Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help - "RANSOMWARE" - Police Cybercrime Investigation Department - Spyware/Virus


  • This topic is locked This topic is locked
29 replies to this topic

#1 Nimalan Somu

Nimalan Somu

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 16 October 2012 - 06:55 PM

Hi, My laptop (Windows Vista Ultimate) is popping up a screen and telling me that my computer has been locked and i have to pay $100 fine to unlocked it. it's saying its from POLICE CYBERCRIME INVESTIGATION DEPARTMENT. It has locked my complete screen and it's automatically have activated my webcam. I called the cops and the cops fraud department referred this website to get help. They stated that this spyware/virus is called as "RANSOMWARE". Can someone help me with this please.Thank You.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:48 AM

Posted 17 October 2012 - 09:26 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Nimalan Somu

Nimalan Somu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 19 October 2012 - 07:49 PM

Hi,

How are you? Thank you so much for coming forward to helping me. I really appreciate you time and willingness. Thank you. Here are the reports that you've requested.

RESULTS FROM CHECKUP - NOTEPAD


Results of screen317's Security Check version 0.99.53
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Internet Security 2011
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
AVG PC Tuneup 2011
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader X 10.1.1 Adobe Reader out of Date!
Mozilla Firefox (16.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

RESULTS FROM ATTACH.TXT - NOTEPAD

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/19/2010 12:19:28 AM
System Uptime: 10/19/2012 8:18:24 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0KX412
Processor: Intel® Core™2 Duo CPU T8300 @ 2.40GHz | Microprocessor | 2393/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 139.011 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Device
Device ID: PCI\VEN_1971&DEV_0000&SUBSYS_0003105B&REV_00\4&2C9CB585&0&00E4
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_1971&DEV_0000&SUBSYS_0003105B&REV_00\4&2C9CB585&0&00E4
Service:
.
==== System Restore Points ===================
.
RP330: 10/15/2012 7:26:42 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3D-Album-CS
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
AVG 2011
AVG PC Tuneup 2011
Azhagi+ 10.15
BitTorrent
BlackBerry Desktop Software 7.1
Bonjour
Burn My Files
CAM UnZip 4.5
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.0
Canon MP490 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Command & Conquer Generals
CyberLink BD_3D Advisor 2.0
CyberLink PowerDVD 12
D3DX10
Dell Driver Download Manager
Dell Touchpad
DirectXInstallService
DivX Web Player
DVC5.1 Driver
Express Zip
Google Chrome
Google Earth Plug-in
Google Maps Downloader 6.75
Google Update Helper
High-Definition Video Playback
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
I8kfanGUI V3.1
iLivid
Intel® PROSet/Wireless Software
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java™ 6 Update 31
Laptop Integrated Webcam Driver (1.04.01.1011)
LogMeIn
LogMeIn Hamachi
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
mCore
mDriver
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
mMHouse
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWMI
Need for Speed™ Hot Pursuit
Nero 10 Movie ThemePack Basic
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 10
Nero Core Components 11
Nero Dolby Files 10
Nero Kwik Media
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero Update
nero.prerequisites.msi
NeroKwikMedia Help (CHM)
NVIDIA 3D Vision Driver 260.99
NVIDIA Control Panel 260.99
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 260.99
NVIDIA Stereoscopic 3D Driver
Photodex Presenter
PowerISO
Prism Video File Converter
ProShow Producer
QuickSet
QuickTime
RICOH R5C83x/84x Media Driver x86 Ver.3.34.03
RICOH R5U241 / R5C847 Media Driver ver.2.04.01.00
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Samsung DVC Media 5.1
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Segoe UI
Skype Click to Call
Skype™ 5.5
Switch Sound File Converter
System Requirements Lab
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Video Card Stability Test
Visviva Animation Player
VLC media player 1.1.11
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Sound Schemes
Xilisoft MP3 CD Burner 6
.
==== Event Viewer Messages From Past Week ========
.
10/19/2012 8:21:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/19/2012 8:21:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/19/2012 8:21:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/19/2012 8:21:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/19/2012 8:21:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/19/2012 8:20:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 SCDEmu spldr Wanarpv6
10/19/2012 8:20:24 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
10/19/2012 8:20:24 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
10/19/2012 8:20:24 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2012 8:19:21 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
10/19/2012 8:18:57 PM, Error: EventLog [6008] - The previous system shutdown at 8:16:50 PM on 10/19/2012 was unexpected.
10/19/2012 7:59:07 PM, Error: EventLog [6008] - The previous system shutdown at 4:16:57 PM on 10/18/2012 was unexpected.
10/18/2012 4:14:45 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
10/18/2012 4:14:45 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
10/18/2012 4:14:45 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/17/2012 7:42:28 PM, Error: EventLog [6008] - The previous system shutdown at 7:56:07 PM on 10/16/2012 was unexpected.
10/17/2012 10:02:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/16/2012 7:05:32 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
10/16/2012 7:04:41 PM, Error: EventLog [6008] - The previous system shutdown at 6:38:13 PM on 10/16/2012 was unexpected.
10/16/2012 6:34:27 PM, Error: EventLog [6008] - The previous system shutdown at 6:32:14 PM on 10/16/2012 was unexpected.
10/16/2012 6:30:28 PM, Error: EventLog [6008] - The previous system shutdown at 6:27:55 PM on 10/16/2012 was unexpected.
.
==== End Of File ===========================

RESULTS FROM DDS.TXT - NOTEPAD

DDS (Ver_2012-10-19.01) - NTFS_x86 NETWORK
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_31
Run by Rajana at 20:34:23 on 2012-10-19
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.2080 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Rajana\Downloads\SecurityCheck.exe
C:\Windows\system32\Defrag.exe
C:\Windows\system32\DfrgNtfs.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
uRun: [Google Update] "c:\users\rajana\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: c:\users\rajana\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableStartupSound = dword:1
mPolicies-System: DisableStatusMessages = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A0471B34-9FF5-416B-BB04-B0D5203CE06C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CD416052-DCCF-4004-B56E-3616C7863920} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - c:\windows\system32\soundschemes.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rajana\appdata\roaming\mozilla\firefox\profiles\2ecx74ay.default\
FF - prefs.js: browser.startup.homepage - google.ca
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B2b186142-0bdd-4493-8c1b-ab16d8a980f8%7D&mid=fb50dee010d947d69628d168dd384a47-61f110575feda6e1f74b620129d3402c54680d3a&ds=AVG&v=10.0.0.7&lang=us&pr=pa&d=2012-02-14%2010%3A42%3A51&sap=ku&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HBLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\rajana\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\rajana\appdata\roaming\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - ExtSQL: !HIDDEN! 2011-01-13 21:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-8-29 1385896]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2011-12-10 240128]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\rajana\desktop\new folder (2)\run\a2ddax86.sys [2012-10-19 17904]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
S1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2011-9-1 14464]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/02/09 22:08:49];c:\program files\cyberlink\powerdvd12\common\navfilter\000.fcl [2012-1-11 87536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-23 136176]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 374184]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-9-28 47640]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_PowerDVD12.sys [2012-2-9 120432]
S2 SessionLauncher;SessionLauncher; [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-1-8 80184]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-23 136176]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-1-8 181432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-17 250056]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-15 167264]
S4 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
S4 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
S4 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
S4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\CLHNServiceForPowerDVD12.exe [2012-2-9 87336]
S4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSMonitorServicePDVD12.exe [2012-2-9 75048]
S4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSServerPDVD12.exe [2012-2-9 296232]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 115168]
S4 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-9-23 641832]
S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S4 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
S4 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-11 935008]
.
=============== Created Last 30 ================
.
2012-10-18 20:15:50 -------- d-----w- c:\users\rajana\appdata\local\{E8DE9720-D295-492E-80DC-8B3F0641A6C8}
2012-10-18 02:16:44 -------- d-----w- c:\programdata\CAM Development
2012-10-18 02:16:43 -------- d-----w- c:\program files\CAM Development
2012-10-16 18:03:50 -------- d-----w- c:\users\rajana\appdata\local\{78954753-FFDF-4A42-916C-2B7B1DFDB0B2}
2012-10-15 17:37:31 44544 ----a-w- c:\programdata\lsass.exe
2012-10-15 15:27:13 -------- d-----w- c:\users\rajana\appdata\local\{98368769-9ED9-4972-AF15-5103231511CB}
2012-10-15 02:51:47 -------- d-----w- c:\users\rajana\appdata\local\{BCD5BD2F-09DD-47BF-8B9E-88C2A7772339}
2012-10-14 03:21:23 -------- d-----w- c:\program files\EA Games
2012-10-14 01:31:51 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-10-14 01:31:51 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-10-13 17:10:56 -------- d-----w- c:\users\rajana\appdata\local\{51D82A8C-093B-43DC-B487-262F0F55078E}
2012-10-12 20:05:03 -------- d-----w- c:\users\rajana\appdata\local\{3DD160A3-6ADA-45A0-B521-FB8DD74F0B6B}
2012-10-12 00:33:25 -------- d-----w- c:\users\rajana\appdata\local\{2629250B-9C7D-446D-9A12-D2ACE88E7358}
2012-10-11 10:41:31 -------- d-----w- c:\users\rajana\appdata\local\{A6E10C34-0918-4A6A-943D-E08C191C55BF}
2012-10-10 17:45:52 -------- d-----w- c:\users\rajana\appdata\local\{E2BCFE2D-25D3-4592-A2A8-596BAFD6EE72}
2012-10-09 21:40:25 -------- d-----w- c:\users\rajana\appdata\local\{C9EDF4C7-70E1-49ED-B1F6-48FAFC4E4EC8}
2012-10-08 23:21:23 -------- d-----w- c:\users\rajana\appdata\local\{9C5C904E-A8E3-4AA3-9524-5B6A6D45A608}
2012-10-07 20:52:14 -------- d-----w- c:\users\rajana\appdata\local\{13130A67-B094-43A8-9A53-10150407C201}
2012-10-07 20:51:17 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-10-07 20:51:01 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-10-07 02:12:12 -------- d-----w- c:\users\rajana\appdata\local\LogMeIn Hamachi
2012-10-07 02:03:05 -------- d-----w- c:\users\rajana\appdata\local\{299B2608-C861-4278-BA86-5A89B336DC53}
2012-10-05 16:54:16 -------- d-----w- c:\users\rajana\appdata\local\{BFBCA34C-09BE-41C9-B4BD-076A551D2A02}
2012-10-05 04:53:42 -------- d-----w- c:\users\rajana\appdata\local\{501EB770-DFEF-4744-8405-ECD84F8FC27A}
2012-10-04 13:51:00 -------- d-----w- c:\users\rajana\appdata\local\{C8F259A7-BF35-4E7E-A917-3BD686DBC9DE}
2012-10-04 00:23:55 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-10-03 20:11:28 -------- d-----w- c:\users\rajana\appdata\local\{A8D7FA7C-712D-4631-A29C-30B13388CDF0}
2012-10-02 20:42:19 -------- d-----w- c:\users\rajana\appdata\local\{E5A5FF9E-4A4B-4FB7-87FF-E7361D25117D}
2012-10-02 00:56:24 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-10-02 00:56:22 -------- d-----w- c:\program files\MagicDisc
2012-10-01 23:27:28 -------- d-----w- c:\program files\MagicISO
2012-10-01 23:25:30 -------- d-----w- c:\users\rajana\appdata\roaming\PowerISO
2012-10-01 23:24:57 -------- d-----w- c:\program files\PowerISO
2012-10-01 16:51:18 -------- d-----w- c:\users\rajana\appdata\local\{E05565F0-6133-4011-B9A2-0303B9B2BC39}
2012-10-01 01:03:03 -------- d-----w- c:\users\rajana\appdata\local\{5A78728E-20CF-49B3-9ECD-246D54ED141D}
2012-09-29 03:16:11 -------- d-----w- c:\users\rajana\appdata\local\LogMeIn
2012-09-29 03:16:05 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-09-29 03:16:05 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-09-29 03:16:05 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-09-29 03:16:05 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-09-29 03:16:01 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-09-29 03:15:53 -------- d-----w- c:\programdata\LogMeIn
2012-09-29 03:15:38 -------- d-----w- c:\program files\LogMeIn
2012-09-28 21:58:20 -------- d-----w- c:\users\rajana\appdata\local\{6B192686-9913-498B-BA1A-D8DD134EDB1B}
2012-09-28 21:50:22 -------- d-----w- c:\users\rajana\appdata\local\{E122C0BD-950C-47C0-A417-03533F74D32E}
2012-09-27 14:09:42 -------- d-----w- c:\users\rajana\appdata\local\{603A8492-37F4-4E95-9673-F8B78C7549CF}
2012-09-27 01:54:05 -------- d-----w- c:\users\rajana\appdata\local\{552FC6B6-02CE-4901-A9C5-648CFAEFF98A}
2012-09-26 19:48:35 -------- d-----w- c:\users\rajana\appdata\local\{0AB80F60-F848-4F3B-8E67-6AFDC3E2905D}
2012-09-26 01:03:12 -------- d-----w- c:\users\rajana\appdata\local\{B6B5334D-FA3A-4328-BD52-B7DA49403DC5}
2012-09-25 13:01:08 -------- d-----w- c:\users\rajana\appdata\local\{9E860B93-E318-4931-B975-3C2E41580DF4}
2012-09-24 19:43:41 -------- d-----w- c:\users\rajana\appdata\local\{FF39AE37-F589-475C-A860-AF96AFDD3CA4}
2012-09-23 20:59:28 -------- d-----w- c:\users\rajana\appdata\local\{54E0A79A-B01E-41FB-8157-E8176D4F52DC}
2012-09-23 01:36:45 -------- d-----w- c:\users\rajana\appdata\local\{09B18946-46CA-48EC-B7CA-5B65C8FC753B}
2012-09-21 21:13:03 -------- d-----w- c:\users\rajana\appdata\local\{C2CE4F8E-91A2-44C9-866F-9A648C5B6B58}
2012-09-20 19:30:22 -------- d-----w- c:\users\rajana\appdata\local\{5DB70F9F-F374-4F7E-A911-28AD22B56C7C}
.
==================== Find3M ====================
.
2012-08-24 07:57:00 113104 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-08-23 14:42:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 14:42:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-23 14:42:35 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
============= FINISH: 20:34:48.93 ===============

#4 Nimalan Somu

Nimalan Somu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 19 October 2012 - 07:51 PM

HI, please note that i have put on title as RESULTS FROM CHECKUP.txt, RESULTS FROM attach.txt, RESULTS FROM dds.txt....on top of each report. Ill look forward to hearing form you. Thank you.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:48 AM

Posted 19 October 2012 - 09:55 PM

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Nimalan Somu

Nimalan Somu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 20 October 2012 - 04:57 PM

# AdwCleaner v2.005 - Logfile created 10/20/2012 at 17:39:23
# Updated 14/10/2012 by Xplode
# Operating system : Windows Vista ™ Ultimate Service Pack 2 (32 bits)
# User : Rajana - RAJANA-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Rajana\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Rajana\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Rajana\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Rajana\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Rajana\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Rajana\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6002.18005

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={21CD1A7F-2475-4098-9E5C-331A095B435C}&mid=fb50dee010d947d69628d168dd384a47-61f110575feda6e1f74b620129d3402c54680d3a&lang=us&ds=AVG&pr=pa&d=2012-02-14 10:42:51&v=11.1.0.12&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Rajana\AppData\Roaming\Mozilla\Firefox\Profiles\2ecx74ay.default\prefs.js

C:\Users\Rajana\AppData\Roaming\Mozilla\Firefox\Profiles\2ecx74ay.default\user.js ... Deleted !

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.0.0.7");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B2b186142-0bdd-4493-8c1b-ab16d8a980f8%[...]

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Rajana\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7039 octets] - [20/10/2012 17:39:23]

########## EOF - C:\AdwCleaner[S1].txt - [7099 octets] ##########

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Rajana [Admin rights]
Mode : Scan -- Date : 10/20/2012 17:44:10

¤¤¤ Bad processes : 2 ¤¤¤
[ZeroAccess][DLL] explorer.exe -- C:\Windows\explorer.exe : c:\windows\system32\n -> UNLOADED
[ZeroAccess][DLL] explorer.exe -- C:\Windows\explorer.exe : c:\windows\system32\n -> UNLOADED

¤¤¤ Registry Entries : 8 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> FOUND
[TASK][SUSP PATH] Windows Driver Foundation.job : C:\Users\Rajana\AppData\Local\Windows Driver Foundation\WUDFHost.exe -> FOUND
[TASK][SUSP PATH] {0A48C6F3-47F8-4391-B80E-632D515D252A} : C:\Windows\System32\pcalua.exe -a "C:\Users\Rajana\Desktop\New Folder (3)\3D_Album_329_ENG_By_Gerti_id\3D-Album 3.29\3DAlbumCS 3.28_3.29\3D-Album-CS-3.29-Upgrade.exe" -d "C:\Users\Rajana\Desktop\New Folder (3)\3D_Album_329_ENG_By_Gerti_id\3D-Album 3.29\3DAlbumCS 3.28_3.29" -> FOUND
[TASK][SUSP PATH] {6B705992-0DA4-4C6A-A47A-816052311E43} : C:\Windows\System32\pcalua.exe -a "C:\Users\Rajana\Desktop\New Folder (3)\3D_Album_329_ENG_By_Gerti_id\3D-Album 3.29\3DAlbumCS 3.28_3.29\3D-Album-CS-3.28-Upgrade.exe" -d "C:\Users\Rajana\Desktop\New Folder (3)\3D_Album_329_ENG_By_Gerti_id\3D-Album 3.29\3DAlbumCS 3.28_3.29" -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Rajana\AppData\Local\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\Windows\Installer\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\n --> FOUND
[ZeroAccess][FILE] @ : C:\Windows\Installer\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\L --> FOUND
[ZeroAccess][FILE] n : C:\Users\Rajana\AppData\Local\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\n --> FOUND
[ZeroAccess][FILE] @ : C:\Users\Rajana\AppData\Local\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Rajana\AppData\Local\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Rajana\AppData\Local\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC\Desktop.ini --> FOUND
[Susp.ASLR|Sig - ZeroAccess][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320423AS +++++
--- User ---
[MBR] 6f955e0e38e03a9edce6e3442b4394c2
[BSP] 0ccd984a0ba9cad589b2d65f59945fa8 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Rajana [Admin rights]
Mode : Remove -- Date : 10/20/2012 17:46:37

¤¤¤ Bad processes : 3 ¤¤¤
[ZeroAccess][DLL] explorer.exe -- C:\Windows\explorer.exe : c:\windows\system32\n -> UNLOADED
[ZeroAccess][DLL] explorer.exe -- C:\Windows\explorer.exe : c:\windows\system32\n -> UNLOADED
[ZeroAccess][DLL] explorer.exe -- C:\Windows\explorer.exe : c:\windows\system32\n -> UNLOADED

¤¤¤ Registry Entries : 8 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (\??\C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl) -> DELETED
[TASK][SUSP PATH] Windows Driver Foundation.job : C:\Users\Rajana\AppData\Local\Windows Driver Foundation\WUDFHost.exe -> DELETED
[TASK][SUSP PATH] {0A48C6F3-47F8-4391-B80E-632D515D252A} : C:\Windows\System32\pcalua.exe -a "C:\Users\Rajana\Desktop\New Folder (3)\3D_Album_329_ENG_By_Gerti_id\3D-Album 3.29\3DAlbumCS 3.28_3.29\3D-Album-CS-3.29-Upgrade.exe" -d "C:\Users\Rajana\Desktop\New Folder (3)\3D_Album_329_ENG_By_Gerti_id\3D-Album 3.29\3DAlbumCS 3.28_3.29" -> DELETED
[TASK][SUSP PATH] {6B705992-0DA4-4C6A-A47A-816052311E43} : C:\Windows\System32\pcalua.exe -a "C:\Users\Rajana\Desktop\New Folder (3)\3D_Album_329_ENG_By_Gerti_id\3D-Album 3.29\3DAlbumCS 3.28_3.29\3D-Album-CS-3.28-Upgrade.exe" -d "C:\Users\Rajana\Desktop\New Folder (3)\3D_Album_329_ENG_By_Gerti_id\3D-Album 3.29\3DAlbumCS 3.28_3.29" -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Rajana\AppData\Local\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\Windows\Installer\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\n --> REMOVED
[ZeroAccess][FILE] @ : C:\Windows\Installer\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\@ --> REMOVED AT REBOOT
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\U\80000032.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\L --> REMOVED
[ZeroAccess][FILE] n : C:\Users\Rajana\AppData\Local\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\n --> REMOVED
[ZeroAccess][FILE] @ : C:\Users\Rajana\AppData\Local\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Rajana\AppData\Local\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Rajana\AppData\Local\{848ade26-4eb5-ee04-0b77-1bcabea1cdd4}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC\Desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR|Sig - ZeroAccess][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe)

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320423AS +++++
--- User ---
[MBR] 6f955e0e38e03a9edce6e3442b4394c2
[BSP] 0ccd984a0ba9cad589b2d65f59945fa8 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#7 Nimalan Somu

Nimalan Somu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 20 October 2012 - 04:58 PM

HI, thank you....

i have attached the results...is that mean my computer is free of that virus? , because my screen haven't locked up yet....

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:48 AM

Posted 20 October 2012 - 05:54 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Nimalan Somu

Nimalan Somu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 22 October 2012 - 10:03 PM

ComboFix 12-10-22.03 - Rajana 10/22/2012 22:35:02.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.1965 [GMT -4:00]
Running from: c:\users\Rajana\Downloads\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\gifnocsm.pad
c:\programdata\lsass.exe
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Rajana\AppData\Local\Asus.xrm-ms
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\FlashPlayerInstaller.exe
c:\windows\system32\muzapp.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!winsxs!x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56!services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NVSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
.
.
2012-10-23 02:45 . 2012-10-23 02:51 -------- d-----w- c:\users\Rajana\AppData\Local\temp
2012-10-23 02:45 . 2012-10-23 02:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-20 22:36 . 2012-10-20 22:36 -------- d-----w- c:\users\Rajana\AppData\Roaming\EasyDuplicateFinder
2012-10-20 22:36 . 2012-10-20 22:36 -------- d-----w- c:\program files\Easy Duplicate Finder 4
2012-10-20 21:43 . 2012-10-20 21:43 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-10-18 02:16 . 2012-10-18 02:16 -------- d-----w- c:\programdata\CAM Development
2012-10-18 02:16 . 2012-10-18 02:16 -------- d-----w- c:\program files\CAM Development
2012-10-14 03:21 . 2012-10-14 03:21 -------- d-----w- c:\program files\EA Games
2012-10-14 01:31 . 2012-10-14 01:31 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-10-14 01:31 . 2012-10-14 01:31 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-10-07 20:51 . 2009-03-18 21:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-10-07 20:51 . 2012-10-07 20:51 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-10-07 02:12 . 2012-10-22 23:20 -------- d-----w- c:\users\Rajana\AppData\Local\LogMeIn Hamachi
2012-10-04 00:23 . 2012-10-14 01:31 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-10-02 00:56 . 2009-02-24 22:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-10-02 00:56 . 2012-10-02 00:56 -------- d-----w- c:\program files\MagicDisc
2012-10-01 23:27 . 2012-10-02 00:46 -------- d-----w- c:\program files\MagicISO
2012-10-01 23:25 . 2012-10-01 23:25 -------- d-----w- c:\users\Rajana\AppData\Roaming\PowerISO
2012-10-01 23:24 . 2012-10-01 23:25 -------- d-----w- c:\program files\PowerISO
2012-09-29 03:16 . 2012-09-29 03:16 -------- d-----w- c:\users\Rajana\AppData\Local\LogMeIn
2012-09-29 03:16 . 2012-07-05 22:10 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-09-29 03:16 . 2012-07-05 22:09 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-09-29 03:16 . 2012-07-05 22:09 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-09-29 03:16 . 2012-06-08 16:06 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-09-29 03:16 . 2012-07-05 22:09 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-09-29 03:15 . 2012-10-07 02:02 -------- d-----w- c:\programdata\LogMeIn
2012-09-29 03:15 . 2012-09-29 03:16 -------- d-----w- c:\program files\LogMeIn
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 07:57 . 2012-08-24 07:57 113104 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-08-23 14:42 . 2012-05-17 17:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-23 14:42 . 2011-06-13 22:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-10-14 01:31 . 2012-07-04 03:23 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-16 279144]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-06-08 63048]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-08-24 336992]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
c:\users\Rajana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-10-1 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Rajana\Desktop\New Folder (2)\Run\a2ddax86.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 19:27]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 02:24]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 02:24]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902343273-2779975327-866198680-1000Core.job
- c:\users\Rajana\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 02:27]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902343273-2779975327-866198680-1000UA.job
- c:\users\Rajana\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 02:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Rajana\AppData\Roaming\Mozilla\Firefox\Profiles\2ecx74ay.default\
FF - prefs.js: browser.startup.homepage - google.ca
FF - ExtSQL: !HIDDEN! 2011-01-13 21:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-22 22:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG10\avgchsvx.exe
c:\program files\AVG\AVG10\avgrsx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-10-22 22:56:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-23 02:56
.
Pre-Run: 148,902,105,088 bytes free
Post-Run: 151,516,872,704 bytes free
.
- - End Of File - - 0A97D8C7584A8DF81D396FECBDFE0B03

#10 Nimalan Somu

Nimalan Somu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 22 October 2012 - 10:04 PM

Hi, didn't have any problem except that legal issue came on and i restarted the computer and now its fine. The system seems like operating as the way it did before. Thank you for your help.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:48 AM

Posted 23 October 2012 - 01:19 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Nimalan Somu

Nimalan Somu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 25 October 2012 - 07:55 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-25 20:29:17
-----------------------------
20:29:17.021 OS Version: Windows 6.0.6002 Service Pack 2
20:29:17.021 Number of processors: 2 586 0x1706
20:29:17.021 ComputerName: RAJANA-PC UserName: Rajana
20:29:21.420 Initialize success
20:31:00.206 AVAST engine defs: 12102502
20:41:17.684 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:41:17.684 Disk 0 Vendor: ST932042 0002 Size: 305245MB BusType: 3
20:41:17.699 Disk 0 MBR read successfully
20:41:17.699 Disk 0 MBR scan
20:41:17.699 Disk 0 Windows VISTA default MBR code
20:41:17.715 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
20:41:17.715 Disk 0 scanning sectors +625139712
20:41:17.809 Disk 0 scanning C:\Windows\system32\drivers
20:41:29.181 Service scanning
20:41:50.787 Modules scanning
20:41:55.358 Disk 0 trace - called modules:
20:41:55.389 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:41:55.389 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867bf030]
20:41:55.405 3 CLASSPNP.SYS[8adcb8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85d8b030]
20:41:58.681 AVAST engine scan C:\Windows
20:42:01.988 AVAST engine scan C:\Windows\system32
20:45:29.302 AVAST engine scan C:\Windows\system32\drivers
20:45:43.451 AVAST engine scan C:\Users\Rajana
20:51:36.727 Disk 0 MBR has been saved successfully to "C:\Users\Rajana\Desktop\MBR.dat"
20:51:36.759 The log file has been saved successfully to "C:\Users\Rajana\Desktop\aswMBR.txt"

#13 Nimalan Somu

Nimalan Somu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 25 October 2012 - 07:57 PM

20:56:10.0569 3280 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
20:56:10.0694 3280 ============================================================
20:56:10.0694 3280 Current date / time: 2012/10/25 20:56:10.0694
20:56:10.0694 3280 SystemInfo:
20:56:10.0694 3280
20:56:10.0709 3280 OS Version: 6.0.6002 ServicePack: 2.0
20:56:10.0709 3280 Product type: Workstation
20:56:10.0709 3280 ComputerName: RAJANA-PC
20:56:10.0709 3280 UserName: Rajana
20:56:10.0709 3280 Windows directory: C:\Windows
20:56:10.0709 3280 System windows directory: C:\Windows
20:56:10.0709 3280 Processor architecture: Intel x86
20:56:10.0709 3280 Number of processors: 2
20:56:10.0709 3280 Page size: 0x1000
20:56:10.0709 3280 Boot type: Normal boot
20:56:10.0709 3280 ============================================================
20:56:11.0115 3280 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:56:11.0130 3280 ============================================================
20:56:11.0130 3280 \Device\Harddisk0\DR0:
20:56:11.0130 3280 MBR partitions:
20:56:11.0130 3280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
20:56:11.0130 3280 ============================================================
20:56:11.0177 3280 C: <-> \Device\Harddisk0\DR0\Partition1
20:56:11.0177 3280 ============================================================
20:56:11.0177 3280 Initialize success
20:56:11.0177 3280 ============================================================
20:56:12.0737 3072 ============================================================
20:56:12.0737 3072 Scan started
20:56:12.0737 3072 Mode: Manual;
20:56:12.0737 3072 ============================================================
20:56:13.0502 3072 ================ Scan system memory ========================
20:56:13.0502 3072 System memory - ok
20:56:13.0502 3072 ================ Scan services =============================
20:56:13.0658 3072 A2DDA - ok
20:56:13.0782 3072 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:56:13.0782 3072 ACPI - ok
20:56:13.0829 3072 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:56:13.0829 3072 AdobeARMservice - ok
20:56:13.0892 3072 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:56:13.0892 3072 AdobeFlashPlayerUpdateSvc - ok
20:56:13.0938 3072 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:56:13.0938 3072 adp94xx - ok
20:56:13.0970 3072 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:56:13.0970 3072 adpahci - ok
20:56:14.0001 3072 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:56:14.0001 3072 adpu160m - ok
20:56:14.0032 3072 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:56:14.0032 3072 adpu320 - ok
20:56:14.0079 3072 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:56:14.0079 3072 AeLookupSvc - ok
20:56:14.0126 3072 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
20:56:14.0126 3072 AFD - ok
20:56:14.0157 3072 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:56:14.0157 3072 agp440 - ok
20:56:14.0172 3072 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:56:14.0172 3072 aic78xx - ok
20:56:14.0188 3072 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
20:56:14.0188 3072 ALG - ok
20:56:14.0219 3072 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
20:56:14.0219 3072 aliide - ok
20:56:14.0250 3072 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:56:14.0250 3072 amdagp - ok
20:56:14.0266 3072 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
20:56:14.0266 3072 amdide - ok
20:56:14.0282 3072 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:56:14.0282 3072 AmdK7 - ok
20:56:14.0297 3072 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:56:14.0297 3072 AmdK8 - ok
20:56:14.0328 3072 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
20:56:14.0328 3072 Appinfo - ok
20:56:14.0406 3072 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:56:14.0406 3072 Apple Mobile Device - ok
20:56:14.0453 3072 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
20:56:14.0453 3072 AppMgmt - ok
20:56:14.0469 3072 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
20:56:14.0469 3072 arc - ok
20:56:14.0500 3072 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:56:14.0500 3072 arcsas - ok
20:56:14.0516 3072 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:56:14.0516 3072 AsyncMac - ok
20:56:14.0531 3072 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
20:56:14.0531 3072 atapi - ok
20:56:14.0562 3072 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:56:14.0578 3072 AudioEndpointBuilder - ok
20:56:14.0594 3072 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:56:14.0594 3072 Audiosrv - ok
20:56:14.0703 3072 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
20:56:14.0703 3072 AVG Security Toolbar Service - ok
20:56:14.0718 3072 [ D30B785AB801A0E2B0AD922D66F971F3 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6x.sys
20:56:14.0718 3072 Avgfwfd - ok
20:56:14.0781 3072 [ 2F0C5AE2352F22B587EDC2829C971262 ] avgfws C:\Program Files\AVG\AVG10\avgfws.exe
20:56:14.0796 3072 avgfws - ok
20:56:14.0952 3072 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
20:56:14.0999 3072 AVGIDSAgent - ok
20:56:15.0030 3072 [ 1C8D965BBCAA9EE5DEFDB54743437086 ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
20:56:15.0030 3072 AVGIDSDriver - ok
20:56:15.0046 3072 [ C59C9BC3F0612BD207CCDC5D8CB9CE39 ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:56:15.0046 3072 AVGIDSEH - ok
20:56:15.0062 3072 [ C5559DE2EC66CEDE15A1664F6D183D8E ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
20:56:15.0062 3072 AVGIDSFilter - ok
20:56:15.0077 3072 [ AE5E9667FA40206796D1BD5BD0427A8A ] AVGIDSShim C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
20:56:15.0077 3072 AVGIDSShim - ok
20:56:15.0108 3072 [ 4E796D3D2C3182B13B3E3B5A2AD4EF0A ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
20:56:15.0124 3072 Avgldx86 - ok
20:56:15.0140 3072 [ 5639DE66B37D02BD22DF4CF3155FBA60 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
20:56:15.0140 3072 Avgmfx86 - ok
20:56:15.0140 3072 [ D1BAF652EDA0AE70896276A1FB32C2D4 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
20:56:15.0140 3072 Avgrkx86 - ok
20:56:15.0171 3072 [ AAF0EBCAD95F2164CFFB544E00392498 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
20:56:15.0171 3072 Avgtdix - ok
20:56:15.0202 3072 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files\AVG\AVG10\avgwdsvc.exe
20:56:15.0202 3072 avgwd - ok
20:56:15.0233 3072 [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:56:15.0233 3072 b57nd60x - ok
20:56:15.0264 3072 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
20:56:15.0264 3072 Beep - ok
20:56:15.0311 3072 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
20:56:15.0327 3072 BFE - ok
20:56:15.0358 3072 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
20:56:15.0374 3072 BITS - ok
20:56:15.0405 3072 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:56:15.0405 3072 blbdrive - ok
20:56:15.0483 3072 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:56:15.0483 3072 Bonjour Service - ok
20:56:15.0514 3072 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:56:15.0514 3072 bowser - ok
20:56:15.0514 3072 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:56:15.0514 3072 BrFiltLo - ok
20:56:15.0530 3072 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:56:15.0530 3072 BrFiltUp - ok
20:56:15.0561 3072 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
20:56:15.0561 3072 Browser - ok
20:56:15.0576 3072 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:56:15.0576 3072 Brserid - ok
20:56:15.0608 3072 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:56:15.0608 3072 BrSerWdm - ok
20:56:15.0623 3072 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:56:15.0623 3072 BrUsbMdm - ok
20:56:15.0639 3072 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:56:15.0639 3072 BrUsbSer - ok
20:56:15.0654 3072 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
20:56:15.0654 3072 BthEnum - ok
20:56:15.0686 3072 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:56:15.0686 3072 BTHMODEM - ok
20:56:15.0701 3072 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:56:15.0701 3072 BthPan - ok
20:56:15.0748 3072 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
20:56:15.0748 3072 BTHPORT - ok
20:56:15.0795 3072 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
20:56:15.0795 3072 BthServ - ok
20:56:15.0810 3072 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
20:56:15.0810 3072 BTHUSB - ok
20:56:15.0826 3072 catchme - ok
20:56:15.0842 3072 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:56:15.0842 3072 cdfs - ok
20:56:15.0857 3072 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:56:15.0857 3072 cdrom - ok
20:56:15.0873 3072 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
20:56:15.0873 3072 CertPropSvc - ok
20:56:15.0904 3072 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
20:56:15.0904 3072 circlass - ok
20:56:15.0920 3072 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
20:56:15.0920 3072 CLFS - ok
20:56:16.0123 3072 [ 4C6406CF07D4EBB70C5774D55C6688FB ] CLHNServiceForPowerDVD12 C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
20:56:16.0123 3072 CLHNServiceForPowerDVD12 - ok
20:56:16.0201 3072 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:56:16.0201 3072 clr_optimization_v2.0.50727_32 - ok
20:56:16.0264 3072 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:56:16.0264 3072 clr_optimization_v4.0.30319_32 - ok
20:56:16.0279 3072 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:56:16.0279 3072 CmBatt - ok
20:56:16.0311 3072 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:56:16.0311 3072 cmdide - ok
20:56:16.0342 3072 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:56:16.0342 3072 Compbatt - ok
20:56:16.0357 3072 COMSysApp - ok
20:56:16.0389 3072 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:56:16.0389 3072 crcdisk - ok
20:56:16.0404 3072 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:56:16.0404 3072 Crusoe - ok
20:56:16.0451 3072 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:56:16.0451 3072 CryptSvc - ok
20:56:16.0482 3072 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
20:56:16.0482 3072 CSC - ok
20:56:16.0513 3072 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
20:56:16.0513 3072 CscService - ok
20:56:16.0607 3072 [ EA22BCA708B37B82ADEBC822A171B92E ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
20:56:16.0623 3072 CyberLink PowerDVD 12 Media Server Monitor Service - ok
20:56:16.0638 3072 [ 3168D2F171A64590E7A11355CAE60A1E ] CyberLink PowerDVD 12 Media Server Service C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
20:56:16.0654 3072 CyberLink PowerDVD 12 Media Server Service - ok
20:56:16.0685 3072 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:56:16.0685 3072 DcomLaunch - ok
20:56:16.0747 3072 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:56:16.0747 3072 DfsC - ok
20:56:16.0794 3072 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
20:56:16.0810 3072 DFSR - ok
20:56:16.0872 3072 [ 919F338FD36F47D860775368D0748780 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
20:56:16.0872 3072 dg_ssudbus - ok
20:56:16.0903 3072 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:56:16.0903 3072 Dhcp - ok
20:56:16.0919 3072 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
20:56:16.0919 3072 disk - ok
20:56:16.0981 3072 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:56:16.0981 3072 Dnscache - ok
20:56:16.0997 3072 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:56:16.0997 3072 dot3svc - ok
20:56:17.0014 3072 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
20:56:17.0014 3072 DPS - ok
20:56:17.0032 3072 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:56:17.0033 3072 drmkaud - ok
20:56:17.0083 3072 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:56:17.0083 3072 DXGKrnl - ok
20:56:17.0114 3072 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:56:17.0114 3072 E1G60 - ok
20:56:17.0161 3072 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
20:56:17.0161 3072 EapHost - ok
20:56:17.0161 3072 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
20:56:17.0161 3072 Ecache - ok
20:56:17.0223 3072 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:56:17.0223 3072 ehRecvr - ok
20:56:17.0239 3072 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
20:56:17.0239 3072 ehSched - ok
20:56:17.0255 3072 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
20:56:17.0255 3072 ehstart - ok
20:56:17.0270 3072 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:56:17.0270 3072 elxstor - ok
20:56:17.0317 3072 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:56:17.0317 3072 EMDMgmt - ok
20:56:17.0333 3072 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:56:17.0333 3072 ErrDev - ok
20:56:17.0364 3072 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
20:56:17.0364 3072 EventSystem - ok
20:56:17.0489 3072 [ E71B03FF6B819AE1A286AA27E956D523 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:56:17.0489 3072 EvtEng - ok
20:56:17.0520 3072 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
20:56:17.0520 3072 exfat - ok
20:56:17.0567 3072 [ 0DD24DABB0B8C4AC0D8F2EBF0492276A ] fanio C:\Windows\system32\drivers\fanio.sys
20:56:17.0567 3072 fanio - ok
20:56:17.0582 3072 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:56:17.0582 3072 fastfat - ok
20:56:17.0613 3072 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
20:56:17.0613 3072 Fax - ok
20:56:17.0645 3072 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:56:17.0645 3072 fdc - ok
20:56:17.0660 3072 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
20:56:17.0660 3072 fdPHost - ok
20:56:17.0676 3072 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
20:56:17.0676 3072 FDResPub - ok
20:56:17.0691 3072 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:56:17.0691 3072 FileInfo - ok
20:56:17.0707 3072 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:56:17.0707 3072 Filetrace - ok
20:56:17.0754 3072 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:56:17.0754 3072 flpydisk - ok
20:56:17.0769 3072 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:56:17.0769 3072 FltMgr - ok
20:56:17.0816 3072 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
20:56:17.0816 3072 FontCache - ok
20:56:17.0863 3072 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:56:17.0879 3072 FontCache3.0.0.0 - ok
20:56:17.0925 3072 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:56:17.0925 3072 Fs_Rec - ok
20:56:17.0941 3072 [ FECF4C2E42440A8D132BF94EEE3C3FC9 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:56:17.0941 3072 fvevol - ok
20:56:17.0957 3072 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:56:17.0957 3072 gagp30kx - ok
20:56:17.0988 3072 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:56:17.0988 3072 GEARAspiWDM - ok
20:56:18.0019 3072 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
20:56:18.0035 3072 gpsvc - ok
20:56:18.0113 3072 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:56:18.0113 3072 gupdate - ok
20:56:18.0128 3072 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:56:18.0128 3072 gupdatem - ok
20:56:18.0191 3072 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
20:56:18.0191 3072 hamachi - ok
20:56:18.0347 3072 [ DA1B48FDE74125128D0D846A3701D344 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
20:56:18.0347 3072 Hamachi2Svc - ok
20:56:18.0378 3072 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:56:18.0378 3072 HdAudAddService - ok
20:56:18.0425 3072 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:56:18.0425 3072 HDAudBus - ok
20:56:18.0456 3072 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:56:18.0456 3072 HidBth - ok
20:56:18.0471 3072 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:56:18.0471 3072 HidIr - ok
20:56:18.0518 3072 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
20:56:18.0518 3072 hidserv - ok
20:56:18.0534 3072 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:56:18.0534 3072 HidUsb - ok
20:56:18.0565 3072 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:56:18.0565 3072 hkmsvc - ok
20:56:18.0581 3072 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:56:18.0581 3072 HpCISSs - ok
20:56:18.0612 3072 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:56:18.0612 3072 HTTP - ok
20:56:18.0643 3072 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:56:18.0643 3072 i2omp - ok
20:56:18.0674 3072 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:56:18.0674 3072 i8042prt - ok
20:56:18.0721 3072 [ 2328A1AFBEF284674B937A51C2CF18DF ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:56:18.0721 3072 IAANTMON - ok
20:56:18.0752 3072 [ 5DF93509037399B53D3ECAA8A67B6C58 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:56:18.0752 3072 iaStor - ok
20:56:18.0783 3072 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:56:18.0783 3072 iaStorV - ok
20:56:18.0846 3072 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:56:18.0861 3072 idsvc - ok
20:56:18.0893 3072 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:56:18.0893 3072 iirsp - ok
20:56:18.0924 3072 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
20:56:18.0924 3072 IKEEXT - ok
20:56:18.0939 3072 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
20:56:18.0939 3072 intelide - ok
20:56:18.0955 3072 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:56:18.0955 3072 intelppm - ok
20:56:18.0986 3072 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:56:18.0986 3072 IPBusEnum - ok
20:56:19.0002 3072 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:56:19.0002 3072 IpFilterDriver - ok
20:56:19.0064 3072 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:56:19.0064 3072 iphlpsvc - ok
20:56:19.0064 3072 IpInIp - ok
20:56:19.0080 3072 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:56:19.0080 3072 IPMIDRV - ok
20:56:19.0127 3072 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:56:19.0127 3072 IPNAT - ok
20:56:19.0205 3072 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:56:19.0205 3072 iPod Service - ok
20:56:19.0220 3072 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:56:19.0220 3072 IRENUM - ok
20:56:19.0236 3072 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:56:19.0236 3072 isapnp - ok
20:56:19.0267 3072 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:56:19.0267 3072 iScsiPrt - ok
20:56:19.0298 3072 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:56:19.0298 3072 iteatapi - ok
20:56:19.0314 3072 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:56:19.0314 3072 iteraid - ok
20:56:19.0329 3072 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:56:19.0329 3072 kbdclass - ok
20:56:19.0361 3072 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:56:19.0361 3072 kbdhid - ok
20:56:19.0407 3072 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
20:56:19.0407 3072 KeyIso - ok
20:56:19.0470 3072 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:56:19.0470 3072 KSecDD - ok
20:56:19.0501 3072 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:56:19.0501 3072 KtmRm - ok
20:56:19.0532 3072 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
20:56:19.0532 3072 LanmanServer - ok
20:56:19.0548 3072 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:56:19.0548 3072 LanmanWorkstation - ok
20:56:19.0595 3072 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:56:19.0595 3072 lltdio - ok
20:56:19.0626 3072 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:56:19.0626 3072 lltdsvc - ok
20:56:19.0641 3072 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:56:19.0641 3072 lmhosts - ok
20:56:19.0719 3072 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
20:56:19.0719 3072 LMIGuardianSvc - ok
20:56:19.0719 3072 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
20:56:19.0719 3072 LMIInfo - ok
20:56:19.0751 3072 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
20:56:19.0766 3072 LMIMaint - ok
20:56:19.0782 3072 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
20:56:19.0782 3072 lmimirr - ok
20:56:19.0813 3072 LMIRfsClientNP - ok
20:56:19.0829 3072 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
20:56:19.0829 3072 LMIRfsDriver - ok
20:56:19.0844 3072 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
20:56:19.0844 3072 LogMeIn - ok
20:56:19.0875 3072 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:56:19.0875 3072 LSI_FC - ok
20:56:19.0922 3072 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:56:19.0938 3072 LSI_SAS - ok
20:56:19.0953 3072 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:56:19.0953 3072 LSI_SCSI - ok
20:56:19.0969 3072 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
20:56:19.0969 3072 luafv - ok
20:56:20.0000 3072 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
20:56:20.0000 3072 mcdbus - ok
20:56:20.0031 3072 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:56:20.0031 3072 Mcx2Svc - ok
20:56:20.0047 3072 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
20:56:20.0047 3072 megasas - ok
20:56:20.0078 3072 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:56:20.0078 3072 MegaSR - ok
20:56:20.0094 3072 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
20:56:20.0094 3072 MMCSS - ok
20:56:20.0109 3072 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
20:56:20.0109 3072 Modem - ok
20:56:20.0125 3072 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:56:20.0125 3072 monitor - ok
20:56:20.0125 3072 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:56:20.0125 3072 mouclass - ok
20:56:20.0141 3072 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:56:20.0141 3072 mouhid - ok
20:56:20.0141 3072 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:56:20.0141 3072 MountMgr - ok
20:56:20.0187 3072 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:56:20.0187 3072 MozillaMaintenance - ok
20:56:20.0219 3072 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
20:56:20.0219 3072 mpio - ok
20:56:20.0250 3072 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:56:20.0250 3072 mpsdrv - ok
20:56:20.0281 3072 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
20:56:20.0297 3072 MpsSvc - ok
20:56:20.0312 3072 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:56:20.0312 3072 Mraid35x - ok
20:56:20.0328 3072 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:56:20.0328 3072 MRxDAV - ok
20:56:20.0375 3072 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:56:20.0375 3072 mrxsmb - ok
20:56:20.0406 3072 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:56:20.0406 3072 mrxsmb10 - ok
20:56:20.0453 3072 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:56:20.0453 3072 mrxsmb20 - ok
20:56:20.0453 3072 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
20:56:20.0453 3072 msahci - ok
20:56:20.0499 3072 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:56:20.0499 3072 msdsm - ok
20:56:20.0515 3072 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
20:56:20.0515 3072 MSDTC - ok
20:56:20.0546 3072 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:56:20.0546 3072 Msfs - ok
20:56:20.0546 3072 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:56:20.0546 3072 msisadrv - ok
20:56:20.0577 3072 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:56:20.0577 3072 MSiSCSI - ok
20:56:20.0577 3072 msiserver - ok
20:56:20.0609 3072 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:56:20.0609 3072 MSKSSRV - ok
20:56:20.0609 3072 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:56:20.0609 3072 MSPCLOCK - ok
20:56:20.0640 3072 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:56:20.0640 3072 MSPQM - ok
20:56:20.0655 3072 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:56:20.0655 3072 MsRPC - ok
20:56:20.0671 3072 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:56:20.0671 3072 mssmbios - ok
20:56:20.0687 3072 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:56:20.0687 3072 MSTEE - ok
20:56:20.0687 3072 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
20:56:20.0687 3072 Mup - ok
20:56:20.0718 3072 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
20:56:20.0718 3072 napagent - ok
20:56:20.0765 3072 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:56:20.0765 3072 NativeWifiP - ok
20:56:20.0843 3072 [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
20:56:20.0858 3072 NAUpdate - ok
20:56:20.0889 3072 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:56:20.0889 3072 NDIS - ok
20:56:20.0889 3072 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:56:20.0889 3072 NdisTapi - ok
20:56:20.0905 3072 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:56:20.0905 3072 Ndisuio - ok
20:56:20.0921 3072 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:56:20.0921 3072 NdisWan - ok
20:56:20.0936 3072 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:56:20.0936 3072 NDProxy - ok
20:56:20.0952 3072 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:56:20.0952 3072 NetBIOS - ok
20:56:20.0967 3072 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:56:20.0967 3072 netbt - ok
20:56:20.0983 3072 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
20:56:20.0983 3072 Netlogon - ok
20:56:21.0030 3072 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
20:56:21.0030 3072 Netman - ok
20:56:21.0045 3072 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
20:56:21.0045 3072 netprofm - ok
20:56:21.0077 3072 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:56:21.0077 3072 NetTcpPortSharing - ok
20:56:21.0139 3072 [ DD194A025D1C0472F45F57DE8D8388EB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
20:56:21.0155 3072 NETw4v32 - ok
20:56:21.0186 3072 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:56:21.0186 3072 nfrd960 - ok
20:56:21.0217 3072 [ 4BADAF74D1633B84E195038A52297DC2 ] nicconfigsvc C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
20:56:21.0217 3072 nicconfigsvc - ok
20:56:21.0233 3072 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:56:21.0233 3072 NlaSvc - ok
20:56:21.0264 3072 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:56:21.0264 3072 Npfs - ok
20:56:21.0264 3072 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
20:56:21.0264 3072 nsi - ok
20:56:21.0279 3072 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:56:21.0295 3072 nsiproxy - ok
20:56:21.0326 3072 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:56:21.0326 3072 Ntfs - ok
20:56:21.0420 3072 [ 4A6A8C2882EA29F7CAE995E82C259EEB ] ntk_PowerDVD12 C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys
20:56:21.0420 3072 ntk_PowerDVD12 - ok
20:56:21.0451 3072 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:56:21.0451 3072 ntrigdigi - ok
20:56:21.0467 3072 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
20:56:21.0467 3072 Null - ok
20:56:21.0669 3072 [ BD409DE5681C74C1DE51D72427DC202D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:56:21.0732 3072 nvlddmkm - ok
20:56:21.0763 3072 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:56:21.0763 3072 nvraid - ok
20:56:21.0779 3072 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:56:21.0779 3072 nvstor - ok
20:56:21.0794 3072 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:56:21.0794 3072 nv_agp - ok
20:56:21.0810 3072 NwlnkFlt - ok
20:56:21.0810 3072 NwlnkFwd - ok
20:56:21.0903 3072 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:56:21.0903 3072 odserv - ok
20:56:21.0935 3072 [ 19CAC780B858822055F46C58A111723C ] OEM02Dev C:\Windows\system32\DRIVERS\OEM02Dev.sys
20:56:21.0935 3072 OEM02Dev - ok
20:56:21.0950 3072 [ 86326062A90494BDD79CE383511D7D69 ] OEM02Vfx C:\Windows\system32\DRIVERS\OEM02Vfx.sys
20:56:21.0950 3072 OEM02Vfx - ok
20:56:22.0028 3072 [ CD85DD531C2FC085108AEBC047072476 ] OemBiosDevice C:\Windows\system32\drivers\royal.sys
20:56:22.0028 3072 OemBiosDevice - ok
20:56:22.0044 3072 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:56:22.0044 3072 ohci1394 - ok
20:56:22.0106 3072 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:56:22.0122 3072 ose - ok
20:56:22.0169 3072 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:56:22.0169 3072 p2pimsvc - ok
20:56:22.0184 3072 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
20:56:22.0200 3072 p2psvc - ok
20:56:22.0201 3072 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
20:56:22.0201 3072 Parport - ok
20:56:22.0279 3072 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:56:22.0279 3072 partmgr - ok
20:56:22.0310 3072 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:56:22.0310 3072 Parvdm - ok
20:56:22.0341 3072 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
20:56:22.0341 3072 PcaSvc - ok
20:56:22.0372 3072 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
20:56:22.0372 3072 pci - ok
20:56:22.0388 3072 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
20:56:22.0388 3072 pciide - ok
20:56:22.0404 3072 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:56:22.0404 3072 pcmcia - ok
20:56:22.0435 3072 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:56:22.0450 3072 PEAUTH - ok
20:56:22.0497 3072 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
20:56:22.0513 3072 pla - ok
20:56:22.0544 3072 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:56:22.0544 3072 PlugPlay - ok
20:56:22.0575 3072 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:56:22.0575 3072 PNRPAutoReg - ok
20:56:22.0591 3072 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:56:22.0591 3072 PNRPsvc - ok
20:56:22.0622 3072 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:56:22.0622 3072 PolicyAgent - ok
20:56:22.0638 3072 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:56:22.0638 3072 PptpMiniport - ok
20:56:22.0653 3072 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
20:56:22.0653 3072 Processor - ok
20:56:22.0684 3072 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
20:56:22.0684 3072 ProfSvc - ok
20:56:22.0700 3072 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:56:22.0700 3072 ProtectedStorage - ok
20:56:22.0731 3072 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:56:22.0731 3072 PSched - ok
20:56:22.0809 3072 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
20:56:22.0809 3072 PxHelp20 - ok
20:56:22.0856 3072 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:56:22.0856 3072 ql2300 - ok
20:56:22.0887 3072 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:56:22.0887 3072 ql40xx - ok
20:56:22.0918 3072 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
20:56:22.0918 3072 QWAVE - ok
20:56:22.0934 3072 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:56:22.0934 3072 QWAVEdrv - ok
20:56:22.0950 3072 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:56:22.0950 3072 RasAcd - ok
20:56:22.0965 3072 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
20:56:22.0965 3072 RasAuto - ok
20:56:22.0981 3072 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:56:22.0981 3072 Rasl2tp - ok
20:56:22.0982 3072 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
20:56:23.0013 3072 RasMan - ok
20:56:23.0029 3072 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:56:23.0029 3072 RasPppoe - ok
20:56:23.0044 3072 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:56:23.0044 3072 RasSstp - ok
20:56:23.0075 3072 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:56:23.0075 3072 rdbss - ok
20:56:23.0091 3072 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:56:23.0091 3072 RDPCDD - ok
20:56:23.0107 3072 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
20:56:23.0107 3072 rdpdr - ok
20:56:23.0122 3072 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:56:23.0122 3072 RDPENCDD - ok
20:56:23.0153 3072 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:56:23.0153 3072 RDPWD - ok
20:56:23.0185 3072 [ 2CF574D0965F58E514A2DC94114D7ECA ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:56:23.0185 3072 RegSrvc - ok
20:56:23.0247 3072 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:56:23.0247 3072 RemoteAccess - ok
20:56:23.0278 3072 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:56:23.0278 3072 RemoteRegistry - ok
20:56:23.0309 3072 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:56:23.0309 3072 RFCOMM - ok
20:56:23.0341 3072 [ EA885E7A56F1BE1F14C372337C42FE48 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
20:56:23.0341 3072 rimmptsk - ok
20:56:23.0341 3072 [ D7E09BC852684A7B1FC0F74FE090D45A ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
20:56:23.0341 3072 rimsptsk - ok
20:56:23.0387 3072 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
20:56:23.0403 3072 RimUsb - ok
20:56:23.0434 3072 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
20:56:23.0434 3072 RimVSerPort - ok
20:56:23.0450 3072 [ B0A7494A9BA7909EFAC64E05D3F160DB ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
20:56:23.0450 3072 rismxdp - ok
20:56:23.0465 3072 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
20:56:23.0465 3072 ROOTMODEM - ok
20:56:23.0637 3072 [ FDED778DAF09235E4580F1B9046946B6 ] RoxLiveShare10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
20:56:23.0637 3072 RoxLiveShare10 - ok
20:56:23.0699 3072 [ E054A2CAF0E2A55C9AAC0BF1CCC558A5 ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
20:56:23.0699 3072 RoxMediaDB10 - ok
20:56:23.0746 3072 [ C75FDA9AB3314E555123673E08F9D86D ] RoxWatch10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
20:56:23.0746 3072 RoxWatch10 - ok
20:56:23.0777 3072 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
20:56:23.0777 3072 RpcLocator - ok
20:56:23.0793 3072 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
20:56:23.0809 3072 RpcSs - ok
20:56:23.0809 3072 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:56:23.0809 3072 rspndr - ok
20:56:23.0824 3072 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
20:56:23.0824 3072 SamSs - ok
20:56:23.0840 3072 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:56:23.0840 3072 sbp2port - ok
20:56:23.0855 3072 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:56:23.0871 3072 SCardSvr - ok
20:56:23.0918 3072 [ BC7C602A9202429D37CCD07E7EBB6404 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
20:56:23.0918 3072 SCDEmu - ok
20:56:23.0949 3072 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
20:56:23.0949 3072 Schedule - ok
20:56:23.0965 3072 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:56:23.0965 3072 SCPolicySvc - ok
20:56:24.0011 3072 [ 54196CDAC7E1D81D71C652E100B99E77 ] ScsiAccess C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
20:56:24.0011 3072 ScsiAccess - ok
20:56:24.0027 3072 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:56:24.0027 3072 sdbus - ok
20:56:24.0058 3072 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:56:24.0058 3072 SDRSVC - ok
20:56:24.0074 3072 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:56:24.0074 3072 secdrv - ok
20:56:24.0089 3072 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
20:56:24.0089 3072 seclogon - ok
20:56:24.0105 3072 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
20:56:24.0105 3072 SENS - ok
20:56:24.0121 3072 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:56:24.0136 3072 Serenum - ok
20:56:24.0152 3072 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
20:56:24.0152 3072 Serial - ok
20:56:24.0167 3072 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:56:24.0167 3072 sermouse - ok
20:56:24.0214 3072 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
20:56:24.0214 3072 SessionEnv - ok
20:56:24.0230 3072 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:56:24.0230 3072 sffdisk - ok
20:56:24.0245 3072 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:56:24.0245 3072 sffp_mmc - ok
20:56:24.0277 3072 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:56:24.0277 3072 sffp_sd - ok
20:56:24.0292 3072 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:56:24.0292 3072 sfloppy - ok
20:56:24.0355 3072 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:56:24.0355 3072 SharedAccess - ok
20:56:24.0386 3072 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:56:24.0386 3072 ShellHWDetection - ok
20:56:24.0401 3072 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:56:24.0401 3072 sisagp - ok
20:56:24.0417 3072 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:56:24.0417 3072 SiSRaid2 - ok
20:56:24.0433 3072 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:56:24.0433 3072 SiSRaid4 - ok
20:56:24.0542 3072 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:56:24.0542 3072 SkypeUpdate - ok
20:56:24.0620 3072 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
20:56:24.0651 3072 slsvc - ok
20:56:24.0667 3072 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:56:24.0682 3072 SLUINotify - ok
20:56:24.0698 3072 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:56:24.0698 3072 Smb - ok
20:56:24.0729 3072 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:56:24.0729 3072 SNMPTRAP - ok
20:56:24.0745 3072 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
20:56:24.0745 3072 spldr - ok
20:56:24.0776 3072 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
20:56:24.0776 3072 Spooler - ok
20:56:24.0791 3072 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:56:24.0807 3072 srv - ok
20:56:24.0854 3072 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:56:24.0854 3072 srv2 - ok
20:56:24.0854 3072 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:56:24.0854 3072 srvnet - ok
20:56:24.0869 3072 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:56:24.0885 3072 SSDPSRV - ok
20:56:24.0885 3072 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:56:24.0901 3072 SstpSvc - ok
20:56:24.0947 3072 [ 8F299012EF58246F1C98DE7B7E48DBF0 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
20:56:24.0947 3072 ssudmdm - ok
20:56:24.0994 3072 [ 8D01686AE82B466F4CD074F31F2942CA ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:56:24.0994 3072 Stereo Service - ok
20:56:25.0025 3072 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
20:56:25.0025 3072 stisvc - ok
20:56:25.0103 3072 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
20:56:25.0103 3072 stllssvr - ok
20:56:25.0119 3072 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:56:25.0119 3072 swenum - ok
20:56:25.0135 3072 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
20:56:25.0135 3072 swprv - ok
20:56:25.0166 3072 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:56:25.0166 3072 Symc8xx - ok
20:56:25.0166 3072 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:56:25.0166 3072 Sym_hi - ok
20:56:25.0181 3072 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:56:25.0197 3072 Sym_u3 - ok
20:56:25.0228 3072 [ 451E8037E2EB6DA6BDF0A66F65D1810B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:56:25.0228 3072 SynTP - ok
20:56:25.0259 3072 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
20:56:25.0259 3072 SysMain - ok
20:56:25.0291 3072 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:56:25.0291 3072 TabletInputService - ok
20:56:25.0322 3072 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:56:25.0322 3072 TapiSrv - ok
20:56:25.0337 3072 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
20:56:25.0337 3072 TBS - ok
20:56:25.0415 3072 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:56:25.0431 3072 Tcpip - ok
20:56:25.0447 3072 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:56:25.0462 3072 Tcpip6 - ok
20:56:25.0478 3072 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:56:25.0478 3072 tcpipreg - ok
20:56:25.0509 3072 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:56:25.0509 3072 TDPIPE - ok
20:56:25.0540 3072 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:56:25.0540 3072 TDTCP - ok
20:56:25.0556 3072 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:56:25.0556 3072 tdx - ok
20:56:25.0571 3072 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:56:25.0571 3072 TermDD - ok
20:56:25.0587 3072 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
20:56:25.0587 3072 TermService - ok
20:56:25.0618 3072 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
20:56:25.0618 3072 Themes - ok
20:56:25.0634 3072 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
20:56:25.0634 3072 THREADORDER - ok
20:56:25.0649 3072 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
20:56:25.0649 3072 TrkWks - ok
20:56:25.0696 3072 [ C11362058918CD38C8B8D3E265DA80F5 ] TrueSight C:\Windows\system32\drivers\TrueSight.sys
20:56:25.0696 3072 TrueSight - ok
20:56:25.0743 3072 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:56:25.0743 3072 TrustedInstaller - ok
20:56:25.0774 3072 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:56:25.0774 3072 tssecsrv - ok
20:56:25.0790 3072 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:56:25.0790 3072 tunmp - ok
20:56:25.0821 3072 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:56:25.0821 3072 tunnel - ok
20:56:25.0883 3072 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:56:25.0883 3072 uagp35 - ok
20:56:25.0899 3072 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:56:25.0899 3072 udfs - ok
20:56:25.0930 3072 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:56:25.0930 3072 UI0Detect - ok
20:56:25.0946 3072 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:56:25.0946 3072 uliagpkx - ok
20:56:25.0977 3072 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:56:25.0977 3072 uliahci - ok
20:56:25.0993 3072 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:56:25.0993 3072 UlSata - ok
20:56:26.0008 3072 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:56:26.0024 3072 ulsata2 - ok
20:56:26.0039 3072 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:56:26.0039 3072 umbus - ok
20:56:26.0086 3072 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
20:56:26.0086 3072 UmRdpService - ok
20:56:26.0102 3072 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
20:56:26.0102 3072 upnphost - ok
20:56:26.0133 3072 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:56:26.0133 3072 USBAAPL - ok
20:56:26.0164 3072 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:56:26.0164 3072 usbccgp - ok
20:56:26.0180 3072 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:56:26.0180 3072 usbcir - ok
20:56:26.0195 3072 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:56:26.0195 3072 usbehci - ok
20:56:26.0227 3072 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:56:26.0242 3072 usbhub - ok
20:56:26.0258 3072 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:56:26.0258 3072 usbohci - ok
20:56:26.0289 3072 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:56:26.0289 3072 usbprint - ok
20:56:26.0320 3072 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:56:26.0320 3072 usbscan - ok
20:56:26.0336 3072 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:56:26.0336 3072 USBSTOR - ok
20:56:26.0351 3072 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:56:26.0351 3072 usbuhci - ok
20:56:26.0367 3072 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:56:26.0367 3072 usbvideo - ok
20:56:26.0398 3072 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
20:56:26.0398 3072 UxSms - ok
20:56:26.0429 3072 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
20:56:26.0429 3072 vds - ok
20:56:26.0445 3072 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:56:26.0445 3072 vga - ok
20:56:26.0461 3072 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
20:56:26.0461 3072 VgaSave - ok
20:56:26.0476 3072 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:56:26.0476 3072 viaagp - ok
20:56:26.0507 3072 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:56:26.0507 3072 ViaC7 - ok
20:56:26.0523 3072 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
20:56:26.0523 3072 viaide - ok
20:56:26.0554 3072 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:56:26.0554 3072 volmgr - ok
20:56:26.0570 3072 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:56:26.0570 3072 volmgrx - ok
20:56:26.0585 3072 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:56:26.0585 3072 volsnap - ok
20:56:26.0601 3072 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:56:26.0601 3072 vsmraid - ok
20:56:26.0648 3072 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
20:56:26.0648 3072 VSS - ok
20:56:26.0695 3072 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
20:56:26.0710 3072 W32Time - ok
20:56:26.0726 3072 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:56:26.0726 3072 WacomPen - ok
20:56:26.0741 3072 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:56:26.0741 3072 Wanarp - ok
20:56:26.0741 3072 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:56:26.0741 3072 Wanarpv6 - ok
20:56:26.0773 3072 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
20:56:26.0788 3072 wbengine - ok
20:56:26.0804 3072 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:56:26.0804 3072 wcncsvc - ok
20:56:26.0835 3072 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:56:26.0835 3072 WcsPlugInService - ok
20:56:26.0851 3072 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
20:56:26.0851 3072 Wd - ok
20:56:26.0882 3072 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:56:26.0882 3072 Wdf01000 - ok
20:56:26.0897 3072 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:56:26.0897 3072 WdiServiceHost - ok
20:56:26.0897 3072 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:56:26.0897 3072 WdiSystemHost - ok
20:56:26.0944 3072 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
20:56:26.0944 3072 WebClient - ok
20:56:26.0960 3072 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:56:26.0960 3072 Wecsvc - ok
20:56:26.0975 3072 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:56:26.0975 3072 wercplsupport - ok
20:56:26.0991 3072 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
20:56:26.0991 3072 WerSvc - ok
20:56:27.0053 3072 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:56:27.0053 3072 WinDefend - ok
20:56:27.0053 3072 WinHttpAutoProxySvc - ok
20:56:27.0100 3072 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:56:27.0116 3072 Winmgmt - ok
20:56:27.0147 3072 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
20:56:27.0163 3072 WinRM - ok
20:56:27.0241 3072 [ 676F4B665BDD8053EAA53AC1695B8074 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
20:56:27.0241 3072 WinUSB - ok
20:56:27.0287 3072 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:56:27.0287 3072 Wlansvc - ok
20:56:27.0381 3072 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:56:27.0397 3072 wlidsvc - ok
20:56:27.0428 3072 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:56:27.0428 3072 WmiAcpi - ok
20:56:27.0443 3072 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:56:27.0443 3072 wmiApSrv - ok
20:56:27.0490 3072 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:56:27.0506 3072 WMPNetworkSvc - ok
20:56:27.0521 3072 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:56:27.0521 3072 WPCSvc - ok
20:56:27.0568 3072 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:56:27.0568 3072 WPDBusEnum - ok
20:56:27.0584 3072 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:56:27.0584 3072 WpdUsb - ok
20:56:27.0662 3072 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:56:27.0662 3072 WPFFontCache_v0400 - ok
20:56:27.0677 3072 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:56:27.0677 3072 ws2ifsl - ok
20:56:27.0709 3072 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
20:56:27.0709 3072 wscsvc - ok
20:56:27.0709 3072 WSearch - ok
20:56:27.0802 3072 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:56:27.0802 3072 wuauserv - ok
20:56:27.0849 3072 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:56:27.0849 3072 WUDFRd - ok
20:56:27.0865 3072 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:56:27.0880 3072 wudfsvc - ok
20:56:27.0880 3072 ================ Scan global ===============================
20:56:27.0927 3072 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:56:27.0989 3072 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:56:28.0005 3072 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:56:28.0036 3072 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
20:56:28.0036 3072 [Global] - ok
20:56:28.0036 3072 ================ Scan MBR ==================================
20:56:28.0052 3072 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:56:28.0489 3072 \Device\Harddisk0\DR0 - ok
20:56:28.0489 3072 ================ Scan VBR ==================================
20:56:28.0489 3072 [ 74A437C4944A2BB85A557E3659B9220D ] \Device\Harddisk0\DR0\Partition1
20:56:28.0504 3072 \Device\Harddisk0\DR0\Partition1 - ok
20:56:28.0504 3072 ============================================================
20:56:28.0504 3072 Scan finished
20:56:28.0504 3072 ============================================================
20:56:28.0504 3476 Detected object count: 0
20:56:28.0504 3476 Actual detected object count: 0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:48 AM

Posted 25 October 2012 - 08:42 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Edited by gringo_pr, 25 October 2012 - 08:43 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:48 AM

Posted 28 October 2012 - 12:08 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users