Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Zero Access (I think)


  • This topic is locked This topic is locked
14 replies to this topic

#1 Jesus1

Jesus1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 04 October 2012 - 06:06 PM

I have a virus that redirects my browser to random spam sites. Malwarebytes seems unable to detect it. tdsskiller detected it as "virus.win64.zaccess.a"

when I tried to run Gmer all the options to the right were grayed out.

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Connor at 17:32:58 on 2012-10-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.1803 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Users\Connor\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\WhatPulse\WhatPulse.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Connor\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\regedit.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?mtmhp=hyplogusaolp00000019
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
BHO: Find a Local Pro 3.1: {6b4c16b8-9367-11e1-9d04-acafbbe59b18} - mscoree.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
uRun: [Google Update] "C:\Users\Connor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [ManicTime] C:\Program Files (x86)\ManicTime\ManicTime.exe /minimized /name:
uRun: [PlayNC Launcher]
uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Connor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Connor\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Connor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\Connor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\speedfan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C965A7AA-F11F-416F-BAA4-FC39F8D85A71} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO-X64: AOL Toolbar Loader - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Find a Local Pro 3.1: {6b4c16b8-9367-11e1-9d04-acafbbe59b18} - mscoree.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
TB-X64: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\813dblim.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Connor\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Connor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-8-6 8704]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-6-25 57512]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-9-13 1258856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2012-6-25 136648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-13 116648]
S2 pgsql-8.2;PostgreSQL Database Server 8.2;"C:\Program Files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -w -N "pgsql-8.2" -D "C:\Program Files (x86)\PostgreSQL\8.2\data\" --> C:\Program Files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-8 250288]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-5-8 131912]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-13 116648]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-2-21 24176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
.
=============== Created Last 30 ================
.
2012-10-04 20:46:52 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC90F46F-4E93-439A-AEAE-6454BF8A8A9B}\offreg.dll
2012-10-02 22:58:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-02 01:07:26 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2012-10-02 01:07:26 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2012-10-02 01:07:26 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2012-10-02 01:07:26 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2012-10-02 01:07:26 173568 ----a-w- C:\Windows\System32\xvid.ax
2012-10-02 01:07:26 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2012-10-02 01:07:26 -------- d-----w- C:\Program Files (x86)\Xvid
2012-10-01 21:59:05 -------- d-----w- C:\Pyjt7WqP76vRpNj
2012-09-30 11:30:17 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-09-28 20:19:50 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC90F46F-4E93-439A-AEAE-6454BF8A8A9B}\mpengine.dll
2012-09-22 20:35:11 -------- d-----w- C:\Program Files\BOINC
2012-09-22 20:35:10 -------- d-----w- C:\ProgramData\BOINC
2012-09-22 20:34:32 -------- d-----w- C:\Windows\Downloaded Installations
2012-09-22 17:55:12 -------- d-----w- C:\Users\Connor\AppData\Roaming\minmaxgames
2012-09-17 21:49:35 -------- d-----w- C:\Users\Connor\AppData\Local\Two Tribes
2012-09-15 16:15:45 -------- d-----r- C:\Users\Connor\Dropbox
2012-09-15 16:12:49 -------- d-----w- C:\Users\Connor\AppData\Roaming\Dropbox
2012-09-14 19:35:07 -------- d-----w- C:\Program Files (x86)\FTL
2012-09-14 00:10:55 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-09-14 00:10:41 -------- d-----w- C:\temp
2012-09-11 21:45:42 -------- d-----w- C:\Program Files (x86)\AMD
2012-09-11 21:45:12 -------- d-----w- C:\Users\Connor\AppData\Local\Downloaded Installations
2012-09-11 19:26:40 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-11 19:26:40 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
.
==================== Find3M ====================
.
2012-09-21 08:46:06 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 08:46:06 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
2012-08-30 14:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-01 03:42:44 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-08-01 03:42:44 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-08-01 03:42:44 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-08-01 03:42:44 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-07-14 02:41:04 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-07 04:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 17:33:30.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 04 October 2012 - 10:08 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Jesus1

Jesus1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 05 October 2012 - 03:25 PM

okay

security check:

Results of screen317's Security Check version 0.99.51
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.1
Java™ 6 Update 29
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.278
Adobe Reader X 10.1.2 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
````````Process Check: objlist.exe by Laurent````````
windows defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

adwcleaner:

# AdwCleaner v2.003 - Logfile created 10/05/2012 at 14:16:33
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Connor - CONNOR-PC
# Boot Mode : Normal
# Running from : C:\Users\Connor\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\Users\CC\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\CC\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Connor\AppData\Local\Conduit
Folder Deleted : C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Users\Connor\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Connor\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Donna\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Donna\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Jeff\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jeff\AppData\LocalLow\uTorrentControl2

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3FD22585-CC24-4870-A440-384C690E437E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB61B599-7E0F-48B3-BD78-6CC42D890447}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKU\S-1-5-21-343827381-988755821-2520954252-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\813dblim.default\prefs.js

C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\813dblim.default\user.js ... Deleted !

Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]

Profile name : default
File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\tocokqxn.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\dka5jcou.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\i4pirzs8.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6661 octets] - [05/10/2012 14:16:33]

########## EOF - C:\AdwCleaner[S1].txt - [6721 octets] ##########

and rouge killer:

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Connor [Admin rights]
Mode : Remove -- Date : 10/05/2012 16:06:41

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{83d2df00-b99e-97d7-2eee-a9fed1fbbfc0}\@ --> REMOVED AT REBOOT
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{83d2df00-b99e-97d7-2eee-a9fed1fbbfc0}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{83d2df00-b99e-97d7-2eee-a9fed1fbbfc0}\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{83d2df00-b99e-97d7-2eee-a9fed1fbbfc0}\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{83d2df00-b99e-97d7-2eee-a9fed1fbbfc0}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{83d2df00-b99e-97d7-2eee-a9fed1fbbfc0}\U\80000032.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{83d2df00-b99e-97d7-2eee-a9fed1fbbfc0}\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{83d2df00-b99e-97d7-2eee-a9fed1fbbfc0}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{83d2df00-b99e-97d7-2eee-a9fed1fbbfc0}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{83d2df00-b99e-97d7-2eee-a9fed1fbbfc0}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{83d2df00-b99e-97d7-2eee-a9fed1fbbfc0}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\Users\CC\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 api.crashtastic.com
127.0.0.1 api.crashtastic.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AADS-00S9B0 ATA Device +++++
--- User ---
[MBR] 7b39f248fc1cc4aa5c0081c2f45d75a2
[BSP] 89fe016bf20057889986266960ca37ea : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3200827A ATA Device +++++
--- User ---
[MBR] a9c87cc8cac34296f71c707863b46e9f
[BSP] 44cef0239ef7ef31391d545cfc19a208 : Standard MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190779 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 05 October 2012 - 08:55 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Jesus1

Jesus1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 06 October 2012 - 10:55 AM

ComboFix 12-10-04.02 - Connor 10/06/2012 10:56:49.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2628 [GMT -4:00]
Running from: c:\users\Connor\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\8f8d2a95.pad
c:\programdata\nud0repor.pad
c:\users\CC\AppData\Roaming\MicroST
c:\users\Connor\AppData\Local\assembly\tmp
c:\users\Connor\AppData\Local\Temp\sfamcc00001.dll
c:\users\Connor\AppData\Local\Temp\sfareca00001.dll
c:\users\Connor\AppData\Roaming\a3cb7af4.dat
c:\users\Connor\AppData\Roaming\Love
c:\users\Connor\AppData\Roaming\Love\mari0\options.txt
c:\users\Connor\Documents\~WRL0003.tmp
c:\users\Connor\Documents\~WRL3140.tmp
c:\users\Connor\Documents\~WRL3747.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-10-06 15:30 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3ACDEB9C-5417-4264-B44D-FB43E3E2592E}\mpengine.dll
2012-10-06 15:21 . 2012-10-06 15:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-06 15:21 . 2012-10-06 15:21 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-10-06 15:21 . 2012-10-06 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-06 15:21 . 2012-10-06 15:21 -------- d-----w- c:\users\Jeff\AppData\Local\temp
2012-10-06 15:21 . 2012-10-06 15:21 -------- d-----w- c:\users\Donna\AppData\Local\temp
2012-10-06 15:21 . 2012-10-06 15:21 -------- d-----w- c:\users\CC\AppData\Local\temp
2012-10-05 17:35 . 2012-10-05 17:56 -------- d-----w- c:\users\Connor\AppData\Local\ID Vault
2012-10-05 17:35 . 2012-10-05 17:35 -------- d-----w- c:\users\Connor\AppData\Local\White_Sky,_Inc
2012-10-05 17:33 . 2012-10-05 17:56 -------- d-----w- c:\users\Connor\AppData\Roaming\ID Vault
2012-10-05 09:20 . 2012-10-05 09:20 -------- d-----w- c:\programdata\IsolatedStorage
2012-10-05 09:20 . 2012-10-05 17:56 -------- d-----w- c:\users\Jeff\AppData\Local\ID Vault
2012-10-05 09:20 . 2012-10-05 09:20 -------- d-----w- c:\users\Jeff\AppData\Local\White_Sky,_Inc
2012-10-05 09:19 . 2012-10-05 17:56 -------- d-----w- c:\users\Jeff\AppData\Roaming\ID Vault
2012-10-05 09:18 . 2012-10-05 09:18 -------- d-----w- c:\program files (x86)\xfin_portal
2012-10-05 09:17 . 2012-10-05 17:56 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2012-10-05 09:17 . 2012-10-05 09:17 -------- d-----w- c:\programdata\White Sky, Inc
2012-10-02 22:58 . 2012-10-04 21:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-02 01:07 . 2012-10-02 01:07 -------- d-----w- c:\program files (x86)\Xvid
2012-10-02 01:07 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-10-02 01:07 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2012-10-02 01:07 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2012-10-02 01:07 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2012-10-02 01:07 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-10-02 01:07 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2012-10-01 21:59 . 2012-10-01 21:59 -------- d-----w- C:\Pyjt7WqP76vRpNj
2012-09-30 14:01 . 2012-09-30 14:01 -------- d-----w- c:\users\CC\AppData\Roaming\NVIDIA
2012-09-30 11:30 . 2012-09-30 11:30 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-22 20:35 . 2012-10-05 18:02 -------- d-----w- c:\program files\BOINC
2012-09-22 20:35 . 2012-10-05 17:54 -------- d-----w- c:\programdata\BOINC
2012-09-22 20:34 . 2012-09-22 20:34 -------- d-----w- c:\windows\Downloaded Installations
2012-09-22 17:55 . 2012-09-22 17:55 -------- d-----w- c:\users\Connor\AppData\Roaming\minmaxgames
2012-09-17 21:49 . 2012-09-17 21:49 -------- d-----w- c:\users\Connor\AppData\Local\Two Tribes
2012-09-15 16:15 . 2012-10-05 20:16 -------- d-----r- c:\users\Connor\Dropbox
2012-09-15 16:12 . 2012-10-06 15:42 -------- d-----w- c:\users\Connor\AppData\Roaming\Dropbox
2012-09-14 19:35 . 2012-09-17 21:49 -------- d-----w- c:\program files (x86)\FTL
2012-09-14 00:10 . 2012-08-30 16:18 3487434 ----a-w- c:\windows\system32\nvcoproc.bin
2012-09-14 00:10 . 2012-10-05 09:45 -------- d-----w- C:\temp
2012-09-11 21:45 . 2012-09-11 21:45 -------- d-----w- c:\program files (x86)\AMD
2012-09-11 21:45 . 2012-09-11 21:45 -------- d-----w- c:\users\Connor\AppData\Local\Downloaded Installations
2012-09-11 19:26 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 19:26 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 08:46 . 2012-08-08 18:03 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 08:46 . 2012-02-20 20:43 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-30 19:14 . 2012-02-20 20:45 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 19:14 . 2012-02-20 20:45 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-08-30 19:14 . 2012-02-20 20:45 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2012-02-20 20:45 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-08-30 19:14 . 2012-02-20 20:45 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-08-30 16:18 . 2012-02-20 20:40 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2012-02-20 20:40 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2012-02-20 20:40 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2012-02-20 20:40 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2012-02-20 20:40 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 14:40 . 2012-08-30 14:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-01 03:42 . 2012-08-01 03:42 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-08-01 03:42 . 2012-08-01 03:42 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-08-01 03:42 . 2012-08-01 03:42 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-08-01 03:42 . 2012-08-01 03:42 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-07-18 17:31 . 2012-08-15 08:54 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-07-14 02:41 . 2012-07-14 02:41 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6b4c16b8-9367-11e1-9d04-acafbbe59b18}]
2009-11-25 17:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080]
"WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Connor\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-2-20 576000]
speedfan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2012-3-26 4656632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2012-06-25 136648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 116648]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 ALSysIO;ALSysIO;c:\users\Connor\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-05-08 131912]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 116648]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-23 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-06-25 57512]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 08:46]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 11:59]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 11:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aol.com/?mtmhp=hyplogusaolp00000019
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\813dblim.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ManicTime - c:\program files (x86)\ManicTime\ManicTime.exe
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
AddRemove-Mirror's Edge 1.01_is1 - d:\games\Mirror's Edge\unins000.exe
AddRemove-Quantum Conundrum_is1 - c:\program files (x86)\SQUARE ENIX\Quantum Conundrum\unins000.exe
AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe
AddRemove-{6BFBCE04-9970-4297-85E9-0740F787CDEA}_is1 - c:\program files (x86)\SPEC OPS\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343827381-988755821-2520954252-1001\Software\SecuROM\License information*]
"datasecu"=hex:7d,e6,e1,9a,2e,72,02,f8,9f,1a,be,48,f1,67,b4,b4,f9,65,cc,78,e6,
d8,59,d8,09,5f,88,10,b7,d0,57,0f,8f,40,49,1f,25,50,da,0e,11,70,c9,bf,fa,52,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-10-06 11:46:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-06 15:46
.
Pre-Run: 118,550,089,728 bytes free
Post-Run: 121,609,019,392 bytes free
.
- - End Of File - - 443F5EE0B5D49B269F6757C0B6B46BD8


First time I ran it it showed the console for a second or two and closed without creating a log, so i tried running it as administrator and it seemed to work fine.

My computer seems to be working better. Windows seems more responsive and less sluggish, especially at right after logging on. Also, I haven't had my browser redirect me at all since i ran that last set of scans.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 06 October 2012 - 11:38 AM

Greetings Jesus

Check things out real good and make sure there are no redirects and while you are doing that go ahead and run things to check deeper in the system,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 09 October 2012 - 12:57 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Jesus1

Jesus1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 09 October 2012 - 06:55 PM

yea, im still here, sorry I couldn't respond for a few days. All the symptoms seem to have gone away. No redirects.

anyway, here are some logs:
7:52:44.0312 3196 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:52:44.0782 3196 ============================================================
17:52:44.0782 3196 Current date / time: 2012/10/09 17:52:44.0782
17:52:44.0782 3196 SystemInfo:
17:52:44.0782 3196
17:52:44.0782 3196 OS Version: 6.1.7600 ServicePack: 0.0
17:52:44.0782 3196 Product type: Workstation
17:52:44.0782 3196 ComputerName: CONNOR-PC
17:52:44.0782 3196 UserName: Connor
17:52:44.0782 3196 Windows directory: C:\Windows
17:52:44.0782 3196 System windows directory: C:\Windows
17:52:44.0782 3196 Running under WOW64
17:52:44.0782 3196 Processor architecture: Intel x64
17:52:44.0782 3196 Number of processors: 6
17:52:44.0782 3196 Page size: 0x1000
17:52:44.0782 3196 Boot type: Normal boot
17:52:44.0782 3196 ============================================================
17:52:46.0052 3196 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:52:46.0072 3196 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:52:46.0112 3196 Drive \Device\Harddisk6\DR6 - Size: 0x3C000000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:52:46.0112 3196 ============================================================
17:52:46.0112 3196 \Device\Harddisk0\DR0:
17:52:46.0112 3196 MBR partitions:
17:52:46.0112 3196 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:52:46.0112 3196 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
17:52:46.0112 3196 \Device\Harddisk1\DR1:
17:52:46.0112 3196 MBR partitions:
17:52:46.0112 3196 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749DD82
17:52:46.0112 3196 \Device\Harddisk6\DR6:
17:52:46.0112 3196 MBR partitions:
17:52:46.0112 3196 \Device\Harddisk6\DR6\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1DFFE0
17:52:46.0112 3196 ============================================================
17:52:46.0142 3196 C: <-> \Device\Harddisk0\DR0\Partition2
17:52:46.0162 3196 D: <-> \Device\Harddisk1\DR1\Partition1
17:52:46.0162 3196 ============================================================
17:52:46.0162 3196 Initialize success
17:52:46.0162 3196 ============================================================
17:52:47.0922 4828 ============================================================
17:52:47.0922 4828 Scan started
17:52:47.0922 4828 Mode: Manual;
17:52:47.0922 4828 ============================================================
17:52:51.0102 4828 ================ Scan system memory ========================
17:52:51.0102 4828 System memory - ok
17:52:51.0102 4828 ================ Scan services =============================
17:52:51.0542 4828 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:52:51.0552 4828 1394ohci - ok
17:52:51.0582 4828 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
17:52:51.0582 4828 ACPI - ok
17:52:51.0602 4828 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
17:52:51.0612 4828 AcpiPmi - ok
17:52:51.0702 4828 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:52:51.0702 4828 AdobeARMservice - ok
17:52:51.0842 4828 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:52:51.0842 4828 AdobeFlashPlayerUpdateSvc - ok
17:52:51.0872 4828 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:52:51.0882 4828 adp94xx - ok
17:52:51.0912 4828 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:52:51.0912 4828 adpahci - ok
17:52:51.0922 4828 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:52:51.0922 4828 adpu320 - ok
17:52:51.0962 4828 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:52:51.0962 4828 AeLookupSvc - ok
17:52:51.0992 4828 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
17:52:52.0002 4828 AFD - ok
17:52:52.0022 4828 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
17:52:52.0022 4828 agp440 - ok
17:52:52.0052 4828 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:52:52.0052 4828 ALG - ok
17:52:52.0082 4828 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
17:52:52.0082 4828 aliide - ok
17:52:52.0202 4828 ALSysIO - ok
17:52:52.0252 4828 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
17:52:52.0252 4828 amdide - ok
17:52:52.0322 4828 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:52:52.0332 4828 AmdK8 - ok
17:52:52.0352 4828 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:52:52.0352 4828 AmdPPM - ok
17:52:52.0392 4828 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:52:52.0402 4828 amdsata - ok
17:52:52.0422 4828 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:52:52.0432 4828 amdsbs - ok
17:52:52.0452 4828 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:52:52.0452 4828 amdxata - ok
17:52:52.0582 4828 [ 7F46BEE50E6FDB6473FBE172466A9EAD ] AODDriver4.2.0 C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
17:52:52.0612 4828 AODDriver4.2.0 - ok
17:52:52.0672 4828 [ DCADAD156815B8D6F935377806A2CF95 ] AODService C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
17:52:52.0672 4828 AODService - ok
17:52:52.0722 4828 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
17:52:52.0722 4828 AppID - ok
17:52:52.0752 4828 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:52:52.0752 4828 AppIDSvc - ok
17:52:52.0772 4828 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
17:52:52.0772 4828 Appinfo - ok
17:52:52.0812 4828 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:52:52.0812 4828 arc - ok
17:52:52.0832 4828 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:52:52.0842 4828 arcsas - ok
17:52:52.0852 4828 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:52:52.0852 4828 AsyncMac - ok
17:52:52.0872 4828 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
17:52:52.0872 4828 atapi - ok
17:52:52.0912 4828 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:52:52.0922 4828 AudioEndpointBuilder - ok
17:52:52.0962 4828 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:52:52.0972 4828 AudioSrv - ok
17:52:53.0002 4828 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:52:53.0002 4828 AxInstSV - ok
17:52:53.0022 4828 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:52:53.0022 4828 b06bdrv - ok
17:52:53.0052 4828 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:52:53.0052 4828 b57nd60a - ok
17:52:53.0072 4828 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:52:53.0072 4828 BDESVC - ok
17:52:53.0102 4828 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:52:53.0102 4828 Beep - ok
17:52:53.0132 4828 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
17:52:53.0142 4828 BFE - ok
17:52:53.0182 4828 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
17:52:53.0202 4828 BITS - ok
17:52:53.0212 4828 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:52:53.0212 4828 blbdrive - ok
17:52:53.0252 4828 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:52:53.0252 4828 bowser - ok
17:52:53.0272 4828 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:52:53.0272 4828 BrFiltLo - ok
17:52:53.0282 4828 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:52:53.0282 4828 BrFiltUp - ok
17:52:53.0292 4828 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:52:53.0302 4828 BridgeMP - ok
17:52:53.0342 4828 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
17:52:53.0342 4828 Browser - ok
17:52:53.0352 4828 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:52:53.0362 4828 Brserid - ok
17:52:53.0372 4828 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:52:53.0372 4828 BrSerWdm - ok
17:52:53.0382 4828 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:52:53.0382 4828 BrUsbMdm - ok
17:52:53.0392 4828 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:52:53.0392 4828 BrUsbSer - ok
17:52:53.0402 4828 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:52:53.0402 4828 BTHMODEM - ok
17:52:53.0412 4828 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:52:53.0412 4828 bthserv - ok
17:52:53.0422 4828 catchme - ok
17:52:53.0432 4828 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:52:53.0432 4828 cdfs - ok
17:52:53.0442 4828 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:52:53.0442 4828 cdrom - ok
17:52:53.0452 4828 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
17:52:53.0452 4828 CertPropSvc - ok
17:52:53.0472 4828 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:52:53.0472 4828 circlass - ok
17:52:53.0482 4828 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:52:53.0492 4828 CLFS - ok
17:52:53.0542 4828 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:52:53.0542 4828 clr_optimization_v2.0.50727_32 - ok
17:52:53.0602 4828 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:52:53.0602 4828 clr_optimization_v2.0.50727_64 - ok
17:52:53.0712 4828 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:52:53.0712 4828 clr_optimization_v4.0.30319_32 - ok
17:52:53.0762 4828 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:52:53.0772 4828 clr_optimization_v4.0.30319_64 - ok
17:52:53.0772 4828 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:52:53.0782 4828 CmBatt - ok
17:52:53.0802 4828 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
17:52:53.0802 4828 cmdide - ok
17:52:53.0842 4828 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
17:52:53.0852 4828 CNG - ok
17:52:53.0872 4828 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:52:53.0872 4828 Compbatt - ok
17:52:53.0902 4828 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:52:53.0902 4828 CompositeBus - ok
17:52:53.0912 4828 COMSysApp - ok
17:52:53.0922 4828 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:52:53.0922 4828 crcdisk - ok
17:52:53.0962 4828 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:52:53.0962 4828 CryptSvc - ok
17:52:54.0012 4828 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:52:54.0022 4828 DcomLaunch - ok
17:52:54.0062 4828 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:52:54.0062 4828 defragsvc - ok
17:52:54.0162 4828 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
17:52:54.0162 4828 Desura Install Service - ok
17:52:54.0222 4828 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:52:54.0222 4828 DfsC - ok
17:52:54.0252 4828 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
17:52:54.0262 4828 Dhcp - ok
17:52:54.0282 4828 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:52:54.0282 4828 discache - ok
17:52:54.0302 4828 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:52:54.0302 4828 Disk - ok
17:52:54.0342 4828 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:52:54.0352 4828 Dnscache - ok
17:52:54.0372 4828 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
17:52:54.0382 4828 dot3svc - ok
17:52:54.0402 4828 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
17:52:54.0402 4828 DPS - ok
17:52:54.0442 4828 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:52:54.0442 4828 drmkaud - ok
17:52:54.0502 4828 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:52:54.0532 4828 DXGKrnl - ok
17:52:54.0552 4828 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:52:54.0562 4828 EapHost - ok
17:52:54.0662 4828 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:52:54.0772 4828 ebdrv - ok
17:52:54.0802 4828 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
17:52:54.0812 4828 EFS - ok
17:52:54.0882 4828 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:52:54.0902 4828 ehRecvr - ok
17:52:54.0922 4828 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:52:54.0922 4828 ehSched - ok
17:52:54.0952 4828 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:52:54.0962 4828 elxstor - ok
17:52:54.0982 4828 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
17:52:54.0982 4828 ErrDev - ok
17:52:55.0022 4828 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:52:55.0022 4828 EventSystem - ok
17:52:55.0052 4828 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:52:55.0052 4828 exfat - ok
17:52:55.0082 4828 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:52:55.0082 4828 fastfat - ok
17:52:55.0112 4828 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
17:52:55.0122 4828 Fax - ok
17:52:55.0122 4828 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:52:55.0122 4828 fdc - ok
17:52:55.0142 4828 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:52:55.0142 4828 fdPHost - ok
17:52:55.0162 4828 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:52:55.0162 4828 FDResPub - ok
17:52:55.0172 4828 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:52:55.0172 4828 FileInfo - ok
17:52:55.0182 4828 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:52:55.0182 4828 Filetrace - ok
17:52:55.0182 4828 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:52:55.0182 4828 flpydisk - ok
17:52:55.0202 4828 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:52:55.0202 4828 FltMgr - ok
17:52:55.0252 4828 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
17:52:55.0262 4828 FontCache - ok
17:52:55.0322 4828 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:52:55.0332 4828 FontCache3.0.0.0 - ok
17:52:55.0352 4828 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:52:55.0352 4828 FsDepends - ok
17:52:55.0402 4828 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:52:55.0402 4828 Fs_Rec - ok
17:52:55.0452 4828 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:52:55.0462 4828 fvevol - ok
17:52:55.0482 4828 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:52:55.0482 4828 gagp30kx - ok
17:52:55.0522 4828 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
17:52:55.0542 4828 gpsvc - ok
17:52:55.0662 4828 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:52:55.0662 4828 gupdate - ok
17:52:55.0682 4828 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:52:55.0692 4828 gupdatem - ok
17:52:55.0702 4828 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:52:55.0702 4828 hcw85cir - ok
17:52:55.0742 4828 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:52:55.0752 4828 HdAudAddService - ok
17:52:55.0782 4828 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:52:55.0782 4828 HDAudBus - ok
17:52:55.0802 4828 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:52:55.0802 4828 HidBatt - ok
17:52:55.0812 4828 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:52:55.0812 4828 HidBth - ok
17:52:55.0822 4828 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:52:55.0822 4828 HidIr - ok
17:52:55.0832 4828 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:52:55.0832 4828 hidserv - ok
17:52:55.0862 4828 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:52:55.0862 4828 HidUsb - ok
17:52:55.0922 4828 [ 5350AEF38CA2D8885F47D4455E7EF4EE ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
17:52:55.0922 4828 HiPatchService - ok
17:52:55.0952 4828 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:52:55.0952 4828 hkmsvc - ok
17:52:55.0982 4828 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:52:55.0982 4828 HomeGroupListener - ok
17:52:56.0012 4828 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:52:56.0022 4828 HomeGroupProvider - ok
17:52:56.0052 4828 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
17:52:56.0052 4828 HpSAMD - ok
17:52:56.0082 4828 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:52:56.0092 4828 HTTP - ok
17:52:56.0112 4828 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:52:56.0112 4828 hwpolicy - ok
17:52:56.0122 4828 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:52:56.0122 4828 i8042prt - ok
17:52:56.0162 4828 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:52:56.0172 4828 iaStorV - ok
17:52:56.0242 4828 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:52:56.0262 4828 idsvc - ok
17:52:56.0272 4828 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:52:56.0272 4828 iirsp - ok
17:52:56.0322 4828 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
17:52:56.0342 4828 IKEEXT - ok
17:52:56.0782 4828 [ 88798B4381FD58FAE2DA07880C177C5C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:52:56.0822 4828 IntcAzAudAddService - ok
17:52:56.0842 4828 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:52:56.0842 4828 intelide - ok
17:52:56.0872 4828 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:52:56.0872 4828 intelppm - ok
17:52:56.0892 4828 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:52:56.0892 4828 IPBusEnum - ok
17:52:56.0892 4828 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:52:56.0902 4828 IpFilterDriver - ok
17:52:56.0932 4828 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:52:56.0942 4828 iphlpsvc - ok
17:52:56.0952 4828 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:52:56.0952 4828 IPMIDRV - ok
17:52:56.0952 4828 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:52:56.0962 4828 IPNAT - ok
17:52:56.0982 4828 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:52:56.0982 4828 IRENUM - ok
17:52:56.0982 4828 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
17:52:56.0982 4828 isapnp - ok
17:52:56.0992 4828 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:52:57.0002 4828 iScsiPrt - ok
17:52:57.0012 4828 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:52:57.0012 4828 kbdclass - ok
17:52:57.0022 4828 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:52:57.0022 4828 kbdhid - ok
17:52:57.0022 4828 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
17:52:57.0032 4828 KeyIso - ok
17:52:57.0052 4828 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:52:57.0052 4828 KSecDD - ok
17:52:57.0072 4828 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:52:57.0072 4828 KSecPkg - ok
17:52:57.0092 4828 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:52:57.0092 4828 ksthunk - ok
17:52:57.0132 4828 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:52:57.0142 4828 KtmRm - ok
17:52:57.0172 4828 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:52:57.0182 4828 LanmanServer - ok
17:52:57.0212 4828 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:52:57.0212 4828 LanmanWorkstation - ok
17:52:57.0242 4828 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:52:57.0242 4828 lltdio - ok
17:52:57.0282 4828 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:52:57.0292 4828 lltdsvc - ok
17:52:57.0312 4828 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:52:57.0312 4828 lmhosts - ok
17:52:57.0342 4828 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:52:57.0342 4828 LSI_FC - ok
17:52:57.0342 4828 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:52:57.0352 4828 LSI_SAS - ok
17:52:57.0362 4828 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:52:57.0362 4828 LSI_SAS2 - ok
17:52:57.0372 4828 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:52:57.0372 4828 LSI_SCSI - ok
17:52:57.0382 4828 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:52:57.0392 4828 luafv - ok
17:52:57.0432 4828 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
17:52:57.0432 4828 MBfilt - ok
17:52:57.0472 4828 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
17:52:57.0472 4828 McComponentHostService - ok
17:52:57.0512 4828 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
17:52:57.0512 4828 mcdbus - ok
17:52:57.0552 4828 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:52:57.0562 4828 Mcx2Svc - ok
17:52:57.0582 4828 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:52:57.0592 4828 megasas - ok
17:52:57.0602 4828 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:52:57.0612 4828 MegaSR - ok
17:52:57.0682 4828 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:52:57.0682 4828 Microsoft Office Groove Audit Service - ok
17:52:57.0732 4828 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:52:57.0732 4828 MMCSS - ok
17:52:57.0752 4828 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:52:57.0752 4828 Modem - ok
17:52:57.0772 4828 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:52:57.0772 4828 monitor - ok
17:52:57.0792 4828 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:52:57.0792 4828 mouclass - ok
17:52:57.0832 4828 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:52:57.0832 4828 mouhid - ok
17:52:57.0852 4828 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:52:57.0862 4828 mountmgr - ok
17:52:57.0932 4828 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:52:57.0932 4828 MozillaMaintenance - ok
17:52:57.0952 4828 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
17:52:57.0952 4828 mpio - ok
17:52:57.0972 4828 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:52:57.0982 4828 mpsdrv - ok
17:52:58.0032 4828 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:52:58.0052 4828 MpsSvc - ok
17:52:58.0072 4828 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:52:58.0072 4828 MRxDAV - ok
17:52:58.0122 4828 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:52:58.0122 4828 mrxsmb - ok
17:52:58.0152 4828 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:52:58.0152 4828 mrxsmb10 - ok
17:52:58.0192 4828 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:52:58.0192 4828 mrxsmb20 - ok
17:52:58.0212 4828 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
17:52:58.0212 4828 msahci - ok
17:52:58.0212 4828 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
17:52:58.0212 4828 msdsm - ok
17:52:58.0242 4828 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:52:58.0242 4828 MSDTC - ok
17:52:58.0262 4828 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:52:58.0262 4828 Msfs - ok
17:52:58.0282 4828 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:52:58.0282 4828 mshidkmdf - ok
17:52:58.0292 4828 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
17:52:58.0292 4828 msisadrv - ok
17:52:58.0312 4828 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:52:58.0322 4828 MSiSCSI - ok
17:52:58.0332 4828 msiserver - ok
17:52:58.0362 4828 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:52:58.0362 4828 MSKSSRV - ok
17:52:58.0382 4828 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:52:58.0382 4828 MSPCLOCK - ok
17:52:58.0382 4828 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:52:58.0382 4828 MSPQM - ok
17:52:58.0402 4828 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:52:58.0412 4828 MsRPC - ok
17:52:58.0422 4828 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:52:58.0422 4828 mssmbios - ok
17:52:58.0442 4828 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:52:58.0442 4828 MSTEE - ok
17:52:58.0452 4828 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:52:58.0452 4828 MTConfig - ok
17:52:58.0462 4828 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:52:58.0462 4828 Mup - ok
17:52:58.0642 4828 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
17:52:58.0662 4828 napagent - ok
17:52:58.0692 4828 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:52:58.0692 4828 NativeWifiP - ok
17:52:58.0722 4828 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:52:58.0742 4828 NDIS - ok
17:52:58.0752 4828 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:52:58.0752 4828 NdisCap - ok
17:52:58.0772 4828 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:52:58.0772 4828 NdisTapi - ok
17:52:58.0782 4828 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:52:58.0782 4828 Ndisuio - ok
17:52:58.0792 4828 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:52:58.0792 4828 NdisWan - ok
17:52:58.0822 4828 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:52:58.0822 4828 NDProxy - ok
17:52:58.0842 4828 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:52:58.0842 4828 NetBIOS - ok
17:52:58.0862 4828 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:52:58.0882 4828 NetBT - ok
17:52:58.0912 4828 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
17:52:58.0912 4828 Netlogon - ok
17:52:58.0952 4828 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:52:58.0962 4828 Netman - ok
17:52:58.0972 4828 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:52:58.0982 4828 netprofm - ok
17:52:59.0012 4828 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:52:59.0022 4828 NetTcpPortSharing - ok
17:52:59.0052 4828 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:52:59.0052 4828 nfrd960 - ok
17:52:59.0092 4828 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:52:59.0102 4828 NlaSvc - ok
17:52:59.0122 4828 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:52:59.0122 4828 Npfs - ok
17:52:59.0152 4828 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:52:59.0172 4828 nsi - ok
17:52:59.0182 4828 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:52:59.0182 4828 nsiproxy - ok
17:52:59.0272 4828 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:52:59.0312 4828 Ntfs - ok
17:52:59.0332 4828 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:52:59.0332 4828 Null - ok
17:52:59.0382 4828 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
17:52:59.0382 4828 NVHDA - ok
17:52:59.0682 4828 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:52:59.0932 4828 nvlddmkm - ok
17:52:59.0962 4828 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:52:59.0962 4828 nvraid - ok
17:52:59.0992 4828 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:53:00.0002 4828 nvstor - ok
17:53:00.0052 4828 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
17:53:00.0062 4828 nvsvc - ok
17:53:00.0172 4828 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:53:00.0212 4828 nvUpdatusService - ok
17:53:00.0242 4828 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
17:53:00.0242 4828 nv_agp - ok
17:53:00.0302 4828 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:53:00.0312 4828 odserv - ok
17:53:00.0322 4828 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:53:00.0332 4828 ohci1394 - ok
17:53:00.0352 4828 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:53:00.0362 4828 ose - ok
17:53:00.0392 4828 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:53:00.0402 4828 p2pimsvc - ok
17:53:00.0422 4828 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:53:00.0432 4828 p2psvc - ok
17:53:00.0432 4828 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:53:00.0432 4828 Parport - ok
17:53:00.0472 4828 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:53:00.0472 4828 partmgr - ok
17:53:00.0582 4828 [ 7C0582921913D00180EC2B8518BA135C ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
17:53:00.0582 4828 pbfilter - ok
17:53:00.0662 4828 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:53:00.0662 4828 PcaSvc - ok
17:53:00.0762 4828 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
17:53:00.0772 4828 pci - ok
17:53:00.0792 4828 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
17:53:00.0792 4828 pciide - ok
17:53:00.0812 4828 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:53:00.0822 4828 pcmcia - ok
17:53:00.0842 4828 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:53:00.0852 4828 pcw - ok
17:53:00.0882 4828 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:53:00.0892 4828 PEAUTH - ok
17:53:00.0972 4828 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:53:00.0972 4828 PerfHost - ok
17:53:01.0012 4828 pgsql-8.2 - ok
17:53:01.0052 4828 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
17:53:01.0092 4828 pla - ok
17:53:01.0122 4828 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:53:01.0132 4828 PlugPlay - ok
17:53:01.0152 4828 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:53:01.0152 4828 PNRPAutoReg - ok
17:53:01.0172 4828 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:53:01.0172 4828 PNRPsvc - ok
17:53:01.0262 4828 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:53:01.0272 4828 PolicyAgent - ok
17:53:01.0372 4828 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:53:01.0382 4828 Power - ok
17:53:01.0422 4828 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:53:01.0422 4828 PptpMiniport - ok
17:53:01.0442 4828 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:53:01.0452 4828 Processor - ok
17:53:01.0482 4828 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
17:53:01.0492 4828 ProfSvc - ok
17:53:01.0502 4828 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:53:01.0502 4828 ProtectedStorage - ok
17:53:01.0522 4828 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:53:01.0532 4828 Psched - ok
17:53:01.0572 4828 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:53:01.0612 4828 ql2300 - ok
17:53:01.0632 4828 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:53:01.0632 4828 ql40xx - ok
17:53:01.0662 4828 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:53:01.0672 4828 QWAVE - ok
17:53:01.0682 4828 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:53:01.0682 4828 QWAVEdrv - ok
17:53:01.0692 4828 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:53:01.0692 4828 RasAcd - ok
17:53:01.0722 4828 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:53:01.0732 4828 RasAgileVpn - ok
17:53:01.0742 4828 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:53:01.0752 4828 RasAuto - ok
17:53:01.0752 4828 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:53:01.0762 4828 Rasl2tp - ok
17:53:01.0782 4828 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
17:53:01.0792 4828 RasMan - ok
17:53:01.0802 4828 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:53:01.0802 4828 RasPppoe - ok
17:53:01.0812 4828 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:53:01.0812 4828 RasSstp - ok
17:53:01.0832 4828 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:53:01.0832 4828 rdbss - ok
17:53:01.0852 4828 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:53:01.0852 4828 rdpbus - ok
17:53:01.0862 4828 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:53:01.0872 4828 RDPCDD - ok
17:53:01.0892 4828 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:53:01.0892 4828 RDPENCDD - ok
17:53:01.0892 4828 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:53:01.0902 4828 RDPREFMP - ok
17:53:01.0932 4828 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:53:01.0942 4828 RDPWD - ok
17:53:01.0982 4828 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:53:01.0982 4828 rdyboost - ok
17:53:02.0032 4828 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:53:02.0032 4828 RemoteAccess - ok
17:53:02.0052 4828 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:53:02.0052 4828 RemoteRegistry - ok
17:53:02.0072 4828 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:53:02.0072 4828 RpcEptMapper - ok
17:53:02.0092 4828 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:53:02.0092 4828 RpcLocator - ok
17:53:02.0142 4828 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
17:53:02.0142 4828 RpcSs - ok
17:53:02.0152 4828 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:53:02.0152 4828 rspndr - ok
17:53:02.0182 4828 [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:53:02.0182 4828 RTL8167 - ok
17:53:02.0192 4828 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
17:53:02.0192 4828 SamSs - ok
17:53:02.0212 4828 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
17:53:02.0212 4828 sbp2port - ok
17:53:02.0222 4828 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:53:02.0232 4828 SCardSvr - ok
17:53:02.0242 4828 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:53:02.0242 4828 scfilter - ok
17:53:02.0302 4828 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
17:53:02.0332 4828 Schedule - ok
17:53:02.0372 4828 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:53:02.0372 4828 SCPolicySvc - ok
17:53:02.0392 4828 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:53:02.0402 4828 SDRSVC - ok
17:53:02.0432 4828 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:53:02.0432 4828 secdrv - ok
17:53:02.0452 4828 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
17:53:02.0462 4828 seclogon - ok
17:53:02.0482 4828 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:53:02.0482 4828 SENS - ok
17:53:02.0492 4828 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:53:02.0502 4828 SensrSvc - ok
17:53:02.0522 4828 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:53:02.0522 4828 Serenum - ok
17:53:02.0542 4828 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:53:02.0542 4828 Serial - ok
17:53:02.0552 4828 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:53:02.0552 4828 sermouse - ok
17:53:02.0582 4828 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
17:53:02.0582 4828 SessionEnv - ok
17:53:02.0592 4828 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:53:02.0592 4828 sffdisk - ok
17:53:02.0592 4828 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:53:02.0592 4828 sffp_mmc - ok
17:53:02.0602 4828 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:53:02.0602 4828 sffp_sd - ok
17:53:02.0602 4828 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:53:02.0612 4828 sfloppy - ok
17:53:02.0652 4828 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:53:02.0652 4828 SharedAccess - ok
17:53:02.0782 4828 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:53:02.0812 4828 ShellHWDetection - ok
17:53:02.0842 4828 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:53:02.0842 4828 SiSRaid2 - ok
17:53:02.0862 4828 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:53:02.0862 4828 SiSRaid4 - ok
17:53:02.0872 4828 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:53:02.0872 4828 Smb - ok
17:53:02.0892 4828 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:53:02.0892 4828 SNMPTRAP - ok
17:53:02.0962 4828 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
17:53:02.0962 4828 speedfan - ok
17:53:02.0982 4828 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:53:02.0982 4828 spldr - ok
17:53:03.0042 4828 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
17:53:03.0052 4828 Spooler - ok
17:53:03.0142 4828 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
17:53:03.0192 4828 sppsvc - ok
17:53:03.0232 4828 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:53:03.0262 4828 sppuinotify - ok
17:53:03.0392 4828 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:53:03.0442 4828 srv - ok
17:53:03.0482 4828 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:53:03.0492 4828 srv2 - ok
17:53:03.0532 4828 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:53:03.0532 4828 srvnet - ok
17:53:03.0562 4828 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:53:03.0572 4828 SSDPSRV - ok
17:53:03.0592 4828 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:53:03.0592 4828 SstpSvc - ok
17:53:03.0652 4828 Steam Client Service - ok
17:53:03.0752 4828 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:53:03.0762 4828 Stereo Service - ok
17:53:03.0792 4828 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:53:03.0792 4828 stexstor - ok
17:53:03.0842 4828 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
17:53:03.0862 4828 stisvc - ok
17:53:03.0882 4828 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:53:03.0882 4828 swenum - ok
17:53:03.0902 4828 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:53:03.0912 4828 swprv - ok
17:53:03.0962 4828 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
17:53:03.0992 4828 SysMain - ok
17:53:04.0012 4828 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:53:04.0022 4828 TabletInputService - ok
17:53:04.0032 4828 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
17:53:04.0042 4828 TapiSrv - ok
17:53:04.0062 4828 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:53:04.0072 4828 TBS - ok
17:53:04.0142 4828 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:53:04.0192 4828 Tcpip - ok
17:53:04.0222 4828 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:53:04.0242 4828 TCPIP6 - ok
17:53:04.0262 4828 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:53:04.0262 4828 tcpipreg - ok
17:53:04.0282 4828 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:53:04.0282 4828 TDPIPE - ok
17:53:04.0312 4828 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:53:04.0312 4828 TDTCP - ok
17:53:04.0322 4828 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:53:04.0332 4828 tdx - ok
17:53:04.0342 4828 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:53:04.0342 4828 TermDD - ok
17:53:04.0372 4828 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
17:53:04.0392 4828 TermService - ok
17:53:04.0402 4828 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:53:04.0402 4828 Themes - ok
17:53:04.0422 4828 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:53:04.0422 4828 THREADORDER - ok
17:53:04.0442 4828 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:53:04.0442 4828 TrkWks - ok
17:53:04.0482 4828 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:53:04.0492 4828 TrustedInstaller - ok
17:53:04.0512 4828 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:53:04.0512 4828 tssecsrv - ok
17:53:04.0542 4828 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:53:04.0552 4828 tunnel - ok
17:53:04.0562 4828 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:53:04.0562 4828 uagp35 - ok
17:53:04.0592 4828 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:53:04.0602 4828 udfs - ok
17:53:04.0642 4828 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:53:04.0642 4828 UI0Detect - ok
17:53:04.0652 4828 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
17:53:04.0652 4828 uliagpkx - ok
17:53:04.0682 4828 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:53:04.0682 4828 umbus - ok
17:53:04.0682 4828 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:53:04.0692 4828 UmPass - ok
17:53:04.0712 4828 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:53:04.0712 4828 upnphost - ok
17:53:04.0752 4828 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:53:04.0752 4828 usbccgp - ok
17:53:04.0772 4828 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:53:04.0782 4828 usbcir - ok
17:53:04.0812 4828 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:53:04.0812 4828 usbehci - ok
17:53:04.0832 4828 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:53:04.0842 4828 usbhub - ok
17:53:04.0852 4828 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:53:04.0852 4828 usbohci - ok
17:53:04.0872 4828 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:53:04.0872 4828 usbprint - ok
17:53:04.0902 4828 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:53:04.0902 4828 usbscan - ok
17:53:04.0942 4828 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:53:04.0942 4828 USBSTOR - ok
17:53:04.0962 4828 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:53:04.0962 4828 usbuhci - ok
17:53:04.0982 4828 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:53:04.0982 4828 UxSms - ok
17:53:04.0992 4828 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
17:53:04.0992 4828 VaultSvc - ok
17:53:05.0012 4828 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
17:53:05.0012 4828 vdrvroot - ok
17:53:05.0032 4828 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
17:53:05.0042 4828 vds - ok
17:53:05.0062 4828 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:53:05.0062 4828 vga - ok
17:53:05.0092 4828 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:53:05.0092 4828 VgaSave - ok
17:53:05.0102 4828 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
17:53:05.0112 4828 vhdmp - ok
17:53:05.0122 4828 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
17:53:05.0122 4828 viaide - ok
17:53:05.0142 4828 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
17:53:05.0172 4828 volmgr - ok
17:53:05.0212 4828 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:53:05.0212 4828 volmgrx - ok
17:53:05.0232 4828 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
17:53:05.0232 4828 volsnap - ok
17:53:05.0262 4828 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:53:05.0262 4828 vsmraid - ok
17:53:05.0302 4828 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
17:53:05.0342 4828 VSS - ok
17:53:05.0372 4828 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:53:05.0382 4828 vwifibus - ok
17:53:05.0392 4828 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:53:05.0402 4828 W32Time - ok
17:53:05.0422 4828 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:53:05.0422 4828 WacomPen - ok
17:53:05.0452 4828 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:53:05.0452 4828 WANARP - ok
17:53:05.0462 4828 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:53:05.0462 4828 Wanarpv6 - ok
17:53:05.0552 4828 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:53:05.0602 4828 WatAdminSvc - ok
17:53:05.0652 4828 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
17:53:05.0692 4828 wbengine - ok
17:53:05.0702 4828 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:53:05.0712 4828 WbioSrvc - ok
17:53:05.0762 4828 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:53:05.0772 4828 wcncsvc - ok
17:53:05.0782 4828 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:53:05.0792 4828 WcsPlugInService - ok
17:53:05.0812 4828 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:53:05.0812 4828 Wd - ok
17:53:05.0842 4828 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:53:05.0872 4828 Wdf01000 - ok
17:53:05.0902 4828 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:53:05.0902 4828 WdiServiceHost - ok
17:53:05.0902 4828 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:53:05.0912 4828 WdiSystemHost - ok
17:53:05.0952 4828 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
17:53:05.0962 4828 WebClient - ok
17:53:05.0992 4828 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:53:06.0002 4828 Wecsvc - ok
17:53:06.0012 4828 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:53:06.0022 4828 wercplsupport - ok
17:53:06.0032 4828 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:53:06.0042 4828 WerSvc - ok
17:53:06.0062 4828 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:53:06.0062 4828 WfpLwf - ok
17:53:06.0072 4828 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:53:06.0072 4828 WIMMount - ok
17:53:06.0082 4828 WinDefend - ok
17:53:06.0082 4828 WinHttpAutoProxySvc - ok
17:53:06.0202 4828 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:53:06.0202 4828 Winmgmt - ok
17:53:06.0272 4828 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
17:53:06.0312 4828 WinRM - ok
17:53:06.0372 4828 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
17:53:06.0372 4828 WinUSB - ok
17:53:06.0412 4828 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:53:06.0432 4828 Wlansvc - ok
17:53:06.0562 4828 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:53:06.0602 4828 wlidsvc - ok
17:53:06.0622 4828 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:53:06.0622 4828 WmiAcpi - ok
17:53:06.0642 4828 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:53:06.0642 4828 wmiApSrv - ok
17:53:06.0682 4828 WMPNetworkSvc - ok
17:53:06.0772 4828 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
17:53:06.0772 4828 WMZuneComm - ok
17:53:06.0802 4828 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:53:06.0802 4828 WPCSvc - ok
17:53:06.0832 4828 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:53:06.0832 4828 WPDBusEnum - ok
17:53:06.0862 4828 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:53:06.0892 4828 ws2ifsl - ok
17:53:06.0962 4828 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
17:53:06.0962 4828 wscsvc - ok
17:53:06.0972 4828 WSearch - ok
17:53:07.0112 4828 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:53:07.0162 4828 wuauserv - ok
17:53:07.0172 4828 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:53:07.0172 4828 WudfPf - ok
17:53:07.0182 4828 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:53:07.0192 4828 WUDFRd - ok
17:53:07.0202 4828 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:53:07.0202 4828 wudfsvc - ok
17:53:07.0222 4828 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:53:07.0232 4828 WwanSvc - ok
17:53:07.0542 4828 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
17:53:07.0712 4828 ZuneNetworkSvc - ok
17:53:07.0772 4828 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
17:53:07.0782 4828 ZuneWlanCfgSvc - ok
17:53:07.0792 4828 ================ Scan global ===============================
17:53:07.0822 4828 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:53:07.0852 4828 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
17:53:07.0872 4828 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
17:53:07.0902 4828 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:53:07.0942 4828 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:53:07.0942 4828 [Global] - ok
17:53:07.0942 4828 ================ Scan MBR ==================================
17:53:07.0952 4828 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:53:08.0162 4828 \Device\Harddisk0\DR0 - ok
17:53:08.0172 4828 [ 117EBF02F374A2469D61D1C801F8C1FF ] \Device\Harddisk1\DR1
17:53:08.0252 4828 \Device\Harddisk1\DR1 - ok
17:53:08.0262 4828 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk6\DR6
17:53:10.0052 4828 \Device\Harddisk6\DR6 - ok
17:53:10.0052 4828 ================ Scan VBR ==================================
17:53:10.0062 4828 [ D616024C139F8C9B3073FB035D2E3742 ] \Device\Harddisk0\DR0\Partition1
17:53:10.0062 4828 \Device\Harddisk0\DR0\Partition1 - ok
17:53:10.0082 4828 [ EDA6418A937D3D3F4FF1183E4F690EA3 ] \Device\Harddisk0\DR0\Partition2
17:53:10.0082 4828 \Device\Harddisk0\DR0\Partition2 - ok
17:53:10.0082 4828 [ 57F1FD31AD3F77CDC95040B8B8AB51F9 ] \Device\Harddisk1\DR1\Partition1
17:53:10.0082 4828 \Device\Harddisk1\DR1\Partition1 - ok
17:53:10.0082 4828 [ 852F450D499057F3F67DE5969E9A93B3 ] \Device\Harddisk6\DR6\Partition1
17:53:10.0082 4828 \Device\Harddisk6\DR6\Partition1 - ok
17:53:10.0082 4828 ============================================================
17:53:10.0082 4828 Scan finished
17:53:10.0082 4828 ============================================================
17:53:10.0092 3868 Detected object count: 0
17:53:10.0092 3868 Actual detected object count: 0

and

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-09 18:56:12
-----------------------------
18:56:12.603 OS Version: Windows x64 6.1.7600
18:56:12.603 Number of processors: 6 586 0xA00
18:56:12.603 ComputerName: CONNOR-PC UserName: Connor
18:56:13.464 Initialize success
18:56:58.476 AVAST engine defs: 12100901
18:57:27.423 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:57:27.428 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3
18:57:27.434 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5
18:57:27.439 Disk 1 Vendor: ST3200827A 3.AAE Size: 190782MB BusType: 3
18:57:27.445 Disk 6 \Device\Harddisk6\DR6 -> \Device\0000008e
18:57:27.451 Disk 6 Vendor: Size: 190782MB BusType: 0
18:57:27.470 Disk 0 MBR read successfully
18:57:27.473 Disk 0 MBR scan
18:57:27.477 Disk 0 Windows 7 default MBR code
18:57:27.480 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:57:27.490 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
18:57:27.511 Disk 0 scanning C:\Windows\system32\drivers
18:57:36.058 Service scanning
18:57:53.697 Modules scanning
18:57:53.721 Disk 0 trace - called modules:
18:57:53.761 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:57:53.776 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ab7060]
18:57:53.787 3 CLASSPNP.SYS[fffff880011d143f] -> nt!IofCallDriver -> [0xfffffa800395ee40]
18:57:53.794 5 ACPI.sys[fffff88000e28781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800483a060]
18:57:55.944 AVAST engine scan C:\Windows
18:57:59.145 AVAST engine scan C:\Windows\system32
19:00:41.468 AVAST engine scan C:\Windows\system32\drivers
19:00:52.329 AVAST engine scan C:\Users\Connor
19:30:50.967 AVAST engine scan C:\ProgramData
19:32:33.005 Scan finished successfully
19:52:34.252 Disk 0 MBR has been saved successfully to "C:\Users\Connor\Desktop\MBR.dat"
19:52:34.262 The log file has been saved successfully to "C:\Users\Connor\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 09 October 2012 - 09:00 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 12 October 2012 - 01:30 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Jesus1

Jesus1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 13 October 2012 - 10:44 AM

yep, I'm still here. I ran the script a few days ago, but I forgot to post it :/. anyway, my computer seems to be doing fine now, I haven't encountered any more problems.

ComboFix 12-10-10.02 - Connor 10/10/2012 15:31:12.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2002 [GMT -4:00]
Running from: c:\users\Connor\Desktop\ComboFix.exe
Command switches used :: c:\users\Connor\Desktop\cfscript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 19:42 . 2012-10-10 19:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-10 19:42 . 2012-10-10 19:42 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-10-10 19:42 . 2012-10-10 19:42 -------- d-----w- c:\users\Jeff\AppData\Local\temp
2012-10-10 19:42 . 2012-10-10 19:42 -------- d-----w- c:\users\Donna\AppData\Local\temp
2012-10-10 19:42 . 2012-10-10 19:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 19:42 . 2012-10-10 19:42 -------- d-----w- c:\users\CC\AppData\Local\temp
2012-10-10 19:28 . 2012-10-10 19:28 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B1AE98E-CB2D-49F1-99FA-67F236FFFE92}\offreg.dll
2012-10-10 00:42 . 2012-10-10 00:42 -------- d-----w- c:\program files (x86)\Webinaria
2012-10-10 00:30 . 2012-10-10 00:30 -------- d-----w- c:\users\Connor\AppData\Local\TechSmith
2012-10-09 21:48 . 2012-10-09 21:48 -------- d-----w- c:\program files (x86)\CamStudio 2.6b
2012-10-09 21:48 . 2010-10-24 04:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-10-09 20:04 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B1AE98E-CB2D-49F1-99FA-67F236FFFE92}\mpengine.dll
2012-10-08 00:15 . 2012-10-08 00:15 -------- d-----w- c:\users\CC\AppData\Local\VirtualStore
2012-10-05 17:35 . 2012-10-05 17:56 -------- d-----w- c:\users\Connor\AppData\Local\ID Vault
2012-10-05 17:35 . 2012-10-05 17:35 -------- d-----w- c:\users\Connor\AppData\Local\White_Sky,_Inc
2012-10-05 17:33 . 2012-10-05 17:56 -------- d-----w- c:\users\Connor\AppData\Roaming\ID Vault
2012-10-05 09:20 . 2012-10-05 09:20 -------- d-----w- c:\programdata\IsolatedStorage
2012-10-05 09:20 . 2012-10-05 17:56 -------- d-----w- c:\users\Jeff\AppData\Local\ID Vault
2012-10-05 09:20 . 2012-10-05 09:20 -------- d-----w- c:\users\Jeff\AppData\Local\White_Sky,_Inc
2012-10-05 09:19 . 2012-10-05 17:56 -------- d-----w- c:\users\Jeff\AppData\Roaming\ID Vault
2012-10-05 09:18 . 2012-10-05 09:18 -------- d-----w- c:\program files (x86)\xfin_portal
2012-10-05 09:17 . 2012-10-05 17:56 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2012-10-05 09:17 . 2012-10-05 09:17 -------- d-----w- c:\programdata\White Sky, Inc
2012-10-02 22:58 . 2012-10-04 21:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-02 01:07 . 2012-10-02 01:07 -------- d-----w- c:\program files (x86)\Xvid
2012-10-02 01:07 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-10-02 01:07 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2012-10-02 01:07 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2012-10-02 01:07 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2012-10-02 01:07 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-10-02 01:07 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2012-10-01 21:59 . 2012-10-01 21:59 -------- d-----w- C:\Pyjt7WqP76vRpNj
2012-09-30 14:01 . 2012-09-30 14:01 -------- d-----w- c:\users\CC\AppData\Roaming\NVIDIA
2012-09-30 11:30 . 2012-09-30 11:30 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-22 20:35 . 2012-10-05 18:02 -------- d-----w- c:\program files\BOINC
2012-09-22 20:35 . 2012-10-05 17:54 -------- d-----w- c:\programdata\BOINC
2012-09-22 20:34 . 2012-09-22 20:34 -------- d-----w- c:\windows\Downloaded Installations
2012-09-22 17:55 . 2012-09-22 17:55 -------- d-----w- c:\users\Connor\AppData\Roaming\minmaxgames
2012-09-17 21:49 . 2012-09-17 21:49 -------- d-----w- c:\users\Connor\AppData\Local\Two Tribes
2012-09-15 16:15 . 2012-10-10 19:20 -------- d-----r- c:\users\Connor\Dropbox
2012-09-15 16:12 . 2012-10-10 19:20 -------- d-----w- c:\users\Connor\AppData\Roaming\Dropbox
2012-09-14 19:35 . 2012-09-17 21:49 -------- d-----w- c:\program files (x86)\FTL
2012-09-14 00:10 . 2012-08-30 16:18 3487434 ----a-w- c:\windows\system32\nvcoproc.bin
2012-09-14 00:10 . 2012-10-05 09:45 -------- d-----w- C:\temp
2012-09-11 21:45 . 2012-09-11 21:45 -------- d-----w- c:\program files (x86)\AMD
2012-09-11 21:45 . 2012-09-11 21:45 -------- d-----w- c:\users\Connor\AppData\Local\Downloaded Installations
2012-09-11 19:26 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 19:26 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 20:46 . 2012-08-08 18:03 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 20:46 . 2012-02-20 20:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 17:10 . 2012-08-01 03:42 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-08 17:10 . 2012-08-01 03:42 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-08 17:10 . 2012-08-01 03:42 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-08 17:10 . 2012-08-01 03:42 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-08-30 19:14 . 2012-02-20 20:45 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 19:14 . 2012-02-20 20:45 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-08-30 19:14 . 2012-02-20 20:45 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2012-02-20 20:45 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-08-30 19:14 . 2012-02-20 20:45 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-08-30 16:18 . 2012-02-20 20:40 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2012-02-20 20:40 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2012-02-20 20:40 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2012-02-20 20:40 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2012-02-20 20:40 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 14:40 . 2012-08-30 14:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-07-18 17:31 . 2012-08-15 08:54 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-07-14 02:41 . 2012-07-14 02:41 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6b4c16b8-9367-11e1-9d04-acafbbe59b18}]
2009-11-25 17:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080]
"WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Connor\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-2-20 576000]
speedfan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2012-3-26 4656632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2012-06-25 136648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 116648]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 ALSysIO;ALSysIO;c:\users\Connor\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-05-08 131912]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 116648]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-23 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-06-25 57512]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 20:46]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 11:59]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 11:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Connor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aol.com/?mtmhp=hyplogusaolp00000019
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\813dblim.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Mirror's Edge 1.01_is1 - d:\games\Mirror's Edge\unins000.exe
AddRemove-Quantum Conundrum_is1 - c:\program files (x86)\SQUARE ENIX\Quantum Conundrum\unins000.exe
AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe
AddRemove-{6BFBCE04-9970-4297-85E9-0740F787CDEA}_is1 - c:\program files (x86)\SPEC OPS\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343827381-988755821-2520954252-1001\Software\SecuROM\License information*]
"datasecu"=hex:7d,e6,e1,9a,2e,72,02,f8,9f,1a,be,48,f1,67,b4,b4,f9,65,cc,78,e6,
d8,59,d8,09,5f,88,10,b7,d0,57,0f,8f,40,49,1f,25,50,da,0e,11,70,c9,bf,fa,52,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-10 15:53:06
ComboFix-quarantined-files.txt 2012-10-10 19:53
ComboFix2.txt 2012-10-06 15:46
.
Pre-Run: 107,017,912,320 bytes free
Post-Run: 106,958,254,080 bytes free
.
- - End Of File - - D2021AD5B814CE69D57DC819EDCE50DA

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 13 October 2012 - 12:35 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Java™ 6 Update 29
Java™ 7 Update 5
JavaFX 2.1.1
McAfee Security Scan Plus
uTorrentControl2 Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 16 October 2012 - 12:12 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 18 October 2012 - 11:19 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 PM

Posted 22 October 2012 - 12:08 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users