Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse Dropper.Generic_c.MMI and svchost.exe bizarro sounds


  • This topic is locked This topic is locked
31 replies to this topic

#1 thyfuzz

thyfuzz

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 26 September 2012 - 11:44 PM

Hey everyone, thanks for taking this post. This started a while back when I decided I wanted to try Microsoft Security Essentials. What happened after a scan is it said it found the Trojan horse Dropper.Generic_c.MMI, and needed to restart to fix the problem. After restarting it made my pc restart over and over again. I then was able to remove Security Essentials so it wouldn't force restart anymore, but then it started to say it can't validate windows, not sure if that has anything to do with the virus.

On another note, I have random sound that comes up and have noticed it's when one of my svchost.exe's is using a ridiculous amount of memory. Help with both of these would be extremely appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Fuzz at 23:22:13 on 2012-09-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4087.2519 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Windows\SysWOW64\nisvcloc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [AdobeBridge]
uRun: [googletalk] C:\Users\Fuzz\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [NI Background Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNzMzODIwMDcxLUZMMTArMS1ERFQrNDA1My1ERDEwRisxLVNUMTBGQVBQKzEtTDEwTSsxLUYxME0xMkFOKzMzLUVVTEErMS1TVDEyRkFQUCsx"&"prod=90"&"ver=2012.0.1831"&"mid=009e69a0e65747d1a405d168ddfa09dd-efae4760c7b7207ee66f67f860c99b20dd524db5
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{83EF7546-D90A-4F13-8B8C-5BE725E2D80C} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{83EF7546-D90A-4F13-8B8C-5BE725E2D80C}\578686C202940246F6E6724702361627560246574656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{83EF7546-D90A-4F13-8B8C-5BE725E2D80C}\F6B69446F6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9B96E5BA-F0D8-4E93-AD10-179407E7B178} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [NI Background Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNzMzODIwMDcxLUZMMTArMS1ERFQrNDA1My1ERDEwRisxLVNUMTBGQVBQKzEtTDEwTSsxLUYxME0xMkFOKzMzLUVVTEErMS1TVDEyRkFQUCsx"&"prod=90"&"ver=2012.0.1831"&"mid=009e69a0e65747d1a405d168ddfa09dd-efae4760c7b7207ee66f67f860c99b20dd524db5
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fuzz\AppData\Roaming\Mozilla\Firefox\Profiles\fiiba29q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf829e26a-a4c3-446f-8a09-9fa9b3c8e401%7D&mid=009e69a0e65747d1a405d168ddfa09dd-efae4760c7b7207ee66f67f860c99b20dd524db5&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-07-16%2012%3A54%3A06&sap=ku&q=
FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv86win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-27 136176]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250288]
S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe --> C:\cygwin\bin\cygrunsrv.exe [?]
S3 ck3iusb64;XECUTER CK3i USB Controller Driver;C:\Windows\system32\DRIVERS\ck3iusb64.sys --> C:\Windows\system32\DRIVERS\ck3iusb64.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-27 136176]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-6 114144]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-3-30 24176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-6-15 736104]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-16 01:36:28 -------- d-----w- C:\Users\Fuzz\AppData\Local\Ilivid Player
2012-09-16 01:25:10 -------- d-----w- C:\Users\Fuzz\AppData\Roaming\abgx360
2012-09-16 01:20:02 -------- d-----w- C:\Program Files (x86)\abgx360
2012-09-15 05:17:42 64000 ----a-w- C:\Windows\System32\drivers\ck3iusb64.sys
2012-09-15 05:17:42 43520 ----a-w- C:\Windows\SysWow64\libusb0.dll
2012-09-15 05:17:42 43008 ----a-w- C:\Windows\System32\libusb0.dll
2012-09-15 05:17:42 16896 ----a-w- C:\Windows\System32\drivers\libusb0.sys
2012-09-15 04:35:05 -------- d-----w- C:\Users\Fuzz\AppData\Roaming\LS
2012-09-14 15:38:32 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-14 15:37:43 -------- d-----w- C:\Program Files\iPod
2012-09-14 15:37:42 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 15:37:42 -------- d-----w- C:\Program Files\iTunes
2012-09-14 15:37:42 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-09 17:43:55 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-04 18:15:31 -------- d-----w- C:\Users\Fuzz\AppData\Roaming\JGsoft
2012-09-04 18:15:28 559992 ----a-w- C:\Windows\UnDeploy64.exe
2012-09-04 18:15:28 -------- d-----w- C:\Program Files\Just Great Software
2012-09-04 17:31:45 -------- d-----w- C:\CygwinPackages
2012-09-04 17:31:42 -------- d-----w- C:\cygwin
2012-08-31 06:02:22 -------- d-----w- C:\Users\Fuzz\AppData\Local\CrashDumps
2012-08-31 06:02:10 -------- d-----w- C:\Users\Fuzz\AppData\Local\NBGI
2012-08-31 05:52:58 -------- d-----w- C:\Windows\SysWow64\xlive
2012-08-31 05:52:46 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
.
==================== Find3M ====================
.
2012-09-21 02:56:08 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 02:56:08 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-29 01:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-29 01:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-18 00:20:39 328704 ----a-w- C:\Windows\System32\services.exe.BFB2FD3107BF3A8B
2012-07-13 05:28:12 328704 ----a-w- C:\Windows\System32\services.exe.050527A1142ED84E
2012-07-13 05:20:42 328704 ----a-w- C:\Windows\System32\services.exe.25632D3EFD840F6C
2012-07-13 05:14:59 328704 ----a-w- C:\Windows\System32\services.exe
2012-07-13 05:11:46 328704 ----a-w- C:\Windows\System32\services.exe.FF93B7418CD3ABA0
2012-07-13 05:01:39 328704 ----a-w- C:\Windows\System32\services.exe.36644A1D32BEC394
2012-07-13 04:51:18 328704 ----a-w- C:\Windows\System32\services.exe.AF9517B2A6D731D4
2012-07-12 17:49:48 170039 ----a-w- C:\Windows\SysWow64\drivers\str.sys
2012-07-09 18:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-07-09 18:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
.
============= FINISH: 23:24:59.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 27 September 2012 - 02:31 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 thyfuzz

thyfuzz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 27 September 2012 - 02:00 PM

Hi, thanks for the fast response! Everything worked with AdwCleaner, but RogueKiller is popping up "C:Users\Fuzz\Desktop\RogueKiller.exe is not a valid win32 application" when I try to run it, and I did try to run as administrator. What should I do on that front?

Here's the AdwCleaner text:

# AdwCleaner v2.003 - Logfile created 09/27/2012 at 13:42:36
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Fuzz - DEATHSTAR
# Boot Mode : Normal
# Running from : C:\Users\Fuzz\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Fuzz\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Users\Fuzz\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Fuzz\AppData\Local\Temp\avg@toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Fuzz\AppData\Roaming\Mozilla\Firefox\Profiles\fiiba29q.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bf829e26a-a4c3-446f-8a09-9fa9b3c8e401%[...]

*************************

AdwCleaner[S1].txt - [2711 octets] - [27/09/2012 13:42:36]

########## EOF - C:\AdwCleaner[S1].txt - [2771 octets] ##########


Again, thanks for your help.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 27 September 2012 - 02:36 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 thyfuzz

thyfuzz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 27 September 2012 - 04:22 PM

Once again, thanks for the fast response.

I ran ComboFix, had no errors, but no log showed up. Not sure if one did and if it was saved somewhere. The validation warning from Microsoft Security Essentials is still showing up on restart. I did just check task manager and svchost.exe is still using a ton of memory. Is there a way to fix that? Also, anything I should do about RogueKiller or not getting a log for ComboFix?

Thanks!

Edited by thyfuzz, 27 September 2012 - 08:48 PM.


#6 thyfuzz

thyfuzz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 27 September 2012 - 04:28 PM

One more thing I forgot to add at the beginning, when I try to enable windows firewall it won't allow me too. This might be due to when I tried to fix all this myself, but unfortunately this was a couple of months ago and I'm not sure what I did. Thanks.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 28 September 2012 - 02:49 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 thyfuzz

thyfuzz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 28 September 2012 - 11:12 PM

Comboix finished and gave a log, but I did miss the portion on your previous post about when it reboots to boot in safe mode again. Is that going to be a problem or is it okay since I did get a log?

Here's the log:

ComboFix 12-09-27.03 - Fuzz 09/28/2012 22:36:37.1.8 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4087.3267 [GMT -5:00]
Running from: c:\users\Fuzz\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Fuzz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1FEC3B79-BCBA-4151-9526-C58E085BA25D}.xps
c:\users\Fuzz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A0F7A788-01FA-49C4-8589-8D9A35648FBD}.xps
c:\users\Fuzz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A43433CF-2A75-4D94-821D-B3377E453096}.xps
c:\users\Fuzz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A9709D16-DF92-4D31-B286-0AA41C5F8A84}.xps
c:\users\Fuzz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C896C757-E30F-471A-B6E1-5332904FB002}.xps
c:\users\Fuzz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E9AFA100-EB0D-43FD-85F4-420A3F91E843}.xps
c:\users\Fuzz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EA6D7F8C-39EB-4A47-83A8-D74B65B918D2}.xps
c:\windows\Installer\{0efde5ba-24b2-e097-6e44-1fab97e58302}\@
c:\windows\Installer\{0efde5ba-24b2-e097-6e44-1fab97e58302}\U\00000001.@
c:\windows\Installer\{0efde5ba-24b2-e097-6e44-1fab97e58302}\U\80000000.@
c:\windows\Installer\{0efde5ba-24b2-e097-6e44-1fab97e58302}\U\800000cb.@
c:\windows\SysWow64\drivers\str.sys
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-29 )))))))))))))))))))))))))))))))
.
.
2012-09-29 03:46 . 2012-09-29 03:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-28 17:28 . 2012-09-19 05:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC6741D1-8A68-41BD-A370-A75FFC4CB85D}\mpengine.dll
2012-09-27 21:25 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-09-27 21:25 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-09-16 01:25 . 2012-09-16 15:48 -------- d-----w- c:\users\Fuzz\AppData\Roaming\abgx360
2012-09-16 01:20 . 2012-09-16 01:20 -------- d-----w- c:\program files (x86)\abgx360
2012-09-15 10:02 . 2012-09-15 19:27 -------- d-----w- c:\users\Fuzz\AppData\Roaming\ImgBurn
2012-09-15 09:58 . 2012-09-15 09:58 -------- d-----w- c:\program files (x86)\ImgBurn
2012-09-15 05:17 . 2010-01-18 16:53 64000 ----a-w- c:\windows\system32\drivers\ck3iusb64.sys
2012-09-15 05:17 . 2007-03-20 16:33 43520 ----a-w- c:\windows\SysWow64\libusb0.dll
2012-09-15 05:17 . 2007-03-20 16:33 43008 ----a-w- c:\windows\system32\libusb0.dll
2012-09-15 05:17 . 2007-03-20 16:33 16896 ----a-w- c:\windows\system32\drivers\libusb0.sys
2012-09-15 04:35 . 2012-09-15 04:35 -------- d-----w- c:\users\Fuzz\AppData\Roaming\LS
2012-09-14 15:38 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-14 15:37 . 2012-09-14 15:37 -------- d-----w- c:\program files\iPod
2012-09-14 15:37 . 2012-09-14 15:38 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 15:37 . 2012-09-14 15:38 -------- d-----w- c:\program files\iTunes
2012-09-14 15:37 . 2012-09-14 15:38 -------- d-----w- c:\program files (x86)\iTunes
2012-09-09 17:43 . 2012-09-09 17:43 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-04 18:15 . 2012-09-04 18:15 -------- d-----w- c:\users\Fuzz\AppData\Roaming\JGsoft
2012-09-04 18:15 . 2012-09-04 18:15 -------- d-----w- c:\program files\Just Great Software
2012-09-04 18:15 . 2012-05-31 14:21 559992 ----a-w- c:\windows\UnDeploy64.exe
2012-09-04 17:31 . 2012-09-04 17:32 -------- d-----w- C:\CygwinPackages
2012-09-04 17:31 . 2012-09-04 17:39 -------- d-----w- C:\cygwin
2012-08-31 06:02 . 2012-09-03 06:31 -------- d-----w- c:\users\Fuzz\AppData\Local\CrashDumps
2012-08-31 06:02 . 2012-08-31 06:02 -------- d-----w- c:\users\Fuzz\AppData\Local\NBGI
2012-08-31 05:52 . 2012-08-31 05:52 -------- d-----w- c:\windows\SysWow64\xlive
2012-08-31 05:52 . 2012-08-31 05:52 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 02:56 . 2012-04-02 17:33 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 02:56 . 2011-06-23 01:42 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 05:43 . 2011-01-18 23:21 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-29 01:24 . 2012-08-15 06:14 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-29 01:24 . 2011-02-01 22:04 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-21 18:01 . 2011-01-16 22:09 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 18:01 . 2011-01-16 22:09 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-18 00:20 . 2012-07-18 00:20 328704 ----a-w- c:\windows\system32\services.exe.BFB2FD3107BF3A8B
2012-07-13 05:28 . 2012-07-13 05:28 328704 ----a-w- c:\windows\system32\services.exe.050527A1142ED84E
2012-07-13 05:20 . 2012-07-13 05:20 328704 ----a-w- c:\windows\system32\services.exe.25632D3EFD840F6C
2012-07-13 05:11 . 2012-07-13 05:11 328704 ----a-w- c:\windows\system32\services.exe.FF93B7418CD3ABA0
2012-07-13 05:01 . 2012-07-13 05:01 328704 ----a-w- c:\windows\system32\services.exe.36644A1D32BEC394
2012-07-13 04:51 . 2012-07-13 04:51 328704 ----a-w- c:\windows\system32\services.exe.AF9517B2A6D731D4
2012-07-09 18:42 . 2012-07-09 18:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 18:42 . 2012-07-09 18:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Fuzz\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Spotify Web Helper"="c:\program files (x86)\Spotify\Data\SpotifyWebHelper.exe" [2012-05-27 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"NI Background Service"="c:\program files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe" [2009-08-25 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ&inst=NzctNzMzODIwMDcxLUZMMTArMS1ERFQrNDA1My1ERDEwRisxLVNUMTBGQVBQKzEtTDEwTSsxLUYxME0xMkFOKzMzLUVVTEErMS1TVDEyRkFQUCsx&prod=90&ver=2012.0.1831&mid=009e69a0e65747d1a405d168ddfa09dd-efae4760c7b7207ee66f67f860c99b20dd524db5" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 ALSysIO;ALSysIO;c:\users\Fuzz\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [x]
R3 ck3iusb64;XECUTER CK3i USB Controller Driver;c:\windows\system32\DRIVERS\ck3iusb64.sys [2010-01-18 64000]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2007-03-20 16896]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-06-01 736104]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-18 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-12 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:56]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 19:18]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 19:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Fuzz\AppData\Roaming\Mozilla\Firefox\Profiles\fiiba29q.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:36,3f,ee,79,91,93,cd,01
.
[HKEY_USERS\S-1-5-21-1798039363-2215385431-2041073688-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*G*o*l*d*Bx\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1798039363-2215385431-2041073688-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*P*o*x\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1798039363-2215385431-2041073688-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Z%e%a%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1798039363-2215385431-2041073688-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Z%e%a%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
.
**************************************************************************
.
Completion time: 2012-09-28 22:54:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-29 03:54
.
Pre-Run: 134,621,954,048 bytes free
Post-Run: 135,927,685,120 bytes free
.
- - End Of File - - FAE3EACA4EB1E8170D20A73999305A33

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 28 September 2012 - 11:26 PM

Greetings


it is fine since we got a report

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Edited by gringo_pr, 29 September 2012 - 05:30 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 thyfuzz

thyfuzz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 29 September 2012 - 12:08 AM

Thanks for the super fast response again!

Here's the tdsskiller report:

00:05:25.0348 3276 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
00:05:25.0658 3276 ============================================================
00:05:25.0658 3276 Current date / time: 2012/09/29 00:05:25.0658
00:05:25.0658 3276 SystemInfo:
00:05:25.0658 3276
00:05:25.0658 3276 OS Version: 6.1.7601 ServicePack: 1.0
00:05:25.0658 3276 Product type: Workstation
00:05:25.0658 3276 ComputerName: DEATHSTAR
00:05:25.0658 3276 UserName: Fuzz
00:05:25.0658 3276 Windows directory: C:\Windows
00:05:25.0658 3276 System windows directory: C:\Windows
00:05:25.0658 3276 Running under WOW64
00:05:25.0658 3276 Processor architecture: Intel x64
00:05:25.0658 3276 Number of processors: 8
00:05:25.0658 3276 Page size: 0x1000
00:05:25.0658 3276 Boot type: Normal boot
00:05:25.0658 3276 ============================================================
00:05:26.0528 3276 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:05:26.0588 3276 ============================================================
00:05:26.0588 3276 \Device\Harddisk0\DR0:
00:05:26.0588 3276 MBR partitions:
00:05:26.0588 3276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:05:26.0588 3276 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
00:05:26.0588 3276 ============================================================
00:05:26.0608 3276 C: <-> \Device\Harddisk0\DR0\Partition2
00:05:26.0608 3276 ============================================================
00:05:26.0608 3276 Initialize success
00:05:26.0608 3276 ============================================================
00:05:31.0728 3980 ============================================================
00:05:31.0728 3980 Scan started
00:05:31.0728 3980 Mode: Manual;
00:05:31.0728 3980 ============================================================
00:05:32.0448 3980 ================ Scan system memory ========================
00:05:32.0448 3980 System memory - ok
00:05:32.0448 3980 ================ Scan services =============================
00:05:32.0798 3980 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:05:32.0798 3980 1394ohci - ok
00:05:32.0848 3980 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:05:32.0858 3980 ACPI - ok
00:05:32.0878 3980 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:05:32.0878 3980 AcpiPmi - ok
00:05:32.0988 3980 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:05:32.0988 3980 AdobeARMservice - ok
00:05:33.0118 3980 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:05:33.0118 3980 AdobeFlashPlayerUpdateSvc - ok
00:05:33.0178 3980 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:05:33.0188 3980 adp94xx - ok
00:05:33.0208 3980 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:05:33.0208 3980 adpahci - ok
00:05:33.0228 3980 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:05:33.0228 3980 adpu320 - ok
00:05:33.0258 3980 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:05:33.0258 3980 AeLookupSvc - ok
00:05:33.0318 3980 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:05:33.0328 3980 AFD - ok
00:05:33.0348 3980 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:05:33.0358 3980 agp440 - ok
00:05:33.0368 3980 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:05:33.0368 3980 ALG - ok
00:05:33.0388 3980 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:05:33.0388 3980 aliide - ok
00:05:33.0468 3980 ALSysIO - ok
00:05:33.0508 3980 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:05:33.0508 3980 AMD External Events Utility - ok
00:05:33.0528 3980 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:05:33.0528 3980 amdide - ok
00:05:33.0558 3980 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:05:33.0558 3980 AmdK8 - ok
00:05:33.0758 3980 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:05:33.0918 3980 amdkmdag - ok
00:05:33.0938 3980 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
00:05:33.0948 3980 amdkmdap - ok
00:05:33.0958 3980 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:05:33.0958 3980 AmdPPM - ok
00:05:33.0988 3980 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:05:33.0988 3980 amdsata - ok
00:05:34.0018 3980 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:05:34.0028 3980 amdsbs - ok
00:05:34.0038 3980 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:05:34.0038 3980 amdxata - ok
00:05:34.0078 3980 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:05:34.0078 3980 AppID - ok
00:05:34.0118 3980 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:05:34.0118 3980 AppIDSvc - ok
00:05:34.0158 3980 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:05:34.0158 3980 Appinfo - ok
00:05:34.0238 3980 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:05:34.0238 3980 Apple Mobile Device - ok
00:05:34.0268 3980 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
00:05:34.0278 3980 AppMgmt - ok
00:05:34.0288 3980 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:05:34.0288 3980 arc - ok
00:05:34.0298 3980 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:05:34.0308 3980 arcsas - ok
00:05:34.0328 3980 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:05:34.0328 3980 AsyncMac - ok
00:05:34.0338 3980 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:05:34.0338 3980 atapi - ok
00:05:34.0388 3980 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
00:05:34.0388 3980 AtiHDAudioService - ok
00:05:34.0598 3980 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:05:34.0638 3980 atikmdag - ok
00:05:34.0698 3980 [ B4BDE3F758A34658A37DFED3D9783CD8 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
00:05:34.0698 3980 atksgt - ok
00:05:34.0768 3980 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:05:34.0788 3980 AudioEndpointBuilder - ok
00:05:34.0808 3980 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:05:34.0808 3980 AudioSrv - ok
00:05:34.0868 3980 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:05:34.0868 3980 AxInstSV - ok
00:05:34.0888 3980 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:05:34.0898 3980 b06bdrv - ok
00:05:34.0918 3980 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:05:34.0928 3980 b57nd60a - ok
00:05:34.0948 3980 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:05:34.0958 3980 BDESVC - ok
00:05:34.0958 3980 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:05:34.0958 3980 Beep - ok
00:05:35.0008 3980 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:05:35.0028 3980 BFE - ok
00:05:35.0098 3980 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
00:05:35.0108 3980 BITS - ok
00:05:35.0118 3980 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:05:35.0128 3980 blbdrive - ok
00:05:35.0208 3980 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:05:35.0218 3980 Bonjour Service - ok
00:05:35.0248 3980 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:05:35.0258 3980 bowser - ok
00:05:35.0268 3980 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:05:35.0268 3980 BrFiltLo - ok
00:05:35.0278 3980 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:05:35.0278 3980 BrFiltUp - ok
00:05:35.0298 3980 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
00:05:35.0298 3980 BridgeMP - ok
00:05:35.0388 3980 BrlAPI - ok
00:05:35.0408 3980 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:05:35.0408 3980 Browser - ok
00:05:35.0428 3980 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:05:35.0438 3980 Brserid - ok
00:05:35.0448 3980 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:05:35.0448 3980 BrSerWdm - ok
00:05:35.0458 3980 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:05:35.0458 3980 BrUsbMdm - ok
00:05:35.0478 3980 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:05:35.0478 3980 BrUsbSer - ok
00:05:35.0488 3980 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:05:35.0488 3980 BTHMODEM - ok
00:05:35.0508 3980 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:05:35.0518 3980 bthserv - ok
00:05:35.0518 3980 catchme - ok
00:05:35.0538 3980 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:05:35.0538 3980 cdfs - ok
00:05:35.0608 3980 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:05:35.0608 3980 cdrom - ok
00:05:35.0658 3980 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:05:35.0658 3980 CertPropSvc - ok
00:05:35.0678 3980 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:05:35.0678 3980 circlass - ok
00:05:35.0718 3980 [ 2FA183E2AEF5A9559FFF00B1C63525E8 ] ck3iusb64 C:\Windows\system32\DRIVERS\ck3iusb64.sys
00:05:35.0718 3980 ck3iusb64 - ok
00:05:35.0748 3980 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:05:35.0748 3980 CLFS - ok
00:05:35.0808 3980 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:05:35.0818 3980 clr_optimization_v2.0.50727_32 - ok
00:05:35.0848 3980 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:05:35.0848 3980 clr_optimization_v2.0.50727_64 - ok
00:05:35.0938 3980 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:05:35.0948 3980 clr_optimization_v4.0.30319_32 - ok
00:05:35.0968 3980 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:05:35.0968 3980 clr_optimization_v4.0.30319_64 - ok
00:05:35.0988 3980 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:05:35.0988 3980 CmBatt - ok
00:05:36.0008 3980 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:05:36.0018 3980 cmdide - ok
00:05:36.0048 3980 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:05:36.0048 3980 CNG - ok
00:05:36.0068 3980 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:05:36.0068 3980 Compbatt - ok
00:05:36.0108 3980 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:05:36.0108 3980 CompositeBus - ok
00:05:36.0118 3980 COMSysApp - ok
00:05:36.0168 3980 [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
00:05:36.0168 3980 cpuz135 - ok
00:05:36.0178 3980 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:05:36.0178 3980 crcdisk - ok
00:05:36.0218 3980 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:05:36.0218 3980 CryptSvc - ok
00:05:36.0268 3980 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
00:05:36.0268 3980 CSC - ok
00:05:36.0298 3980 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
00:05:36.0308 3980 CscService - ok
00:05:36.0408 3980 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
00:05:36.0408 3980 DAUpdaterSvc - ok
00:05:36.0438 3980 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:05:36.0438 3980 DcomLaunch - ok
00:05:36.0478 3980 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:05:36.0478 3980 defragsvc - ok
00:05:36.0518 3980 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:05:36.0518 3980 DfsC - ok
00:05:36.0548 3980 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:05:36.0558 3980 Dhcp - ok
00:05:36.0568 3980 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:05:36.0568 3980 discache - ok
00:05:36.0598 3980 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:05:36.0598 3980 Disk - ok
00:05:36.0628 3980 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:05:36.0638 3980 Dnscache - ok
00:05:36.0688 3980 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:05:36.0698 3980 dot3svc - ok
00:05:36.0738 3980 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
00:05:36.0738 3980 dot4 - ok
00:05:36.0778 3980 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
00:05:36.0778 3980 Dot4Print - ok
00:05:36.0808 3980 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
00:05:36.0808 3980 dot4usb - ok
00:05:36.0848 3980 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:05:36.0858 3980 DPS - ok
00:05:36.0888 3980 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:05:36.0888 3980 drmkaud - ok
00:05:36.0928 3980 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:05:36.0928 3980 dtsoftbus01 - ok
00:05:36.0958 3980 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:05:36.0958 3980 DXGKrnl - ok
00:05:36.0998 3980 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
00:05:37.0008 3980 e1yexpress - ok
00:05:37.0028 3980 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:05:37.0038 3980 EapHost - ok
00:05:37.0138 3980 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:05:37.0208 3980 ebdrv - ok
00:05:37.0238 3980 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:05:37.0248 3980 EFS - ok
00:05:37.0288 3980 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:05:37.0338 3980 ehRecvr - ok
00:05:37.0368 3980 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:05:37.0378 3980 ehSched - ok
00:05:37.0408 3980 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:05:37.0418 3980 elxstor - ok
00:05:37.0438 3980 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:05:37.0438 3980 ErrDev - ok
00:05:37.0458 3980 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:05:37.0468 3980 EventSystem - ok
00:05:37.0488 3980 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:05:37.0488 3980 exfat - ok
00:05:37.0508 3980 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:05:37.0508 3980 fastfat - ok
00:05:37.0558 3980 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:05:37.0578 3980 Fax - ok
00:05:37.0588 3980 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:05:37.0598 3980 fdc - ok
00:05:37.0608 3980 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:05:37.0608 3980 fdPHost - ok
00:05:37.0618 3980 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:05:37.0618 3980 FDResPub - ok
00:05:37.0638 3980 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:05:37.0648 3980 FileInfo - ok
00:05:37.0648 3980 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:05:37.0648 3980 Filetrace - ok
00:05:37.0718 3980 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:05:37.0728 3980 FLEXnet Licensing Service - ok
00:05:37.0738 3980 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:05:37.0738 3980 flpydisk - ok
00:05:37.0778 3980 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:05:37.0778 3980 FltMgr - ok
00:05:37.0818 3980 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:05:37.0848 3980 FontCache - ok
00:05:37.0908 3980 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:05:37.0908 3980 FontCache3.0.0.0 - ok
00:05:37.0918 3980 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:05:37.0928 3980 FsDepends - ok
00:05:37.0948 3980 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:05:37.0948 3980 Fs_Rec - ok
00:05:37.0978 3980 [ ED07200CFF78FACFB66EBB0B89F503A4 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
00:05:37.0978 3980 FTDIBUS - ok
00:05:37.0998 3980 [ 9980E7584484A009E77E9BFA14C0C18A ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
00:05:37.0998 3980 FTSER2K - ok
00:05:38.0068 3980 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:05:38.0068 3980 fvevol - ok
00:05:38.0088 3980 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:05:38.0088 3980 gagp30kx - ok
00:05:38.0108 3980 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:05:38.0118 3980 GEARAspiWDM - ok
00:05:38.0168 3980 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:05:38.0178 3980 gpsvc - ok
00:05:38.0238 3980 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:05:38.0238 3980 gupdate - ok
00:05:38.0258 3980 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:05:38.0258 3980 gupdatem - ok
00:05:38.0278 3980 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:05:38.0278 3980 hcw85cir - ok
00:05:38.0318 3980 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:05:38.0328 3980 HdAudAddService - ok
00:05:38.0358 3980 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:05:38.0358 3980 HDAudBus - ok
00:05:38.0358 3980 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:05:38.0358 3980 HidBatt - ok
00:05:38.0378 3980 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:05:38.0378 3980 HidBth - ok
00:05:38.0388 3980 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:05:38.0398 3980 HidIr - ok
00:05:38.0418 3980 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
00:05:38.0418 3980 hidserv - ok
00:05:38.0448 3980 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:05:38.0458 3980 HidUsb - ok
00:05:38.0488 3980 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:05:38.0488 3980 hkmsvc - ok
00:05:38.0528 3980 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:05:38.0538 3980 HomeGroupListener - ok
00:05:38.0568 3980 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:05:38.0578 3980 HomeGroupProvider - ok
00:05:38.0598 3980 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:05:38.0598 3980 HpSAMD - ok
00:05:38.0649 3980 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:05:38.0659 3980 HTTP - ok
00:05:38.0699 3980 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:05:38.0699 3980 hwpolicy - ok
00:05:38.0739 3980 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:05:38.0739 3980 i8042prt - ok
00:05:38.0769 3980 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:05:38.0769 3980 iaStorV - ok
00:05:38.0819 3980 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:05:38.0849 3980 idsvc - ok
00:05:38.0869 3980 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:05:38.0869 3980 iirsp - ok
00:05:38.0899 3980 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:05:38.0919 3980 IKEEXT - ok
00:05:38.0949 3980 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:05:38.0949 3980 intelide - ok
00:05:38.0969 3980 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:05:38.0979 3980 intelppm - ok
00:05:39.0009 3980 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:05:39.0009 3980 IPBusEnum - ok
00:05:39.0049 3980 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:05:39.0089 3980 IpFilterDriver - ok
00:05:39.0119 3980 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:05:39.0119 3980 IPMIDRV - ok
00:05:39.0129 3980 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:05:39.0139 3980 IPNAT - ok
00:05:39.0189 3980 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:05:39.0209 3980 iPod Service - ok
00:05:39.0239 3980 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:05:39.0239 3980 IRENUM - ok
00:05:39.0259 3980 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:05:39.0259 3980 isapnp - ok
00:05:39.0289 3980 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:05:39.0289 3980 iScsiPrt - ok
00:05:39.0329 3980 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:05:39.0329 3980 kbdclass - ok
00:05:39.0349 3980 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:05:39.0349 3980 kbdhid - ok
00:05:39.0359 3980 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:05:39.0359 3980 KeyIso - ok
00:05:39.0379 3980 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:05:39.0379 3980 KSecDD - ok
00:05:39.0399 3980 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:05:39.0399 3980 KSecPkg - ok
00:05:39.0409 3980 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:05:39.0419 3980 ksthunk - ok
00:05:39.0469 3980 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:05:39.0479 3980 KtmRm - ok
00:05:39.0549 3980 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
00:05:39.0559 3980 LanmanServer - ok
00:05:39.0589 3980 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:05:39.0599 3980 LanmanWorkstation - ok
00:05:39.0629 3980 [ 020DFDB1927C996C990E70ED86CFDB06 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
00:05:39.0639 3980 libusb0 - ok
00:05:39.0669 3980 [ 955982BF4421B77722196552B62E8DC2 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
00:05:39.0669 3980 lirsgt - ok
00:05:39.0749 3980 [ 20CDB07017497C94A0BAD253C4BAFCBC ] LkCitadelServer C:\Windows\SysWOW64\lkcitdl.exe
00:05:39.0769 3980 LkCitadelServer - ok
00:05:39.0809 3980 [ C373079F8D6A3543FAADB96C874CF06B ] lkClassAds C:\Windows\SysWOW64\lkads.exe
00:05:39.0819 3980 lkClassAds - ok
00:05:39.0829 3980 [ ED1C2F1B9B7DEDEE5C6287211AC4422E ] lkTimeSync C:\Windows\SysWOW64\lktsrv.exe
00:05:39.0829 3980 lkTimeSync - ok
00:05:39.0859 3980 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:05:39.0859 3980 lltdio - ok
00:05:39.0879 3980 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:05:39.0889 3980 lltdsvc - ok
00:05:39.0899 3980 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:05:39.0909 3980 lmhosts - ok
00:05:39.0939 3980 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:05:39.0949 3980 LSI_FC - ok
00:05:39.0959 3980 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:05:39.0959 3980 LSI_SAS - ok
00:05:39.0969 3980 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:05:39.0979 3980 LSI_SAS2 - ok
00:05:39.0989 3980 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:05:39.0989 3980 LSI_SCSI - ok
00:05:40.0009 3980 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:05:40.0009 3980 luafv - ok
00:05:40.0039 3980 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:05:40.0039 3980 Mcx2Svc - ok
00:05:40.0049 3980 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:05:40.0049 3980 megasas - ok
00:05:40.0069 3980 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:05:40.0069 3980 MegaSR - ok
00:05:40.0129 3980 Microsoft SharePoint Workspace Audit Service - ok
00:05:40.0139 3980 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:05:40.0139 3980 MMCSS - ok
00:05:40.0159 3980 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:05:40.0159 3980 Modem - ok
00:05:40.0179 3980 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:05:40.0179 3980 monitor - ok
00:05:40.0199 3980 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:05:40.0199 3980 mouclass - ok
00:05:40.0209 3980 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:05:40.0209 3980 mouhid - ok
00:05:40.0229 3980 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:05:40.0229 3980 mountmgr - ok
00:05:40.0339 3980 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:05:40.0339 3980 MozillaMaintenance - ok
00:05:40.0389 3980 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
00:05:40.0399 3980 MpFilter - ok
00:05:40.0409 3980 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:05:40.0409 3980 mpio - ok
00:05:40.0429 3980 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:05:40.0429 3980 mpsdrv - ok
00:05:40.0459 3980 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:05:40.0469 3980 MRxDAV - ok
00:05:40.0509 3980 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:05:40.0509 3980 mrxsmb - ok
00:05:40.0539 3980 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:05:40.0549 3980 mrxsmb10 - ok
00:05:40.0559 3980 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:05:40.0559 3980 mrxsmb20 - ok
00:05:40.0589 3980 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:05:40.0589 3980 msahci - ok
00:05:40.0609 3980 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:05:40.0619 3980 msdsm - ok
00:05:40.0649 3980 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:05:40.0649 3980 MSDTC - ok
00:05:40.0679 3980 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:05:40.0679 3980 Msfs - ok
00:05:40.0699 3980 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:05:40.0699 3980 mshidkmdf - ok
00:05:40.0719 3980 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:05:40.0719 3980 msisadrv - ok
00:05:40.0739 3980 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:05:40.0739 3980 MSiSCSI - ok
00:05:40.0749 3980 msiserver - ok
00:05:40.0769 3980 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:05:40.0769 3980 MSKSSRV - ok
00:05:40.0829 3980 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:05:40.0839 3980 MsMpSvc - ok
00:05:40.0859 3980 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:05:40.0859 3980 MSPCLOCK - ok
00:05:40.0869 3980 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:05:40.0869 3980 MSPQM - ok
00:05:40.0909 3980 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:05:40.0919 3980 MsRPC - ok
00:05:40.0929 3980 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:05:40.0929 3980 mssmbios - ok
00:05:40.0959 3980 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:05:40.0959 3980 MSTEE - ok
00:05:40.0979 3980 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:05:40.0979 3980 MTConfig - ok
00:05:41.0009 3980 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:05:41.0009 3980 Mup - ok
00:05:41.0049 3980 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:05:41.0089 3980 napagent - ok
00:05:41.0119 3980 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:05:41.0129 3980 NativeWifiP - ok
00:05:41.0169 3980 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:05:41.0169 3980 NDIS - ok
00:05:41.0189 3980 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:05:41.0189 3980 NdisCap - ok
00:05:41.0219 3980 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:05:41.0219 3980 NdisTapi - ok
00:05:41.0259 3980 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:05:41.0259 3980 Ndisuio - ok
00:05:41.0299 3980 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:05:41.0309 3980 NdisWan - ok
00:05:41.0339 3980 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:05:41.0339 3980 NDProxy - ok
00:05:41.0349 3980 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:05:41.0349 3980 NetBIOS - ok
00:05:41.0399 3980 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:05:41.0399 3980 NetBT - ok
00:05:41.0409 3980 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:05:41.0409 3980 Netlogon - ok
00:05:41.0459 3980 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:05:41.0459 3980 Netman - ok
00:05:41.0479 3980 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:05:41.0489 3980 netprofm - ok
00:05:41.0509 3980 [ F3A1D8B7317939813568992D1BFDDE37 ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
00:05:41.0519 3980 netr7364 - ok
00:05:41.0549 3980 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:05:41.0549 3980 NetTcpPortSharing - ok
00:05:41.0589 3980 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:05:41.0589 3980 nfrd960 - ok
00:05:41.0649 3980 [ A36307747E7BB2DC015F9FE4350A4A08 ] NIDomainService C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
00:05:41.0649 3980 NIDomainService - ok
00:05:41.0709 3980 [ B17093B9A2C5F874975C732C1A8BA771 ] NILM License Manager C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
00:05:41.0739 3980 NILM License Manager - ok
00:05:41.0809 3980 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:05:41.0819 3980 NisDrv - ok
00:05:41.0879 3980 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
00:05:41.0879 3980 NisSrv - ok
00:05:41.0889 3980 niSvcLoc - ok
00:05:41.0949 3980 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:05:41.0949 3980 NlaSvc - ok
00:05:41.0959 3980 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:05:41.0969 3980 Npfs - ok
00:05:41.0989 3980 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:05:41.0999 3980 nsi - ok
00:05:42.0009 3980 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:05:42.0009 3980 nsiproxy - ok
00:05:42.0049 3980 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:05:42.0059 3980 Ntfs - ok
00:05:42.0069 3980 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:05:42.0069 3980 Null - ok
00:05:42.0089 3980 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:05:42.0099 3980 nvraid - ok
00:05:42.0119 3980 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:05:42.0119 3980 nvstor - ok
00:05:42.0139 3980 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:05:42.0139 3980 nv_agp - ok
00:05:42.0159 3980 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:05:42.0169 3980 ohci1394 - ok
00:05:42.0199 3980 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:05:42.0209 3980 ose64 - ok
00:05:42.0329 3980 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:05:42.0409 3980 osppsvc - ok
00:05:42.0429 3980 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:05:42.0439 3980 p2pimsvc - ok
00:05:42.0449 3980 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:05:42.0459 3980 p2psvc - ok
00:05:42.0469 3980 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:05:42.0469 3980 Parport - ok
00:05:42.0499 3980 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:05:42.0499 3980 partmgr - ok
00:05:42.0539 3980 [ 7C0582921913D00180EC2B8518BA135C ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
00:05:42.0549 3980 pbfilter - ok
00:05:42.0559 3980 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:05:42.0569 3980 PcaSvc - ok
00:05:42.0579 3980 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:05:42.0589 3980 pci - ok
00:05:42.0619 3980 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:05:42.0619 3980 pciide - ok
00:05:42.0629 3980 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:05:42.0629 3980 pcmcia - ok
00:05:42.0649 3980 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:05:42.0649 3980 pcw - ok
00:05:42.0669 3980 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:05:42.0669 3980 PEAUTH - ok
00:05:42.0709 3980 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:05:42.0749 3980 PeerDistSvc - ok
00:05:42.0769 3980 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:05:42.0769 3980 PerfHost - ok
00:05:42.0829 3980 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:05:42.0859 3980 pla - ok
00:05:42.0919 3980 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:05:42.0919 3980 PlugPlay - ok
00:05:42.0929 3980 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:05:42.0929 3980 PNRPAutoReg - ok
00:05:42.0949 3980 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:05:42.0949 3980 PNRPsvc - ok
00:05:42.0989 3980 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:05:42.0989 3980 PolicyAgent - ok
00:05:43.0039 3980 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:05:43.0069 3980 Power - ok
00:05:43.0099 3980 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:05:43.0109 3980 PptpMiniport - ok
00:05:43.0129 3980 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:05:43.0129 3980 Processor - ok
00:05:43.0159 3980 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:05:43.0159 3980 ProfSvc - ok
00:05:43.0169 3980 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:05:43.0169 3980 ProtectedStorage - ok
00:05:43.0219 3980 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:05:43.0229 3980 Psched - ok
00:05:43.0259 3980 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
00:05:43.0259 3980 PxHlpa64 - ok
00:05:43.0309 3980 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:05:43.0349 3980 ql2300 - ok
00:05:43.0359 3980 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:05:43.0369 3980 ql40xx - ok
00:05:43.0379 3980 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:05:43.0389 3980 QWAVE - ok
00:05:43.0389 3980 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:05:43.0389 3980 QWAVEdrv - ok
00:05:43.0409 3980 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:05:43.0409 3980 RasAcd - ok
00:05:43.0449 3980 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:05:43.0449 3980 RasAgileVpn - ok
00:05:43.0469 3980 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:05:43.0469 3980 RasAuto - ok
00:05:43.0509 3980 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:05:43.0509 3980 Rasl2tp - ok
00:05:43.0529 3980 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:05:43.0529 3980 RasMan - ok
00:05:43.0539 3980 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:05:43.0549 3980 RasPppoe - ok
00:05:43.0579 3980 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:05:43.0589 3980 RasSstp - ok
00:05:43.0599 3980 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:05:43.0609 3980 rdbss - ok
00:05:43.0609 3980 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:05:43.0609 3980 rdpbus - ok
00:05:43.0619 3980 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:05:43.0619 3980 RDPCDD - ok
00:05:43.0659 3980 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:05:43.0669 3980 RDPDR - ok
00:05:43.0699 3980 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:05:43.0699 3980 RDPENCDD - ok
00:05:43.0709 3980 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:05:43.0709 3980 RDPREFMP - ok
00:05:43.0779 3980 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:05:43.0779 3980 RdpVideoMiniport - ok
00:05:43.0809 3980 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:05:43.0809 3980 RDPWD - ok
00:05:43.0849 3980 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:05:43.0849 3980 rdyboost - ok
00:05:43.0879 3980 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:05:43.0879 3980 RemoteAccess - ok
00:05:43.0899 3980 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:05:43.0899 3980 RemoteRegistry - ok
00:05:43.0919 3980 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:05:43.0919 3980 RpcEptMapper - ok
00:05:43.0939 3980 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:05:43.0939 3980 RpcLocator - ok
00:05:43.0989 3980 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:05:43.0999 3980 RpcSs - ok
00:05:44.0009 3980 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:05:44.0009 3980 rspndr - ok
00:05:44.0039 3980 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
00:05:44.0039 3980 s3cap - ok
00:05:44.0049 3980 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:05:44.0049 3980 SamSs - ok
00:05:44.0079 3980 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:05:44.0079 3980 sbp2port - ok
00:05:44.0089 3980 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:05:44.0099 3980 SCardSvr - ok
00:05:44.0119 3980 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:05:44.0119 3980 scfilter - ok
00:05:44.0149 3980 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:05:44.0159 3980 Schedule - ok
00:05:44.0219 3980 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:05:44.0219 3980 SCPolicySvc - ok
00:05:44.0249 3980 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:05:44.0249 3980 SDRSVC - ok
00:05:44.0269 3980 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:05:44.0279 3980 secdrv - ok
00:05:44.0309 3980 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:05:44.0309 3980 seclogon - ok
00:05:44.0329 3980 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
00:05:44.0329 3980 SENS - ok
00:05:44.0339 3980 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:05:44.0339 3980 SensrSvc - ok
00:05:44.0359 3980 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:05:44.0359 3980 Serenum - ok
00:05:44.0369 3980 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:05:44.0369 3980 Serial - ok
00:05:44.0399 3980 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:05:44.0399 3980 sermouse - ok
00:05:44.0449 3980 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:05:44.0449 3980 SessionEnv - ok
00:05:44.0469 3980 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:05:44.0469 3980 sffdisk - ok
00:05:44.0479 3980 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:05:44.0479 3980 sffp_mmc - ok
00:05:44.0489 3980 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:05:44.0489 3980 sffp_sd - ok
00:05:44.0499 3980 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:05:44.0499 3980 sfloppy - ok
00:05:44.0549 3980 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:05:44.0559 3980 SharedAccess - ok
00:05:44.0599 3980 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:05:44.0599 3980 ShellHWDetection - ok
00:05:44.0629 3980 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:05:44.0629 3980 SiSRaid2 - ok
00:05:44.0629 3980 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:05:44.0629 3980 SiSRaid4 - ok
00:05:44.0679 3980 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:05:44.0679 3980 SkypeUpdate - ok
00:05:44.0699 3980 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:05:44.0699 3980 Smb - ok
00:05:44.0749 3980 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:05:44.0749 3980 SNMPTRAP - ok
00:05:44.0759 3980 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:05:44.0759 3980 spldr - ok
00:05:44.0789 3980 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:05:44.0789 3980 Spooler - ok
00:05:44.0889 3980 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:05:44.0949 3980 sppsvc - ok
00:05:44.0959 3980 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:05:44.0969 3980 sppuinotify - ok
00:05:45.0019 3980 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:05:45.0029 3980 srv - ok
00:05:45.0049 3980 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:05:45.0049 3980 srv2 - ok
00:05:45.0069 3980 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:05:45.0069 3980 srvnet - ok
00:05:45.0109 3980 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:05:45.0109 3980 SSDPSRV - ok
00:05:45.0129 3980 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:05:45.0129 3980 SstpSvc - ok
00:05:45.0169 3980 Steam Client Service - ok
00:05:45.0189 3980 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:05:45.0189 3980 stexstor - ok
00:05:45.0239 3980 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:05:45.0249 3980 stisvc - ok
00:05:45.0279 3980 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
00:05:45.0289 3980 storflt - ok
00:05:45.0299 3980 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
00:05:45.0299 3980 storvsc - ok
00:05:45.0329 3980 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:05:45.0329 3980 swenum - ok
00:05:45.0349 3980 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:05:45.0369 3980 swprv - ok
00:05:45.0379 3980 Synth3dVsc - ok
00:05:45.0439 3980 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:05:45.0479 3980 SysMain - ok
00:05:45.0509 3980 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:05:45.0519 3980 TabletInputService - ok
00:05:45.0559 3980 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
00:05:45.0559 3980 tap0901t - ok
00:05:45.0599 3980 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:05:45.0599 3980 TapiSrv - ok
00:05:45.0619 3980 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:05:45.0619 3980 TBS - ok
00:05:45.0679 3980 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:05:45.0689 3980 Tcpip - ok
00:05:45.0759 3980 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:05:45.0779 3980 TCPIP6 - ok
00:05:45.0799 3980 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:05:45.0799 3980 tcpipreg - ok
00:05:45.0839 3980 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:05:45.0839 3980 TDPIPE - ok
00:05:45.0869 3980 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:05:45.0869 3980 TDTCP - ok
00:05:45.0899 3980 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:05:45.0899 3980 tdx - ok
00:05:45.0929 3980 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:05:45.0929 3980 TermDD - ok
00:05:45.0969 3980 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:05:45.0979 3980 TermService - ok
00:05:45.0989 3980 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:05:45.0999 3980 Themes - ok
00:05:46.0019 3980 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:05:46.0019 3980 THREADORDER - ok
00:05:46.0039 3980 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:05:46.0049 3980 TrkWks - ok
00:05:46.0109 3980 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:05:46.0109 3980 TrustedInstaller - ok
00:05:46.0149 3980 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:05:46.0149 3980 tssecsrv - ok
00:05:46.0169 3980 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:05:46.0169 3980 TsUsbFlt - ok
00:05:46.0169 3980 tsusbhub - ok
00:05:46.0209 3980 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:05:46.0219 3980 tunnel - ok
00:05:46.0289 3980 [ F8302E3E534AF5E3F2588A974BEA80DF ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
00:05:46.0309 3980 TunngleService - ok
00:05:46.0339 3980 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:05:46.0339 3980 uagp35 - ok
00:05:46.0359 3980 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:05:46.0359 3980 udfs - ok
00:05:46.0379 3980 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:05:46.0389 3980 UI0Detect - ok
00:05:46.0409 3980 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:05:46.0419 3980 uliagpkx - ok
00:05:46.0439 3980 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:05:46.0439 3980 umbus - ok
00:05:46.0459 3980 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:05:46.0459 3980 UmPass - ok
00:05:46.0489 3980 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
00:05:46.0499 3980 UmRdpService - ok
00:05:46.0509 3980 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:05:46.0519 3980 upnphost - ok
00:05:46.0549 3980 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
00:05:46.0549 3980 USBAAPL64 - ok
00:05:46.0569 3980 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:05:46.0569 3980 usbccgp - ok
00:05:46.0599 3980 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:05:46.0599 3980 usbcir - ok
00:05:46.0619 3980 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:05:46.0629 3980 usbehci - ok
00:05:46.0659 3980 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:05:46.0659 3980 usbhub - ok
00:05:46.0679 3980 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:05:46.0679 3980 usbohci - ok
00:05:46.0699 3980 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:05:46.0699 3980 usbprint - ok
00:05:46.0759 3980 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:05:46.0759 3980 usbscan - ok
00:05:46.0779 3980 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:05:46.0779 3980 USBSTOR - ok
00:05:46.0789 3980 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:05:46.0799 3980 usbuhci - ok
00:05:46.0809 3980 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:05:46.0809 3980 UxSms - ok
00:05:46.0819 3980 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:05:46.0819 3980 VaultSvc - ok
00:05:46.0849 3980 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:05:46.0849 3980 vdrvroot - ok
00:05:46.0879 3980 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:05:46.0899 3980 vds - ok
00:05:46.0919 3980 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:05:46.0919 3980 vga - ok
00:05:46.0929 3980 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:05:46.0929 3980 VgaSave - ok
00:05:46.0929 3980 VGPU - ok
00:05:46.0959 3980 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:05:46.0969 3980 vhdmp - ok
00:05:46.0999 3980 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:05:46.0999 3980 viaide - ok
00:05:47.0039 3980 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
00:05:47.0059 3980 vmbus - ok
00:05:47.0079 3980 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
00:05:47.0089 3980 VMBusHID - ok
00:05:47.0129 3980 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:05:47.0129 3980 volmgr - ok
00:05:47.0169 3980 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:05:47.0179 3980 volmgrx - ok
00:05:47.0189 3980 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:05:47.0199 3980 volsnap - ok
00:05:47.0219 3980 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:05:47.0219 3980 vsmraid - ok
00:05:47.0279 3980 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:05:47.0319 3980 VSS - ok
00:05:47.0329 3980 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:05:47.0329 3980 vwifibus - ok
00:05:47.0339 3980 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:05:47.0339 3980 vwififlt - ok
00:05:47.0369 3980 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:05:47.0379 3980 W32Time - ok
00:05:47.0379 3980 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:05:47.0379 3980 WacomPen - ok
00:05:47.0399 3980 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:05:47.0399 3980 WANARP - ok
00:05:47.0399 3980 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:05:47.0399 3980 Wanarpv6 - ok
00:05:47.0459 3980 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:05:47.0489 3980 WatAdminSvc - ok
00:05:47.0539 3980 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:05:47.0579 3980 wbengine - ok
00:05:47.0599 3980 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:05:47.0599 3980 WbioSrvc - ok
00:05:47.0649 3980 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:05:47.0659 3980 wcncsvc - ok
00:05:47.0669 3980 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:05:47.0679 3980 WcsPlugInService - ok
00:05:47.0689 3980 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:05:47.0689 3980 Wd - ok
00:05:47.0709 3980 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:05:47.0729 3980 Wdf01000 - ok
00:05:47.0739 3980 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:05:47.0749 3980 WdiServiceHost - ok
00:05:47.0749 3980 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:05:47.0749 3980 WdiSystemHost - ok
00:05:47.0789 3980 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:05:47.0789 3980 WebClient - ok
00:05:47.0809 3980 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:05:47.0809 3980 Wecsvc - ok
00:05:47.0819 3980 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:05:47.0829 3980 wercplsupport - ok
00:05:47.0859 3980 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:05:47.0859 3980 WerSvc - ok
00:05:47.0889 3980 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:05:47.0899 3980 WfpLwf - ok
00:05:47.0909 3980 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:05:47.0909 3980 WIMMount - ok
00:05:47.0939 3980 WinDefend - ok
00:05:47.0939 3980 WinHttpAutoProxySvc - ok
00:05:47.0989 3980 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:05:47.0999 3980 Winmgmt - ok
00:05:48.0059 3980 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:05:48.0099 3980 WinRM - ok
00:05:48.0139 3980 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:05:48.0139 3980 WinUsb - ok
00:05:48.0169 3980 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:05:48.0189 3980 Wlansvc - ok
00:05:48.0219 3980 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:05:48.0219 3980 WmiAcpi - ok
00:05:48.0229 3980 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:05:48.0239 3980 wmiApSrv - ok
00:05:48.0259 3980 WMPNetworkSvc - ok
00:05:48.0279 3980 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:05:48.0279 3980 WPCSvc - ok
00:05:48.0319 3980 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:05:48.0319 3980 WPDBusEnum - ok
00:05:48.0329 3980 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:05:48.0339 3980 ws2ifsl - ok
00:05:48.0379 3980 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
00:05:48.0379 3980 wscsvc - ok
00:05:48.0379 3980 WSearch - ok
00:05:48.0449 3980 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:05:48.0499 3980 wuauserv - ok
00:05:48.0519 3980 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:05:48.0529 3980 WudfPf - ok
00:05:48.0549 3980 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:05:48.0549 3980 WUDFRd - ok
00:05:48.0579 3980 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:05:48.0579 3980 wudfsvc - ok
00:05:48.0599 3980 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:05:48.0609 3980 WwanSvc - ok
00:05:48.0659 3980 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
00:05:48.0659 3980 xusb21 - ok
00:05:48.0739 3980 ================ Scan global ===============================
00:05:48.0759 3980 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:05:48.0779 3980 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:05:48.0789 3980 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:05:48.0819 3980 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:05:48.0859 3980 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:05:48.0859 3980 [Global] - ok
00:05:48.0859 3980 ================ Scan MBR ==================================
00:05:48.0889 3980 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:05:49.0029 3980 \Device\Harddisk0\DR0 - ok
00:05:49.0029 3980 ================ Scan VBR ==================================
00:05:49.0039 3980 [ D7F81A29D8B561D4E8EA5F051B24AD89 ] \Device\Harddisk0\DR0\Partition1
00:05:49.0039 3980 \Device\Harddisk0\DR0\Partition1 - ok
00:05:49.0049 3980 [ 0625589C93ADB36F97F66575C0673B02 ] \Device\Harddisk0\DR0\Partition2
00:05:49.0049 3980 \Device\Harddisk0\DR0\Partition2 - ok
00:05:49.0049 3980 ============================================================
00:05:49.0049 3980 Scan finished
00:05:49.0049 3980 ============================================================
00:05:49.0059 2616 Detected object count: 0
00:05:49.0059 2616 Actual detected object count: 0

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 29 September 2012 - 05:31 AM

Hello thyfuzz


Did you run the aswMBR report and if so can you send me the report?



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 thyfuzz

thyfuzz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 29 September 2012 - 12:22 PM

Sorry about that.

Here's the report from aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-29 12:10:50
-----------------------------
12:10:50.556 OS Version: Windows x64 6.1.7601 Service Pack 1
12:10:50.556 Number of processors: 8 586 0x1A04
12:10:50.556 ComputerName: DEATHSTAR UserName: Fuzz
12:10:52.586 Initialize success
12:11:49.169 AVAST engine defs: 12092900
12:12:43.321 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
12:12:43.321 Disk 0 Vendor: ST3750630AS HP24 Size: 715404MB BusType: 3
12:12:43.341 Disk 0 MBR read successfully
12:12:43.341 Disk 0 MBR scan
12:12:43.341 Disk 0 Windows 7 default MBR code
12:12:43.351 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:12:43.371 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848
12:12:43.391 Disk 0 scanning C:\Windows\system32\drivers
12:12:54.503 Service scanning
12:13:17.035 Modules scanning
12:13:17.035 Disk 0 trace - called modules:
12:13:17.055 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:13:17.055 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e5a790]
12:13:17.395 3 CLASSPNP.SYS[fffff880019c543f] -> nt!IofCallDriver -> [0xfffffa8004c1a520]
12:13:17.395 5 ACPI.sys[fffff88000f2f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004c16680]
12:13:18.365 AVAST engine scan C:\Windows
12:13:21.075 AVAST engine scan C:\Windows\system32
12:16:39.652 AVAST engine scan C:\Windows\system32\drivers
12:16:52.923 AVAST engine scan C:\Users\Fuzz
12:20:51.086 Disk 0 MBR has been saved successfully to "C:\Users\Fuzz\Desktop\MBR.dat"
12:20:51.096 The log file has been saved successfully to "C:\Users\Fuzz\Desktop\aswMBR.txt"


Thanks!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 29 September 2012 - 01:03 PM

Greetings thyfuzz

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 thyfuzz

thyfuzz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 29 September 2012 - 01:54 PM

Hello, I'm still getting the windows validation error from Microsoft Security Essentials, however my Windows firewall is now working, so that's great!

Here's the new ComboFix log:

ComboFix 12-09-27.03 - Fuzz 09/29/2012 13:29:53.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4087.2645 [GMT -5:00]
Running from: c:\users\Fuzz\Desktop\ComboFix.exe
Command switches used :: c:\users\Fuzz\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-29 )))))))))))))))))))))))))))))))
.
.
2012-09-29 18:40 . 2012-09-29 18:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-28 17:28 . 2012-09-19 05:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC6741D1-8A68-41BD-A370-A75FFC4CB85D}\mpengine.dll
2012-09-27 21:25 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-09-27 21:25 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-09-16 01:25 . 2012-09-16 15:48 -------- d-----w- c:\users\Fuzz\AppData\Roaming\abgx360
2012-09-16 01:20 . 2012-09-16 01:20 -------- d-----w- c:\program files (x86)\abgx360
2012-09-15 10:02 . 2012-09-15 19:27 -------- d-----w- c:\users\Fuzz\AppData\Roaming\ImgBurn
2012-09-15 09:58 . 2012-09-15 09:58 -------- d-----w- c:\program files (x86)\ImgBurn
2012-09-15 05:17 . 2010-01-18 16:53 64000 ----a-w- c:\windows\system32\drivers\ck3iusb64.sys
2012-09-15 05:17 . 2007-03-20 16:33 43520 ----a-w- c:\windows\SysWow64\libusb0.dll
2012-09-15 05:17 . 2007-03-20 16:33 43008 ----a-w- c:\windows\system32\libusb0.dll
2012-09-15 05:17 . 2007-03-20 16:33 16896 ----a-w- c:\windows\system32\drivers\libusb0.sys
2012-09-15 04:35 . 2012-09-15 04:35 -------- d-----w- c:\users\Fuzz\AppData\Roaming\LS
2012-09-14 15:38 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-14 15:37 . 2012-09-14 15:37 -------- d-----w- c:\program files\iPod
2012-09-14 15:37 . 2012-09-14 15:38 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 15:37 . 2012-09-14 15:38 -------- d-----w- c:\program files\iTunes
2012-09-14 15:37 . 2012-09-14 15:38 -------- d-----w- c:\program files (x86)\iTunes
2012-09-09 17:43 . 2012-09-09 17:43 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-04 18:15 . 2012-09-04 18:15 -------- d-----w- c:\users\Fuzz\AppData\Roaming\JGsoft
2012-09-04 18:15 . 2012-09-04 18:15 -------- d-----w- c:\program files\Just Great Software
2012-09-04 18:15 . 2012-05-31 14:21 559992 ----a-w- c:\windows\UnDeploy64.exe
2012-09-04 17:31 . 2012-09-04 17:32 -------- d-----w- C:\CygwinPackages
2012-09-04 17:31 . 2012-09-04 17:39 -------- d-----w- C:\cygwin
2012-08-31 06:02 . 2012-09-03 06:31 -------- d-----w- c:\users\Fuzz\AppData\Local\CrashDumps
2012-08-31 06:02 . 2012-08-31 06:02 -------- d-----w- c:\users\Fuzz\AppData\Local\NBGI
2012-08-31 05:52 . 2012-08-31 05:52 -------- d-----w- c:\windows\SysWow64\xlive
2012-08-31 05:52 . 2012-08-31 05:52 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 02:56 . 2012-04-02 17:33 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 02:56 . 2011-06-23 01:42 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 05:43 . 2011-01-18 23:21 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-29 01:24 . 2012-08-15 06:14 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-29 01:24 . 2011-02-01 22:04 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-21 18:01 . 2011-01-16 22:09 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 18:01 . 2011-01-16 22:09 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-18 00:20 . 2012-07-18 00:20 328704 ----a-w- c:\windows\system32\services.exe.BFB2FD3107BF3A8B
2012-07-13 05:28 . 2012-07-13 05:28 328704 ----a-w- c:\windows\system32\services.exe.050527A1142ED84E
2012-07-13 05:20 . 2012-07-13 05:20 328704 ----a-w- c:\windows\system32\services.exe.25632D3EFD840F6C
2012-07-13 05:11 . 2012-07-13 05:11 328704 ----a-w- c:\windows\system32\services.exe.FF93B7418CD3ABA0
2012-07-13 05:01 . 2012-07-13 05:01 328704 ----a-w- c:\windows\system32\services.exe.36644A1D32BEC394
2012-07-13 04:51 . 2012-07-13 04:51 328704 ----a-w- c:\windows\system32\services.exe.AF9517B2A6D731D4
2012-07-09 18:42 . 2012-07-09 18:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 18:42 . 2012-07-09 18:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Fuzz\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Spotify Web Helper"="c:\program files (x86)\Spotify\Data\SpotifyWebHelper.exe" [2012-05-27 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"NI Background Service"="c:\program files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe" [2009-08-25 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ&inst=NzctNzMzODIwMDcxLUZMMTArMS1ERFQrNDA1My1ERDEwRisxLVNUMTBGQVBQKzEtTDEwTSsxLUYxME0xMkFOKzMzLUVVTEErMS1TVDEyRkFQUCsx&prod=90&ver=2012.0.1831&mid=009e69a0e65747d1a405d168ddfa09dd-efae4760c7b7207ee66f67f860c99b20dd524db5" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 ALSysIO;ALSysIO;c:\users\Fuzz\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [x]
R3 ck3iusb64;XECUTER CK3i USB Controller Driver;c:\windows\system32\DRIVERS\ck3iusb64.sys [2010-01-18 64000]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2007-03-20 16896]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-06-01 736104]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-18 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-12 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:56]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 19:18]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 19:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Fuzz\AppData\Roaming\Mozilla\Firefox\Profiles\fiiba29q.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:36,3f,ee,79,91,93,cd,01
.
[HKEY_USERS\S-1-5-21-1798039363-2215385431-2041073688-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*G*o*l*d*Bx\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1798039363-2215385431-2041073688-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*P*o*x\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1798039363-2215385431-2041073688-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Z%e%a%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1798039363-2215385431-2041073688-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Z%e%a%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
.
**************************************************************************
.
Completion time: 2012-09-29 13:47:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-29 18:47
ComboFix2.txt 2012-09-29 03:54
.
Pre-Run: 131,020,197,888 bytes free
Post-Run: 130,721,189,888 bytes free
.
- - End Of File - - 35F62EC53C47D8ED7BEFF671950B75F2

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 29 September 2012 - 02:09 PM

Hello


Lets try uninstalling MSE and reinstall it and lets see if it clears up.




These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Torrent
Java™ 6 Update 35
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users