30319_64 - ok
13:55:27.0672 2728 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:55:27.0672 2728 cmdide - ok
13:55:27.0687 2728 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:55:27.0687 2728 Compbatt - ok
13:55:27.0687 2728 COMSysApp - ok
13:55:27.0703 2728 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:55:27.0719 2728 crcdisk - ok
13:55:27.0750 2728 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:55:27.0750 2728 CryptSvc - ok
13:55:27.0781 2728 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
13:55:27.0781 2728 ctxusbm - ok
13:55:27.0828 2728 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
13:55:27.0828 2728 DcomLaunch - ok
13:55:27.0875 2728 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:55:27.0875 2728 DfsC - ok
13:55:27.0953 2728 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
13:55:28.0031 2728 DFSR - ok
13:55:28.0062 2728 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:55:28.0062 2728 Dhcp - ok
13:55:28.0093 2728 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
13:55:28.0093 2728 disk - ok
13:55:28.0109 2728 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:55:28.0109 2728 Dnscache - ok
13:55:28.0124 2728 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
13:55:28.0124 2728 dot3svc - ok
13:55:28.0140 2728 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
13:55:28.0155 2728 Dot4 - ok
13:55:28.0171 2728 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:55:28.0171 2728 Dot4Print - ok
13:55:28.0187 2728 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
13:55:28.0202 2728 dot4usb - ok
13:55:28.0218 2728 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
13:55:28.0218 2728 DPS - ok
13:55:28.0249 2728 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:55:28.0249 2728 drmkaud - ok
13:55:28.0280 2728 [ 1D96E28EBCD96AD1B44A3FD02CA6433D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:55:28.0296 2728 DXGKrnl - ok
13:55:28.0311 2728 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
13:55:28.0327 2728 E1G60 - ok
13:55:28.0327 2728 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
13:55:28.0343 2728 EapHost - ok
13:55:28.0374 2728 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
13:55:28.0389 2728 Ecache - ok
13:55:28.0436 2728 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:55:28.0452 2728 ehRecvr - ok
13:55:28.0467 2728 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
13:55:28.0467 2728 ehstart - ok
13:55:28.0483 2728 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:55:28.0483 2728 elxstor - ok
13:55:28.0530 2728 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:55:28.0530 2728 EMDMgmt - ok
13:55:28.0545 2728 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:55:28.0545 2728 ErrDev - ok
13:55:28.0577 2728 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
13:55:28.0592 2728 EventSystem - ok
13:55:28.0608 2728 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
13:55:28.0608 2728 exfat - ok
13:55:28.0639 2728 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:55:28.0639 2728 fastfat - ok
13:55:28.0655 2728 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:55:28.0655 2728 fdc - ok
13:55:28.0670 2728 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
13:55:28.0670 2728 fdPHost - ok
13:55:28.0686 2728 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
13:55:28.0686 2728 FDResPub - ok
13:55:28.0701 2728 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:55:28.0701 2728 FileInfo - ok
13:55:28.0733 2728 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:55:28.0733 2728 Filetrace - ok
13:55:28.0748 2728 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:55:28.0748 2728 flpydisk - ok
13:55:28.0779 2728 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:55:28.0779 2728 FltMgr - ok
13:55:28.0826 2728 [ FDF5F06EFC8F98BAC5FE8B216F93AA5E ] FontCache C:\Windows\system32\FntCache.dll
13:55:28.0873 2728 FontCache - ok
13:55:28.0904 2728 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:55:28.0920 2728 FontCache3.0.0.0 - ok
13:55:28.0951 2728 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:55:28.0951 2728 Fs_Rec - ok
13:55:28.0967 2728 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:55:28.0967 2728 gagp30kx - ok
13:55:29.0013 2728 [ D279181E1CF2D85D31CDCFFD56B16795 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:55:29.0013 2728 GEARAspiWDM - ok
13:55:29.0045 2728 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
13:55:29.0045 2728 gpsvc - ok
13:55:29.0138 2728 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:55:29.0138 2728 gupdate - ok
13:55:29.0154 2728 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:55:29.0154 2728 gupdatem - ok
13:55:29.0185 2728 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:55:29.0201 2728 HdAudAddService - ok
13:55:29.0279 2728 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:55:29.0279 2728 HDAudBus - ok
13:55:29.0310 2728 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:55:29.0310 2728 HidBth - ok
13:55:29.0325 2728 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:55:29.0325 2728 HidIr - ok
13:55:29.0341 2728 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
13:55:29.0341 2728 hidserv - ok
13:55:29.0357 2728 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:55:29.0357 2728 HidUsb - ok
13:55:29.0372 2728 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
13:55:29.0388 2728 hkmsvc - ok
13:55:29.0403 2728 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:55:29.0403 2728 HpCISSs - ok
13:55:29.0481 2728 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:55:29.0481 2728 hpqcxs08 - ok
13:55:29.0497 2728 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:55:29.0497 2728 hpqddsvc - ok
13:55:29.0528 2728 [ 3A9291D4047935F776DB8AF831AB9BA6 ] HSF_DP C:\Windows\system32\DRIVERS\CAX_DP.sys
13:55:29.0544 2728 HSF_DP - ok
13:55:29.0575 2728 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:55:29.0575 2728 HTTP - ok
13:55:29.0606 2728 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:55:29.0606 2728 i2omp - ok
13:55:29.0622 2728 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:55:29.0622 2728 i8042prt - ok
13:55:29.0669 2728 [ 204A73A56751C68C6031E9D5D611EC98 ] IAANTMON C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
13:55:29.0669 2728 IAANTMON - ok
13:55:29.0700 2728 [ 8EACF469269FB1509561961A3188F670 ] iaStor C:\Windows\system32\drivers\iastor.sys
13:55:29.0700 2728 iaStor - ok
13:55:29.0747 2728 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:55:29.0762 2728 iaStorV - ok
13:55:29.0825 2728 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:55:29.0840 2728 IDriverT - ok
13:55:29.0934 2728 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:55:29.0934 2728 idsvc - ok
13:55:29.0965 2728 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:55:29.0981 2728 iirsp - ok
13:55:29.0996 2728 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
13:55:29.0996 2728 IKEEXT - ok
13:55:30.0059 2728 [ 1EDAB7F9B9DE4424BECCDEF950CE2FF0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:55:30.0090 2728 IntcAzAudAddService - ok
13:55:30.0090 2728 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
13:55:30.0090 2728 intelide - ok
13:55:30.0105 2728 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:55:30.0121 2728 intelppm - ok
13:55:30.0137 2728 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:55:30.0137 2728 IPBusEnum - ok
13:55:30.0152 2728 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:55:30.0152 2728 IpFilterDriver - ok
13:55:30.0168 2728 IpInIp - ok
13:55:30.0199 2728 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:55:30.0199 2728 IPMIDRV - ok
13:55:30.0215 2728 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:55:30.0230 2728 IPNAT - ok
13:55:30.0246 2728 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:55:30.0246 2728 IRENUM - ok
13:55:30.0261 2728 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:55:30.0261 2728 isapnp - ok
13:55:30.0277 2728 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:55:30.0293 2728 iScsiPrt - ok
13:55:30.0308 2728 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:55:30.0308 2728 iteatapi - ok
13:55:30.0324 2728 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:55:30.0324 2728 iteraid - ok
13:55:30.0339 2728 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:55:30.0355 2728 kbdclass - ok
13:55:30.0371 2728 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:55:30.0371 2728 kbdhid - ok
13:55:30.0386 2728 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
13:55:30.0402 2728 KeyIso - ok
13:55:30.0433 2728 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:55:30.0433 2728 KSecDD - ok
13:55:30.0433 2728 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:55:30.0433 2728 ksthunk - ok
13:55:30.0449 2728 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
13:55:30.0464 2728 KtmRm - ok
13:55:30.0495 2728 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:55:30.0495 2728 LanmanServer - ok
13:55:30.0527 2728 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:55:30.0527 2728 LanmanWorkstation - ok
13:55:30.0573 2728 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:55:30.0589 2728 LightScribeService - ok
13:55:30.0605 2728 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:55:30.0605 2728 lltdio - ok
13:55:30.0620 2728 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:55:30.0620 2728 lltdsvc - ok
13:55:30.0636 2728 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:55:30.0636 2728 lmhosts - ok
13:55:30.0651 2728 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:55:30.0667 2728 LSI_FC - ok
13:55:30.0683 2728 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:55:30.0683 2728 LSI_SAS - ok
13:55:30.0714 2728 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:55:30.0714 2728 LSI_SCSI - ok
13:55:30.0729 2728 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
13:55:30.0745 2728 luafv - ok
13:55:30.0761 2728 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
13:55:30.0776 2728 mcdbus - ok
13:55:30.0792 2728 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:55:30.0792 2728 Mcx2Svc - ok
13:55:30.0823 2728 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:55:30.0823 2728 mdmxsdk - ok
13:55:30.0839 2728 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
13:55:30.0839 2728 megasas - ok
13:55:30.0854 2728 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
13:55:30.0854 2728 MegaSR - ok
13:55:30.0948 2728 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:55:30.0948 2728 Microsoft Office Groove Audit Service - ok
13:55:30.0963 2728 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
13:55:30.0963 2728 MMCSS - ok
13:55:30.0979 2728 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
13:55:30.0979 2728 Modem - ok
13:55:31.0010 2728 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:55:31.0010 2728 monitor - ok
13:55:31.0026 2728 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:55:31.0041 2728 mouclass - ok
13:55:31.0041 2728 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:55:31.0041 2728 mouhid - ok
13:55:31.0166 2728 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:55:31.0166 2728 MountMgr - ok
13:55:31.0182 2728 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
13:55:31.0197 2728 mpio - ok
13:55:31.0229 2728 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:55:31.0229 2728 mpsdrv - ok
13:55:31.0275 2728 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
13:55:31.0291 2728 MpsSvc - ok
13:55:31.0307 2728 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:55:31.0307 2728 Mraid35x - ok
13:55:31.0338 2728 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:55:31.0338 2728 MRxDAV - ok
13:55:31.0369 2728 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:55:31.0369 2728 mrxsmb - ok
13:55:31.0400 2728 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:55:31.0400 2728 mrxsmb10 - ok
13:55:31.0416 2728 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:55:31.0416 2728 mrxsmb20 - ok
13:55:31.0447 2728 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
13:55:31.0447 2728 msahci - ok
13:55:31.0463 2728 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:55:31.0463 2728 msdsm - ok
13:55:31.0478 2728 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
13:55:31.0478 2728 MSDTC - ok
13:55:31.0509 2728 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:55:31.0509 2728 Msfs - ok
13:55:31.0509 2728 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:55:31.0525 2728 msisadrv - ok
13:55:31.0541 2728 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:55:31.0541 2728 MSiSCSI - ok
13:55:31.0541 2728 msiserver - ok
13:55:31.0556 2728 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:55:31.0572 2728 MSKSSRV - ok
13:55:31.0587 2728 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:55:31.0587 2728 MSPCLOCK - ok
13:55:31.0603 2728 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:55:31.0619 2728 MSPQM - ok
13:55:31.0634 2728 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:55:31.0650 2728 MsRPC - ok
13:55:31.0681 2728 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:55:31.0681 2728 mssmbios - ok
13:55:31.0697 2728 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:55:31.0697 2728 MSTEE - ok
13:55:31.0697 2728 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
13:55:31.0697 2728 Mup - ok
13:55:31.0728 2728 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
13:55:31.0743 2728 napagent - ok
13:55:31.0759 2728 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:55:31.0775 2728 NativeWifiP - ok
13:55:31.0837 2728 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
13:55:31.0837 2728 NAUpdate - ok
13:55:31.0853 2728 [ DACA803A8D732FE5EEAA024EC342F81D ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys
13:55:31.0853 2728 NBVol - ok
13:55:31.0868 2728 [ 6208F622E9E35860DFB0753DFF56F0C0 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys
13:55:31.0868 2728 NBVolUp - ok
13:55:31.0899 2728 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:55:31.0915 2728 NDIS - ok
13:55:31.0931 2728 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:55:31.0931 2728 NdisTapi - ok
13:55:31.0946 2728 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:55:31.0946 2728 Ndisuio - ok
13:55:31.0977 2728 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:55:31.0977 2728 NdisWan - ok
13:55:31.0993 2728 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:55:31.0993 2728 NDProxy - ok
13:55:32.0009 2728 [ BD94210175C488F18ADD3E189EE9304C ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:55:32.0009 2728 Net Driver HPZ12 - ok
13:55:32.0024 2728 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:55:32.0024 2728 NetBIOS - ok
13:55:32.0040 2728 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:55:32.0055 2728 netbt - ok
13:55:32.0055 2728 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
13:55:32.0055 2728 Netlogon - ok
13:55:32.0087 2728 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
13:55:32.0087 2728 Netman - ok
13:55:32.0102 2728 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
13:55:32.0118 2728 netprofm - ok
13:55:32.0133 2728 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:55:32.0133 2728 NetTcpPortSharing - ok
13:55:32.0149 2728 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:55:32.0165 2728 nfrd960 - ok
13:55:32.0180 2728 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
13:55:32.0180 2728 NlaSvc - ok
13:55:32.0196 2728 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:55:32.0196 2728 Npfs - ok
13:55:32.0211 2728 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
13:55:32.0211 2728 nsi - ok
13:55:32.0227 2728 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:55:32.0227 2728 nsiproxy - ok
13:55:32.0274 2728 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:55:32.0289 2728 Ntfs - ok
13:55:32.0289 2728 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
13:55:32.0289 2728 Null - ok
13:55:32.0555 2728 [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:55:32.0664 2728 nvlddmkm - ok
13:55:32.0695 2728 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:55:32.0695 2728 nvraid - ok
13:55:32.0711 2728 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:55:32.0711 2728 nvstor - ok
13:55:32.0742 2728 [ 18AA5FF4EE3FE45A64B98589C62B7FC0 ] nvsvc C:\Windows\system32\nvvsvc.exe
13:55:32.0757 2728 nvsvc - ok
13:55:32.0773 2728 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:55:32.0773 2728 nv_agp - ok
13:55:32.0773 2728 NwlnkFlt - ok
13:55:32.0789 2728 NwlnkFwd - ok
13:55:32.0867 2728 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:55:32.0867 2728 odserv - ok
13:55:32.0882 2728 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:55:32.0882 2728 ohci1394 - ok
13:55:32.0929 2728 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:55:32.0929 2728 ose - ok
13:55:32.0960 2728 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:55:32.0991 2728 p2pimsvc - ok
13:55:33.0007 2728 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
13:55:33.0007 2728 p2psvc - ok
13:55:33.0023 2728 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
13:55:33.0023 2728 Parport - ok
13:55:33.0054 2728 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:55:33.0054 2728 partmgr - ok
13:55:33.0069 2728 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
13:55:33.0069 2728 PcaSvc - ok
13:55:33.0085 2728 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
13:55:33.0085 2728 pci - ok
13:55:33.0101 2728 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
13:55:33.0101 2728 pciide - ok
13:55:33.0116 2728 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:55:33.0116 2728 pcmcia - ok
13:55:33.0147 2728 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:55:33.0147 2728 PEAUTH - ok
13:55:33.0194 2728 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:55:33.0194 2728 PerfHost - ok
13:55:33.0241 2728 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
13:55:33.0241 2728 pla - ok
13:55:33.0272 2728 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:55:33.0272 2728 PlugPlay - ok
13:55:33.0288 2728 [ 7FE2AFB17D91CF39843D6766EA31CFC7 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:55:33.0288 2728 Pml Driver HPZ12 - ok
13:55:33.0288 2728 PnkBstrA - ok
13:55:33.0303 2728 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:55:33.0303 2728 PNRPAutoReg - ok
13:55:33.0319 2728 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:55:33.0319 2728 PNRPsvc - ok
13:55:33.0350 2728 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:55:33.0366 2728 PolicyAgent - ok
13:55:33.0381 2728 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:55:33.0397 2728 PptpMiniport - ok
13:55:33.0397 2728 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
13:55:33.0413 2728 Processor - ok
13:55:33.0413 2728 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
13:55:33.0413 2728 ProfSvc - ok
13:55:33.0444 2728 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
13:55:33.0444 2728 ProtectedStorage - ok
13:55:33.0475 2728 [ 1D0A3F565397D08707F3D75B88586645 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
13:55:33.0475 2728 Ps2 - ok
13:55:33.0491 2728 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:55:33.0491 2728 PSched - ok
13:55:33.0522 2728 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
13:55:33.0522 2728 PSI - ok
13:55:33.0569 2728 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:55:33.0569 2728 ql2300 - ok
13:55:33.0584 2728 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:55:33.0584 2728 ql40xx - ok
13:55:33.0615 2728 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
13:55:33.0615 2728 QWAVE - ok
13:55:33.0631 2728 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:55:33.0631 2728 QWAVEdrv - ok
13:55:33.0647 2728 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:55:33.0647 2728 RasAcd - ok
13:55:33.0647 2728 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
13:55:33.0647 2728 RasAuto - ok
13:55:33.0662 2728 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:55:33.0662 2728 Rasl2tp - ok
13:55:33.0693 2728 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
13:55:33.0693 2728 RasMan - ok
13:55:33.0725 2728 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:55:33.0725 2728 RasPppoe - ok
13:55:33.0771 2728 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:55:33.0771 2728 RasSstp - ok
13:55:33.0803 2728 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:55:33.0818 2728 rdbss - ok
13:55:33.0818 2728 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:55:33.0818 2728 RDPCDD - ok
13:55:33.0849 2728 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:55:33.0849 2728 rdpdr - ok
13:55:33.0849 2728 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:55:33.0849 2728 RDPENCDD - ok
13:55:33.0896 2728 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:55:33.0896 2728 RDPWD - ok
13:55:33.0912 2728 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:55:33.0912 2728 RemoteAccess - ok
13:55:33.0943 2728 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:55:33.0943 2728 RemoteRegistry - ok
13:55:33.0959 2728 [ 5790BCA445CC40DF8B38C2C48608AAC2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:55:33.0974 2728 RimUsb - ok
13:55:33.0990 2728 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
13:55:33.0990 2728 RimVSerPort - ok
13:55:34.0005 2728 [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
13:55:34.0005 2728 ROOTMODEM - ok
13:55:34.0037 2728 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
13:55:34.0037 2728 RpcLocator - ok
13:55:34.0068 2728 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll
13:55:34.0068 2728 RpcSs - ok
13:55:34.0083 2728 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:55:34.0099 2728 rspndr - ok
13:55:34.0115 2728 [ D53C84EC99AB4D78A90001E5CE5386EC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
13:55:34.0130 2728 RTL8169 - ok
13:55:34.0146 2728 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
13:55:34.0146 2728 SamSs - ok
13:55:34.0177 2728 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:55:34.0177 2728 sbp2port - ok
13:55:34.0224 2728 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:55:34.0224 2728 SCardSvr - ok
13:55:34.0255 2728 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
13:55:34.0271 2728 Schedule - ok
13:55:34.0302 2728 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:55:34.0302 2728 SCPolicySvc - ok
13:55:34.0317 2728 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:55:34.0317 2728 SDRSVC - ok
13:55:34.0333 2728 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:55:34.0333 2728 secdrv - ok
13:55:34.0349 2728 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
13:55:34.0349 2728 seclogon - ok
13:55:34.0395 2728 [ 2D0599DD0124764FC939C59985C860DE ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\psia.exe
13:55:34.0395 2728 Secunia PSI Agent - ok
13:55:34.0427 2728 [ 20B9E1ADBC58958B480933E4DA005DFB ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
13:55:34.0442 2728 Secunia Update Agent - ok
13:55:34.0442 2728 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
13:55:34.0442 2728 SENS - ok
13:55:34.0458 2728 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
13:55:34.0458 2728 Serenum - ok
13:55:34.0473 2728 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
13:55:34.0473 2728 Serial - ok
13:55:34.0505 2728 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:55:34.0505 2728 sermouse - ok
13:55:34.0520 2728 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
13:55:34.0536 2728 SessionEnv - ok
13:55:34.0551 2728 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:55:34.0551 2728 sffdisk - ok
13:55:34.0567 2728 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:55:34.0567 2728 sffp_mmc - ok
13:55:34.0583 2728 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:55:34.0583 2728 sffp_sd - ok
13:55:34.0598 2728 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:55:34.0598 2728 sfloppy - ok
13:55:34.0645 2728 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:55:34.0645 2728 SharedAccess - ok
13:55:34.0676 2728 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:55:34.0676 2728 ShellHWDetection - ok
13:55:34.0692 2728 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:55:34.0707 2728 SiSRaid2 - ok
13:55:34.0723 2728 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:55:34.0723 2728 SiSRaid4 - ok
13:55:34.0785 2728 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
13:55:34.0817 2728 slsvc - ok
13:55:34.0848 2728 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:55:34.0848 2728 SLUINotify - ok
13:55:34.0863 2728 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:55:34.0863 2728 Smb - ok
13:55:34.0879 2728 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:55:34.0879 2728 SNMPTRAP - ok
13:55:34.0910 2728 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
13:55:34.0910 2728 spldr - ok
13:55:34.0926 2728 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
13:55:34.0941 2728 Spooler - ok
13:55:34.0973 2728 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
13:55:35.0004 2728 srv - ok
13:55:35.0019 2728 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:55:35.0035 2728 srv2 - ok
13:55:35.0051 2728 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:55:35.0051 2728 srvnet - ok
13:55:35.0066 2728 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:55:35.0082 2728 SSDPSRV - ok
13:55:35.0082 2728 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:55:35.0097 2728 SstpSvc - ok
13:55:35.0129 2728 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
13:55:35.0129 2728 stisvc - ok
13:55:35.0144 2728 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:55:35.0160 2728 swenum - ok
13:55:35.0175 2728 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
13:55:35.0191 2728 swprv - ok
13:55:35.0207 2728 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:55:35.0207 2728 Symc8xx - ok
13:55:35.0222 2728 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:55:35.0238 2728 Sym_hi - ok
13:55:35.0253 2728 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:55:35.0253 2728 Sym_u3 - ok
13:55:35.0285 2728 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
13:55:35.0300 2728 SysMain - ok
13:55:35.0316 2728 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:55:35.0316 2728 TabletInputService - ok
13:55:35.0331 2728 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:55:35.0347 2728 TapiSrv - ok
13:55:35.0347 2728 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
13:55:35.0347 2728 TBS - ok
13:55:35.0394 2728 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:55:35.0409 2728 Tcpip - ok
13:55:35.0441 2728 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:55:35.0441 2728 Tcpip6 - ok
13:55:35.0456 2728 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:55:35.0472 2728 tcpipreg - ok
13:55:35.0487 2728 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:55:35.0487 2728 TDPIPE - ok
13:55:35.0503 2728 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:55:35.0503 2728 TDTCP - ok
13:55:35.0534 2728 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:55:35.0534 2728 tdx - ok
13:55:35.0565 2728 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:55:35.0565 2728 TermDD - ok
13:55:35.0597 2728 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
13:55:35.0612 2728 TermService - ok
13:55:35.0612 2728 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
13:55:35.0612 2728 Themes - ok
13:55:35.0628 2728 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
13:55:35.0628 2728 THREADORDER - ok
13:55:35.0643 2728 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
13:55:35.0643 2728 TrkWks - ok
13:55:35.0690 2728 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:55:35.0690 2728 TrustedInstaller - ok
13:55:35.0706 2728 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:55:35.0706 2728 tssecsrv - ok
13:55:35.0721 2728 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:55:35.0721 2728 tunmp - ok
13:55:35.0737 2728 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:55:35.0753 2728 tunnel - ok
13:55:35.0768 2728 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:55:35.0768 2728 uagp35 - ok
13:55:35.0799 2728 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:55:35.0799 2728 udfs - ok
13:55:35.0831 2728 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:55:35.0831 2728 UI0Detect - ok
13:55:35.0846 2728 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:55:35.0846 2728 uliagpkx - ok
13:55:35.0877 2728 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:55:35.0877 2728 uliahci - ok
13:55:35.0893 2728 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:55:35.0893 2728 UlSata - ok
13:55:35.0909 2728 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:55:35.0909 2728 ulsata2 - ok
13:55:35.0924 2728 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:55:35.0940 2728 umbus - ok
13:55:35.0955 2728 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
13:55:35.0955 2728 upnphost - ok
13:55:35.0987 2728 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:55:35.0987 2728 usbccgp - ok
13:55:36.0002 2728 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:55:36.0002 2728 usbcir - ok
13:55:36.0033 2728 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:55:36.0033 2728 usbehci - ok
13:55:36.0080 2728 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:55:36.0080 2728 usbhub - ok
13:55:36.0096 2728 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:55:36.0096 2728 usbohci - ok
13:55:36.0111 2728 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:55:36.0127 2728 usbprint - ok
13:55:36.0143 2728 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:55:36.0143 2728 usbscan - ok
13:55:36.0158 2728 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:55:36.0174 2728 USBSTOR - ok
13:55:36.0174 2728 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:55:36.0174 2728 usbuhci - ok
13:55:36.0189 2728 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
13:55:36.0189 2728 UxSms - ok
13:55:36.0236 2728 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
13:55:36.0236 2728 vds - ok
13:55:36.0252 2728 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:55:36.0267 2728 vga - ok
13:55:36.0267 2728 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:55:36.0267 2728 VgaSave - ok
13:55:36.0283 2728 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
13:55:36.0299 2728 viaide - ok
13:55:36.0299 2728 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:55:36.0314 2728 volmgr - ok
13:55:36.0361 2728 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:55:36.0361 2728 volmgrx - ok
13:55:36.0392 2728 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:55:36.0392 2728 volsnap - ok
13:55:36.0408 2728 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:55:36.0423 2728 vsmraid - ok
13:55:36.0470 2728 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
13:55:36.0486 2728 VSS - ok
13:55:36.0517 2728 [ 23DE6F86133361C8DD5410E08A32BB3E ] VST64HWBS2 C:\Windows\system32\DRIVERS\VSTBS26.SYS
13:55:36.0517 2728 VST64HWBS2 - ok
13:55:36.0564 2728 [ E6CD7F641916484B0141D191A390D866 ] VST64_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:55:36.0595 2728 VST64_DPV - ok
13:55:36.0626 2728 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
13:55:36.0626 2728 W32Time - ok
13:55:36.0642 2728 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:55:36.0657 2728 WacomPen - ok
13:55:36.0673 2728 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:55:36.0673 2728 Wanarp - ok
13:55:36.0673 2728 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:55:36.0689 2728 Wanarpv6 - ok
13:55:36.0704 2728 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:55:36.0704 2728 wcncsvc - ok
13:55:36.0735 2728 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:55:36.0735 2728 WcsPlugInService - ok
13:55:36.0751 2728 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
13:55:36.0751 2728 Wd - ok
13:55:36.0798 2728 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:55:36.0829 2728 Wdf01000 - ok
13:55:36.0845 2728 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:55:36.0845 2728 WdiServiceHost - ok
13:55:36.0845 2728 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:55:36.0860 2728 WdiSystemHost - ok
13:55:36.0876 2728 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
13:55:36.0876 2728 WebClient - ok
13:55:36.0891 2728 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:55:36.0891 2728 Wecsvc - ok
13:55:36.0907 2728 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:55:36.0907 2728 wercplsupport - ok
13:55:36.0923 2728 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
13:55:36.0923 2728 WerSvc - ok
13:55:36.0954 2728 [ A53CDE6BEEA165FE9B430476EEDE3C54 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
13:55:36.0969 2728 winachsf - ok
13:55:37.0001 2728 WinDefend - ok
13:55:37.0001 2728 WinHttpAutoProxySvc - ok
13:55:37.0047 2728 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:55:37.0047 2728 Winmgmt - ok
13:55:37.0094 2728 [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM C:\Windows\system32\WsmSvc.dll
13:55:37.0110 2728 WinRM - ok
13:55:37.0172 2728 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:55:37.0188 2728 Wlansvc - ok
13:55:37.0203 2728 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:55:37.0203 2728 WmiAcpi - ok
13:55:37.0250 2728 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:55:37.0250 2728 wmiApSrv - ok
13:55:37.0281 2728 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:55:37.0281 2728 WPCSvc - ok
13:55:37.0313 2728 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:55:37.0313 2728 WPDBusEnum - ok
13:55:37.0328 2728 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:55:37.0328 2728 WpdUsb - ok
13:55:37.0453 2728 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:55:37.0469 2728 WPFFontCache_v0400 - ok
13:55:37.0484 2728 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:55:37.0484 2728 ws2ifsl - ok
13:55:37.0500 2728 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
13:55:37.0500 2728 wscsvc - ok
13:55:37.0593 2728 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:55:37.0609 2728 wuauserv - ok
13:55:37.0625 2728 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:55:37.0625 2728 WUDFRd - ok
13:55:37.0625 2728 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:55:37.0625 2728 wudfsvc - ok
13:55:37.0656 2728 [ F22E443518BC599D12888DAF292A56D8 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
13:55:37.0656 2728 XAudio - ok
13:55:37.0671 2728 [ 963C27034BBA4AC52A13F7A3C657C708 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
13:55:37.0671 2728 XAudioService - ok
13:55:37.0671 2728 ================ Scan global ===============================
13:55:37.0718 2728 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
13:55:37.0749 2728 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
13:55:37.0796 2728 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
13:55:37.0812 2728 [ E2D076F2C1239AA6C7412BA6B8B1DE4E ] C:\Windows\system32\services.exe
13:55:37.0827 2728 [Global] - ok
13:55:37.0827 2728 ================ Scan MBR ==================================
13:55:37.0843 2728 [ 03BA8F890B47C0BE359A4D5A636D214D ] \Device\Harddisk0\DR0
13:55:38.0249 2728 \Device\Harddisk0\DR0 - ok
13:55:38.0249 2728 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
13:55:40.0433 2728 \Device\Harddisk1\DR1 - ok
13:55:40.0433 2728 ================ Scan VBR ==================================
13:55:40.0433 2728 [ 5BEB0D8C6D47C1A558286B12B507A05F ] \Device\Harddisk0\DR0\Partition1
13:55:40.0433 2728 \Device\Harddisk0\DR0\Partition1 - ok
13:55:40.0433 2728 [ DF6FF1C7517CA42FA8CB453086843242 ] \Device\Harddisk0\DR0\Partition2
13:55:40.0433 2728 \Device\Harddisk0\DR0\Partition2 - ok
13:55:40.0448 2728 [ 2E0F7C69B719136A4B9F4659FCF79963 ] \Device\Harddisk1\DR1\Partition1
13:55:40.0448 2728 \Device\Harddisk1\DR1\Partition1 - ok
13:55:40.0448 2728 ============================================================
13:55:40.0448 2728 Scan finished
13:55:40.0448 2728 ============================================================
13:55:40.0448 2788 Detected object count: 0
13:55:40.0448 2788 Actual detected object count: 0
13:55:43.0007 2992 Deinitialize success

#9 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:27 PM

Posted 22 September 2012 - 02:42 PM

I had also done the FRST64 step where you go into boot mode and then execute the file.

#10 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:27 PM

Posted 22 September 2012 - 02:45 PM

Combofix said that it found services.exe was infected and it took many hours to finish.

Here is the report:

ComboFix 12-09-21.01 - Admin 22/09/2012 2:27.8.4 - x64
Running from: c:\users\Admin\Desktop\prp.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))
.
.
2012-09-22 08:47 . 2012-09-22 08:51 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-09-22 08:47 . 2012-09-22 08:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 04:58 . 2012-09-22 04:58 -------- d-----w- c:\program files\Windows Journal
2012-09-22 04:16 . 2012-09-22 04:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-22 02:40 . 2012-09-22 02:41 -------- d-----w- C:\FRST
2012-09-22 02:22 . 2012-09-22 02:22 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-09-22 02:22 . 2012-09-22 02:23 -------- d-----w- c:\program files\NVIDIA Corporation
2012-09-22 02:19 . 2012-09-22 02:19 -------- d-----w- c:\program files\Realtek
2012-09-22 00:24 . 2012-09-22 00:24 -------- d-----w- C:\_OTL
2012-09-19 07:06 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-09-18 13:17 . 2012-06-16 11:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-18 13:17 . 2012-06-16 07:02 610816 ----a-w- c:\windows\system32\vbscript.dll
2012-09-18 13:17 . 2012-06-16 06:58 818176 ----a-w- c:\windows\system32\jscript.dll
2012-09-18 13:17 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2012-09-18 13:17 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2012-09-18 13:16 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
2012-09-17 16:22 . 2012-09-17 16:22 -------- d-----w- c:\users\Admin\AppData\Local\Macromedia
2012-09-17 16:22 . 2012-09-17 16:22 -------- d-----w- c:\users\Admin\AppData\Local\Wajam
2012-09-17 16:22 . 2012-09-17 16:22 -------- d-----w- c:\program files\Picture Resize
2012-09-17 16:22 . 2012-09-17 16:22 -------- d-----w- c:\users\Admin\AppData\Roaming\Bidgood Svcs
2012-09-17 16:22 . 1998-06-24 07:00 137000 ----a-w- c:\windows\SysWow64\msmapi32.ocx
2012-09-04 00:30 . 2012-09-04 00:30 -------- d-----w- c:\program files (x86)\DriverTuner
2012-08-25 02:34 . 2012-08-25 02:37 -------- d-----w- c:\program files (x86)\Angry Birds
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 15:59 . 2012-07-22 20:16 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 15:59 . 2011-06-12 16:33 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-07 21:04 . 2011-06-11 01:47 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 04:43 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
2012-08-30 21:28 . 2009-10-21 03:24 384512 ----a-w- c:\windows\system32\services.exe
2012-08-06 01:48 . 2012-08-06 01:44 319488 ----a-w- c:\windows\HideWin.exe
2012-07-24 16:41 . 2010-12-11 03:18 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-18 22:05 . 2012-08-04 04:11 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-18 22:05 . 2012-08-04 04:11 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-18 22:05 . 2012-08-04 04:11 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-08-30 . E2D076F2C1239AA6C7412BA6B8B1DE4E . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 16:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 15:59]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-01 18:01]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-01 18:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
IE: Save video on Savevid.com - c:\program files (x86)\SavevidPlug-in\redirect.htm
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
SafeBoot-04124396.sys
SafeBoot-62882909.sys
SafeBoot-98203178.sys
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1227761558-515472132-4095481547-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:63,02,84,7f,d6,50,18,47,60,08,0e,2e,76,c5,2f,55,05,fd,e0,8c,30,16,61,
f8,e1,90,0a,e8,37,98,8e,ba,62,da,84,c4,32,66,16,cb,c2,a1,48,6e,5d,77,60,bb,\
"??"=hex:c1,86,7c,10,cb,fb,b3,65,5c,7a,52,8d,cc,ff,1f,73
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Nero\Update\NASvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Secunia\PSI\psia.exe
c:\program files (x86)\Secunia\PSI\sua.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2012-09-22 04:56:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-22 08:56
.
Pre-Run: 372,129,259,520 bytes free
Post-Run: 371,754,041,344 bytes free
.
- - End Of File - - 775B715B33F55F8D602754D810F6F8CF


Here is the quarantine report:


2012-09-22 08:55:44 . 2012-09-22 08:55:44 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2012-09-22 08:55:44 . 2012-09-22 08:55:44 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D}.reg.dat
2012-09-22 08:55:44 . 2012-09-22 08:55:44 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527}.reg.dat
2012-09-22 08:55:40 . 2012-09-22 08:55:40 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-98203178.sys.reg.dat
2012-09-22 08:55:40 . 2012-09-22 08:55:40 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-62882909.sys.reg.dat
2012-09-22 08:55:40 . 2012-09-22 08:55:40 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-04124396.sys.reg.dat
2012-09-22 08:55:30 . 2012-09-22 08:55:30 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527}.reg.dat
2012-09-22 06:26:16 . 2012-09-22 06:26:16 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-09-22 04:46:01 . 2012-09-22 06:31:41 3,838 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-09-22 04:40:45 . 2012-09-22 06:27:05 204 ----a-w- C:\Qoobox\Quarantine\catchme.log
2007-11-07 13:03:18 . 2007-11-07 13:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\Install.exe.vir

#11 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:27 PM

Posted 24 September 2012 - 03:32 PM

I also did the ESET scan and it found nothing.

My computer seems to be working a lot better now, but I want to make sure that everything is 100% gone.

Thanks again :)

#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:27 PM

Posted 26 September 2012 - 01:19 PM

Hello Miss__Brittany and welcome to the forums! :thumbsup:

My name is bloopie and I'll be helping you as best I can!

  • Please make no further changes to the machine or run any other tools unless instructed to do so! This can make it impossible for us to help you!
  • Please let me know if you have your Original Windows Installation CD/DVD.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards.

==========

I will need some time to go over your extensive logs, but in the meantime it still looks like you have a patched file! So I'd like you to run another tool for me:

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Link 1
Link 2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
services.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

bloopie

#13 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:27 PM

Posted 26 September 2012 - 03:33 PM

Hey Bloopie,

Thanks for the help!

And thank you for the information on trojans, but I'm not interested in doing a reformat at the moment, if avoidable. No, I don't have the Windows installation CD, but if absolutely needed, I'm sure that I can get my hands on one.



Here is the log you requested:

SystemLook 30.07.11 by jpshortstuff
Log created at 16:25 on 26/09/2012 by Admin
Administrator - Elevation successful

========== filefind ==========

Searching for "services.*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk --a---- 1688 bytes [22:55 24/11/2011] [03:20 21/01/2008] EFDD08F4E5E26430885F26F0C35B8C62
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk --a---- 1688 bytes [22:55 24/11/2011] [03:20 21/01/2008] EFDD08F4E5E26430885F26F0C35B8C62
C:\WINDOWS\System32\services.exe --a---- 384512 bytes [03:24 21/10/2009] [21:28 30/08/2012] E2D076F2C1239AA6C7412BA6B8B1DE4E
C:\WINDOWS\System32\services.msc --a---- 92745 bytes [07:21 02/11/2006] [21:29 18/09/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\WINDOWS\System32\drivers\etc\services --a---- 17244 bytes [12:34 02/11/2006] [21:37 18/09/2006] 9F534244B7F8F55D5C0BB498D8D481E7
C:\WINDOWS\System32\en-US\services.exe.mui --a---- 17408 bytes [15:13 02/11/2006] [15:13 02/11/2006] F514B57C09E143F1E14415A9E9ADD695
C:\WINDOWS\System32\en-US\services.msc --a---- 92745 bytes [15:13 02/11/2006] [15:13 02/11/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\WINDOWS\System32\wbem\services.mof --a---- 2866 bytes [09:10 02/11/2006] [21:44 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\WINDOWS\SysWOW64\services.exe --a---- 279552 bytes [03:24 21/10/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\WINDOWS\SysWOW64\services.msc --a---- 92745 bytes [12:21 02/11/2006] [21:29 18/09/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HU6CHB5E\mochiads.com\services.mochiads.com.sol --a---- 391 bytes [05:29 26/07/2012] [16:29 29/07/2012] 5BF6A0CFBB7E175EFDE2517E66597BEC
C:\WINDOWS\SysWOW64\en-US\services.exe.mui --a---- 17920 bytes [15:13 02/11/2006] [15:13 02/11/2006] 1626EACF0E7E59F85C59DDDD27C4169C
C:\WINDOWS\SysWOW64\en-US\services.msc --a---- 92745 bytes [15:14 02/11/2006] [15:14 02/11/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\WINDOWS\SysWOW64\wbem\services.mof --a---- 2866 bytes [12:21 02/11/2006] [21:46 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\WINDOWS\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_fe26f08ab7d12816\services.msc --a---- 92745 bytes [15:13 02/11/2006] [15:13 02/11/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\WINDOWS\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23\services.exe.mui --a---- 17408 bytes [15:13 02/11/2006] [15:13 02/11/2006] F514B57C09E143F1E14415A9E9ADD695
C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe --a---- 384512 bytes [02:49 21/01/2008] [02:49 21/01/2008] DFAC660F0F139276CC9299812DE42719
C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.mof --a---- 2866 bytes [09:10 02/11/2006] [21:44 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [03:24 21/10/2009] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.mof --a---- 2866 bytes [09:10 02/11/2006] [21:44 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_2b827e27fe185619\services.msc --a---- 92745 bytes [07:21 02/11/2006] [21:29 18/09/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\WINDOWS\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\services --a---- 17244 bytes [06:42 02/11/2006] [21:37 18/09/2006] 9F534244B7F8F55D5C0BB498D8D481E7
C:\WINDOWS\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc --a---- 92745 bytes [15:14 02/11/2006] [15:14 02/11/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\WINDOWS\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui --a---- 17920 bytes [15:13 02/11/2006] [15:13 02/11/2006] 1626EACF0E7E59F85C59DDDD27C4169C
C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:50 21/01/2008] [02:50 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof --a---- 2866 bytes [12:21 02/11/2006] [21:46 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [03:24 21/10/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof --a---- 2866 bytes [12:21 02/11/2006] [21:46 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc --a---- 92745 bytes [12:21 02/11/2006] [21:29 18/09/2006] 7A1D35F59468B8118AF5B8E21DF78AE2

-= EOF =-



Although I had partially repaired my computer, and thought it was running better, there are still definitely problems. Previous to all the steps that I had taken, I was unable to do any Windows Updates or update my antivirus. Now, I am able to do these things at least. I'm not going to touch another program until you have instructed me to.

It seems that services.exe is the patched file, and it keeps setting off my antivirus. Anyway, if you need anymore info or would like me to do anything, please let me know!

Thanks :)

#14 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:27 PM

Posted 26 September 2012 - 04:05 PM

I just wanted to mention that I decided to run Avira since there are new popups happening, and there are multiple infections found. The scan is not finished, and I won't be able to post it until late tonight, but this is such a piss off lol I worked so hard to remove the supplementary infections and they're back, just like that.

I don't understand why the antivirus does not catch these things automatically? Why does it wait for me to scan my computer to realise that files are infected? Is it because they're not being executed?


Thanks again!! :flowers:

#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:27 PM

Posted 26 September 2012 - 06:31 PM

Hi again,

Thanks for the help!


It's my pleasure! :)

I decided to run Avira


Please make no further changes to the machine until I've deemed it clean!

I don't understand why the antivirus does not catch these things automatically?


Your antivirus program cannot catch the work of rootkits before it hits. If it could, we would need not help you! :wink:

I'm checking over your logs and there are some things we need to address, so please just bear with me and we can get the machine clean faster that way. Do not just run tools or change your antivirus program, as I need to see what is happening. When you make changes, I don't know the extent of the change and can't be sure of the effects. Make sense?

==========


Okay, before we do anything else let's replace that patched file with a ComboFix Script and then run two more scans:


Step :step1:
Run a Combofix Script


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy the text in the codebox below, then paste it into the empty notepad:

FCopy::

C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe | c:\windows\system32\Services.exe

ClearJavaCache::
Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Step :step2:

Run a fresh scan of Farbar System Scanner and post the log.

==========

Step :step3:

Now, let's get a Security Check of your machine:

Please download and run Security Check from HERE,and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.

==========

In your next reply, please include:

  • The latest ComboFix log
  • The fresh FSS log
  • The security Check log

And also let me know how the computer is running now!

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users