Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.0Access


  • This topic is locked This topic is locked
21 replies to this topic

#1 bcrs

bcrs

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 16 November 2012 - 06:28 PM

Hi,
I am having problems removing Rootkit.0Access. Or at least I believe that is what it is. I ran Malwarebytes and several of the deletions were of the following.

Trojan.lameshield
Trojan.0Access
Trojan.Happili
Rootkit.0Access

I tried running combofix and it finds stuff and deletes but I am still infected after reboot. I have ran TDSSKiller and it did not detect anything. Please Help!

bcrs

DDS file:

DDS (Ver_2012-11-07.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16450
Run by Security at 18:14:11 on 2012-11-16
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2004.1537 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 168.95.1.1
TCP: Interfaces\{6F0336B6-932A-426C-9830-14DE6714AE3E} : DHCPNameServer = 168.95.1.1
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\windows mail\WinMail.exe" OCInstallUserConfigOE
.
============= SERVICES / DRIVERS ===============
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-19 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-19 314456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-19 20568]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-19 55128]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-19 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-7-6 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-7-19 47640]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2010-5-31 71424]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2010-5-31 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-16 23:14:03 -------- d--h--w- c:\windows\PIF
2012-11-16 22:26:51 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-16 21:18:16 98816 ----a-w- c:\windows\sed.exe
2012-11-16 21:18:16 256000 ----a-w- c:\windows\PEV.exe
2012-11-16 21:18:16 208896 ----a-w- c:\windows\MBR.exe
2012-11-16 20:23:54 -------- d-----w- c:\users\security\appdata\roaming\Malwarebytes
2012-11-16 20:23:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 20:23:50 -------- d-----w- c:\programdata\Malwarebytes
2012-11-16 20:23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-15 09:41:03 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-11-13 07:14:47 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{242d2146-7b79-4a41-9c24-070a79a14424}\mpengine.dll
.
==================== Find3M ====================
.
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53:29 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 18:15:17.69 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:12 PM

Posted 16 November 2012 - 07:26 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bcrs

bcrs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 17 November 2012 - 12:39 PM

I am away from the computer right now but will proceed with instructions when I get back on monday.

thanks
bcrs

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:12 PM

Posted 17 November 2012 - 04:01 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bcrs

bcrs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 19 November 2012 - 08:26 AM

Here are the results:

Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 26
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````







# AdwCleaner v2.008 - Logfile created 11/19/2012 at 08:12:35
# Updated 17/11/2012 by Xplode
# Operating system : Windows Vista ™ Business Service Pack 2 (32 bits)
# User : Security - SECURITY01
# Boot Mode : Normal
# Running from : C:\Users\Security\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\iLivid.lnk

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKU\S-1-5-21-3391901600-977472433-1481657054-1120\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [991 octets] - [19/11/2012 08:12:35]

########## EOF - C:\AdwCleaner[S1].txt - [1050 octets] ##########






RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Security [Admin rights]
Mode : Scan -- Date : 11/19/2012 08:23:12

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160815AS ATA Device +++++
--- User ---
[MBR] 2a81750d1ea00e73559a4bab274ee275
[BSP] 309f752a4e6d8a1397311c24af3cea9d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 86 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 178176 | Size: 152499 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11192012_02d0823.txt >>
RKreport[1]_S_11192012_02d0823.txt



thanks
bcrs

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:12 PM

Posted 19 November 2012 - 04:06 PM

Hello bcrs

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bcrs

bcrs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 19 November 2012 - 05:23 PM

It seems the computer is running a little better.

Here is the combofix log:

ComboFix 12-11-19.02 - Security 11/19/2012 17:04:57.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2004.981 [GMT -5:00]
Running from: c:\users\Security\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))
.
.
2012-11-19 22:12 . 2012-11-19 22:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-11-19 22:12 . 2012-11-19 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-19 22:12 . 2012-11-19 22:12 -------- d-----w- c:\users\Balsam\AppData\Local\temp
2012-11-19 22:12 . 2012-11-19 22:12 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-11-19 13:23 . 2012-10-17 06:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85C383FA-4535-4A9C-8453-1D87662B7B3E}\mpengine.dll
2012-11-16 23:14 . 2012-11-16 23:14 -------- d--h--w- c:\windows\PIF
2012-11-16 20:23 . 2012-11-16 20:23 -------- d-----w- c:\users\Security\AppData\Roaming\Malwarebytes
2012-11-16 20:23 . 2012-11-16 20:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-16 20:23 . 2012-11-16 20:23 -------- d-----w- c:\programdata\Malwarebytes
2012-11-16 20:23 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 10:08 . 2012-11-16 10:08 -------- d-----w- c:\programdata\WindowsSearch
2012-11-15 09:41 . 2012-11-15 09:41 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 13:28 . 2012-10-10 16:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27 . 2012-10-10 16:25 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 16:25 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-10 16:26 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59 . 2012-09-22 07:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:00 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2000-01-01 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 141848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 1167360]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-19 16:42]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-19 16:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 168.95.1.1
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-11-19 17:21:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-19 22:21
ComboFix2.txt 2012-11-16 22:27
ComboFix3.txt 2012-11-16 21:56
ComboFix4.txt 2012-11-16 21:27
.
Pre-Run: 101,949,652,992 bytes free
Post-Run: 101,932,417,024 bytes free
.
- - End Of File - - FFEB974F588D387E0AF5E433D48D0B81




thanks,
bcrs

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:12 PM

Posted 19 November 2012 - 09:33 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 bcrs

bcrs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 20 November 2012 - 08:18 AM

here are the logs:

08:00:53.0206 4624 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:00:55.0219 4624 ============================================================
08:00:55.0219 4624 Current date / time: 2012/11/20 08:00:55.0219
08:00:55.0219 4624 SystemInfo:
08:00:55.0219 4624
08:00:55.0219 4624 OS Version: 6.0.6002 ServicePack: 2.0
08:00:55.0219 4624 Product type: Workstation
08:00:55.0219 4624 ComputerName: SECURITY01
08:00:55.0219 4624 UserName: Security
08:00:55.0219 4624 Windows directory: C:\Windows
08:00:55.0219 4624 System windows directory: C:\Windows
08:00:55.0219 4624 Processor architecture: Intel x86
08:00:55.0219 4624 Number of processors: 2
08:00:55.0219 4624 Page size: 0x1000
08:00:55.0219 4624 Boot type: Normal boot
08:00:55.0219 4624 ============================================================
08:00:56.0716 4624 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:00:56.0716 4624 ============================================================
08:00:56.0716 4624 \Device\Harddisk0\DR0:
08:00:56.0716 4624 MBR partitions:
08:00:56.0716 4624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x129D9800
08:00:56.0716 4624 ============================================================
08:00:56.0732 4624 C: <-> \Device\Harddisk0\DR0\Partition1
08:00:56.0732 4624 ============================================================
08:00:56.0732 4624 Initialize success
08:00:56.0732 4624 ============================================================
08:01:00.0414 4804 ============================================================
08:01:00.0414 4804 Scan started
08:01:00.0414 4804 Mode: Manual;
08:01:00.0414 4804 ============================================================
08:01:02.0052 4804 ================ Scan system memory ========================
08:01:02.0052 4804 System memory - ok
08:01:02.0052 4804 ================ Scan services =============================
08:01:02.0442 4804 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
08:01:02.0457 4804 ACPI - ok
08:01:02.0520 4804 [ 5EE42C392D81DF4544E4286EBB231A7A ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
08:01:02.0520 4804 ADIHdAudAddService - ok
08:01:02.0566 4804 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:01:02.0566 4804 adp94xx - ok
08:01:02.0613 4804 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:01:02.0613 4804 adpahci - ok
08:01:02.0644 4804 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
08:01:02.0644 4804 adpu160m - ok
08:01:02.0676 4804 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:01:02.0676 4804 adpu320 - ok
08:01:02.0707 4804 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:01:02.0707 4804 AeLookupSvc - ok
08:01:02.0754 4804 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
08:01:02.0754 4804 AFD - ok
08:01:02.0785 4804 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:01:02.0800 4804 agp440 - ok
08:01:02.0832 4804 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
08:01:02.0832 4804 aic78xx - ok
08:01:02.0863 4804 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
08:01:02.0863 4804 ALG - ok
08:01:02.0878 4804 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
08:01:02.0878 4804 aliide - ok
08:01:02.0894 4804 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
08:01:02.0894 4804 amdagp - ok
08:01:02.0910 4804 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
08:01:02.0910 4804 amdide - ok
08:01:02.0925 4804 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
08:01:02.0925 4804 AmdK7 - ok
08:01:02.0941 4804 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:01:02.0941 4804 AmdK8 - ok
08:01:02.0972 4804 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
08:01:02.0972 4804 Appinfo - ok
08:01:03.0003 4804 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
08:01:03.0003 4804 AppMgmt - ok
08:01:03.0034 4804 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
08:01:03.0034 4804 arc - ok
08:01:03.0066 4804 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:01:03.0066 4804 arcsas - ok
08:01:03.0112 4804 [ 054DF24C92B55427E0757CFFF160E4F2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
08:01:03.0112 4804 aswFsBlk - ok
08:01:03.0159 4804 [ 258143605E77E4008F1758481D6A977D ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
08:01:03.0159 4804 aswMonFlt - ok
08:01:03.0175 4804 [ 352D5A48EBAB35A7693B048679304831 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
08:01:03.0175 4804 aswRdr - ok
08:01:03.0222 4804 [ 8D34D2B24297E27D93E847319ABFDEC4 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
08:01:03.0222 4804 aswSnx - ok
08:01:03.0315 4804 [ 010012597333DA1F46C3243F33F8409E ] aswSP C:\Windows\system32\drivers\aswSP.sys
08:01:03.0346 4804 aswSP - ok
08:01:03.0362 4804 [ F9F84364416658E9786235904D448D37 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
08:01:03.0362 4804 aswTdi - ok
08:01:03.0378 4804 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:01:03.0378 4804 AsyncMac - ok
08:01:03.0393 4804 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
08:01:03.0393 4804 atapi - ok
08:01:03.0471 4804 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:01:03.0487 4804 AudioEndpointBuilder - ok
08:01:03.0487 4804 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
08:01:03.0487 4804 Audiosrv - ok
08:01:03.0549 4804 [ 996E6D052438E8D8DFD501F31560B2E0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:01:03.0549 4804 avast! Antivirus - ok
08:01:03.0580 4804 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
08:01:03.0580 4804 Beep - ok
08:01:03.0627 4804 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
08:01:03.0627 4804 BFE - ok
08:01:03.0674 4804 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
08:01:03.0705 4804 BITS - ok
08:01:03.0736 4804 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
08:01:03.0752 4804 blbdrive - ok
08:01:03.0768 4804 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:01:03.0783 4804 bowser - ok
08:01:03.0799 4804 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
08:01:03.0799 4804 BrFiltLo - ok
08:01:03.0814 4804 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
08:01:03.0814 4804 BrFiltUp - ok
08:01:03.0830 4804 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
08:01:03.0830 4804 Browser - ok
08:01:03.0861 4804 [ 9F80879913DC2712FD0C4D734E3F519B ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
08:01:03.0861 4804 BrSerIb - ok
08:01:03.0877 4804 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
08:01:03.0892 4804 Brserid - ok
08:01:03.0924 4804 [ 1A5FC78E41840EDF79D65EC16EFF2787 ] BrSerIf C:\Windows\system32\Drivers\BrSerIf.sys
08:01:03.0986 4804 BrSerIf - ok
08:01:04.0017 4804 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
08:01:04.0017 4804 BrSerWdm - ok
08:01:04.0033 4804 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
08:01:04.0048 4804 BrUsbMdm - ok
08:01:04.0048 4804 [ A24C7B39602218F8DBDB2B6704325FC7 ] BrUsbSer C:\Windows\system32\Drivers\BrUsbSer.sys
08:01:04.0048 4804 BrUsbSer - ok
08:01:04.0064 4804 [ B67512DA42C0C90BF236D5485226C1C7 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
08:01:04.0064 4804 BrUsbSIb - ok
08:01:04.0095 4804 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:01:04.0095 4804 BTHMODEM - ok
08:01:04.0126 4804 catchme - ok
08:01:04.0142 4804 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:01:04.0142 4804 cdfs - ok
08:01:04.0158 4804 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:01:04.0173 4804 cdrom - ok
08:01:04.0204 4804 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
08:01:04.0204 4804 CertPropSvc - ok
08:01:04.0236 4804 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
08:01:04.0236 4804 circlass - ok
08:01:04.0298 4804 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
08:01:04.0314 4804 CLFS - ok
08:01:04.0423 4804 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:01:04.0438 4804 clr_optimization_v2.0.50727_32 - ok
08:01:04.0485 4804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:01:04.0501 4804 clr_optimization_v4.0.30319_32 - ok
08:01:04.0516 4804 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:01:04.0532 4804 cmdide - ok
08:01:04.0532 4804 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:01:04.0532 4804 Compbatt - ok
08:01:04.0548 4804 COMSysApp - ok
08:01:04.0563 4804 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:01:04.0563 4804 crcdisk - ok
08:01:04.0579 4804 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
08:01:04.0579 4804 Crusoe - ok
08:01:04.0626 4804 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:01:04.0626 4804 CryptSvc - ok
08:01:04.0657 4804 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
08:01:04.0688 4804 CSC - ok
08:01:04.0719 4804 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
08:01:04.0735 4804 CscService - ok
08:01:04.0782 4804 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:01:04.0813 4804 DcomLaunch - ok
08:01:04.0844 4804 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:01:04.0844 4804 DfsC - ok
08:01:04.0891 4804 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
08:01:04.0938 4804 DFSR - ok
08:01:04.0984 4804 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
08:01:04.0984 4804 Dhcp - ok
08:01:05.0000 4804 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
08:01:05.0000 4804 disk - ok
08:01:05.0031 4804 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:01:05.0047 4804 Dnscache - ok
08:01:05.0062 4804 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:01:05.0062 4804 dot3svc - ok
08:01:05.0094 4804 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
08:01:05.0094 4804 DPS - ok
08:01:05.0125 4804 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:01:05.0125 4804 drmkaud - ok
08:01:05.0156 4804 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:01:05.0172 4804 DXGKrnl - ok
08:01:05.0218 4804 [ ABFD0739BDA1A9295B872A4B27326B9C ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
08:01:05.0218 4804 e1express - ok
08:01:05.0265 4804 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
08:01:05.0281 4804 E1G60 - ok
08:01:05.0359 4804 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
08:01:05.0390 4804 EapHost - ok
08:01:05.0499 4804 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
08:01:05.0530 4804 Ecache - ok
08:01:05.0562 4804 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:01:05.0562 4804 elxstor - ok
08:01:05.0608 4804 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
08:01:05.0624 4804 EMDMgmt - ok
08:01:05.0640 4804 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:01:05.0640 4804 ErrDev - ok
08:01:05.0686 4804 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
08:01:05.0686 4804 EventSystem - ok
08:01:05.0718 4804 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
08:01:05.0718 4804 exfat - ok
08:01:05.0733 4804 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:01:05.0733 4804 fastfat - ok
08:01:05.0764 4804 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
08:01:05.0780 4804 Fax - ok
08:01:05.0811 4804 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:01:05.0811 4804 fdc - ok
08:01:05.0827 4804 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
08:01:05.0827 4804 fdPHost - ok
08:01:05.0842 4804 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
08:01:05.0842 4804 FDResPub - ok
08:01:05.0858 4804 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:01:05.0858 4804 FileInfo - ok
08:01:05.0874 4804 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:01:05.0874 4804 Filetrace - ok
08:01:05.0936 4804 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:01:05.0936 4804 FLEXnet Licensing Service - ok
08:01:05.0967 4804 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:01:05.0967 4804 flpydisk - ok
08:01:05.0983 4804 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:01:05.0983 4804 FltMgr - ok
08:01:06.0014 4804 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
08:01:06.0030 4804 FontCache - ok
08:01:06.0076 4804 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:01:06.0076 4804 FontCache3.0.0.0 - ok
08:01:06.0108 4804 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:01:06.0108 4804 Fs_Rec - ok
08:01:06.0139 4804 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:01:06.0139 4804 gagp30kx - ok
08:01:06.0170 4804 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
08:01:06.0186 4804 gpsvc - ok
08:01:06.0248 4804 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
08:01:06.0264 4804 gupdate - ok
08:01:06.0295 4804 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:01:06.0295 4804 gupdatem - ok
08:01:06.0326 4804 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:01:06.0342 4804 gusvc - ok
08:01:06.0373 4804 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:01:06.0388 4804 HdAudAddService - ok
08:01:06.0435 4804 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:01:06.0466 4804 HDAudBus - ok
08:01:06.0498 4804 [ 0BF1D760B05CAAAF231123D53C4789E2 ] HECI C:\Windows\system32\DRIVERS\HECI.sys
08:01:06.0498 4804 HECI - ok
08:01:06.0529 4804 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:01:06.0529 4804 HidBth - ok
08:01:06.0544 4804 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
08:01:06.0544 4804 HidIr - ok
08:01:06.0544 4804 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
08:01:06.0560 4804 hidserv - ok
08:01:06.0576 4804 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:01:06.0576 4804 HidUsb - ok
08:01:06.0591 4804 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:01:06.0607 4804 hkmsvc - ok
08:01:06.0622 4804 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
08:01:06.0622 4804 HpCISSs - ok
08:01:06.0654 4804 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:01:06.0669 4804 HTTP - ok
08:01:06.0685 4804 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
08:01:06.0685 4804 i2omp - ok
08:01:06.0732 4804 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:01:06.0732 4804 i8042prt - ok
08:01:06.0747 4804 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
08:01:06.0763 4804 iaStorV - ok
08:01:06.0825 4804 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:01:06.0856 4804 idsvc - ok
08:01:07.0652 4804 [ 63C56DAC467EF814B60FF2AA2286C917 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
08:01:07.0761 4804 igfx - ok
08:01:07.0777 4804 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:01:07.0777 4804 iirsp - ok
08:01:07.0808 4804 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
08:01:07.0839 4804 IKEEXT - ok
08:01:07.0886 4804 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
08:01:07.0886 4804 intelide - ok
08:01:07.0917 4804 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:01:07.0917 4804 intelppm - ok
08:01:07.0933 4804 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:01:07.0933 4804 IPBusEnum - ok
08:01:07.0948 4804 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:01:07.0964 4804 IpFilterDriver - ok
08:01:07.0980 4804 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:01:07.0995 4804 iphlpsvc - ok
08:01:07.0995 4804 IpInIp - ok
08:01:08.0026 4804 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
08:01:08.0026 4804 IPMIDRV - ok
08:01:08.0042 4804 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
08:01:08.0042 4804 IPNAT - ok
08:01:08.0058 4804 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:01:08.0058 4804 IRENUM - ok
08:01:08.0073 4804 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:01:08.0073 4804 isapnp - ok
08:01:08.0104 4804 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
08:01:08.0120 4804 iScsiPrt - ok
08:01:08.0136 4804 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
08:01:08.0136 4804 iteatapi - ok
08:01:08.0167 4804 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
08:01:08.0182 4804 iteraid - ok
08:01:08.0198 4804 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:01:08.0198 4804 kbdclass - ok
08:01:08.0214 4804 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:01:08.0229 4804 kbdhid - ok
08:01:08.0245 4804 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
08:01:08.0245 4804 KeyIso - ok
08:01:08.0276 4804 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:01:08.0276 4804 KSecDD - ok
08:01:08.0370 4804 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
08:01:08.0385 4804 KtmRm - ok
08:01:08.0432 4804 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
08:01:08.0432 4804 LanmanServer - ok
08:01:08.0463 4804 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:01:08.0479 4804 LanmanWorkstation - ok
08:01:08.0494 4804 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:01:08.0494 4804 lltdio - ok
08:01:08.0510 4804 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:01:08.0526 4804 lltdsvc - ok
08:01:08.0541 4804 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:01:08.0541 4804 lmhosts - ok
08:01:08.0588 4804 [ C6A4FA0BEED6E4198DDD8B8EE136CF80 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
08:01:08.0588 4804 LMIGuardianSvc - ok
08:01:08.0604 4804 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
08:01:08.0619 4804 LMIInfo - ok
08:01:08.0635 4804 [ 6295A19E8A6486FF8A13A1B2F4E461E0 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
08:01:08.0650 4804 LMIMaint - ok
08:01:08.0666 4804 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
08:01:08.0666 4804 lmimirr - ok
08:01:08.0666 4804 LMIRfsClientNP - ok
08:01:08.0682 4804 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
08:01:08.0682 4804 LMIRfsDriver - ok
08:01:08.0697 4804 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
08:01:08.0697 4804 LogMeIn - ok
08:01:08.0728 4804 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:01:08.0728 4804 LSI_FC - ok
08:01:08.0760 4804 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:01:08.0775 4804 LSI_SAS - ok
08:01:08.0806 4804 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:01:08.0806 4804 LSI_SCSI - ok
08:01:08.0806 4804 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
08:01:08.0806 4804 luafv - ok
08:01:08.0838 4804 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
08:01:08.0838 4804 megasas - ok
08:01:08.0884 4804 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
08:01:08.0884 4804 MegaSR - ok
08:01:08.0931 4804 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
08:01:08.0931 4804 MMCSS - ok
08:01:08.0962 4804 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
08:01:08.0962 4804 Modem - ok
08:01:08.0978 4804 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:01:08.0978 4804 monitor - ok
08:01:08.0994 4804 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:01:08.0994 4804 mouclass - ok
08:01:09.0009 4804 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:01:09.0025 4804 mouhid - ok
08:01:09.0056 4804 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
08:01:09.0056 4804 MountMgr - ok
08:01:09.0087 4804 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
08:01:09.0103 4804 mpio - ok
08:01:09.0134 4804 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:01:09.0134 4804 mpsdrv - ok
08:01:09.0165 4804 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
08:01:09.0165 4804 Mraid35x - ok
08:01:09.0196 4804 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:01:09.0196 4804 MRxDAV - ok
08:01:09.0212 4804 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:01:09.0212 4804 mrxsmb - ok
08:01:09.0243 4804 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:01:09.0243 4804 mrxsmb10 - ok
08:01:09.0274 4804 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:01:09.0274 4804 mrxsmb20 - ok
08:01:09.0306 4804 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
08:01:09.0306 4804 msahci - ok
08:01:09.0337 4804 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:01:09.0337 4804 msdsm - ok
08:01:09.0352 4804 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
08:01:09.0368 4804 MSDTC - ok
08:01:09.0368 4804 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:01:09.0368 4804 Msfs - ok
08:01:09.0399 4804 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:01:09.0399 4804 msisadrv - ok
08:01:09.0430 4804 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:01:09.0430 4804 MSiSCSI - ok
08:01:09.0430 4804 msiserver - ok
08:01:09.0462 4804 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:01:09.0462 4804 MSKSSRV - ok
08:01:09.0477 4804 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:01:09.0477 4804 MSPCLOCK - ok
08:01:09.0508 4804 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:01:09.0508 4804 MSPQM - ok
08:01:09.0540 4804 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:01:09.0540 4804 MsRPC - ok
08:01:09.0540 4804 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:01:09.0555 4804 mssmbios - ok
08:01:09.0555 4804 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:01:09.0571 4804 MSTEE - ok
08:01:09.0586 4804 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
08:01:09.0602 4804 Mup - ok
08:01:09.0618 4804 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
08:01:09.0649 4804 napagent - ok
08:01:09.0696 4804 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:01:09.0696 4804 NativeWifiP - ok
08:01:09.0742 4804 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:01:09.0742 4804 NDIS - ok
08:01:09.0774 4804 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:01:09.0774 4804 NdisTapi - ok
08:01:09.0789 4804 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:01:09.0789 4804 Ndisuio - ok
08:01:09.0820 4804 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:01:09.0820 4804 NdisWan - ok
08:01:09.0836 4804 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:01:09.0836 4804 NDProxy - ok
08:01:09.0852 4804 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:01:09.0852 4804 NetBIOS - ok
08:01:09.0883 4804 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
08:01:09.0883 4804 netbt - ok
08:01:09.0898 4804 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
08:01:09.0898 4804 Netlogon - ok
08:01:09.0930 4804 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
08:01:09.0930 4804 Netman - ok
08:01:09.0945 4804 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
08:01:09.0961 4804 netprofm - ok
08:01:09.0992 4804 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:01:09.0992 4804 NetTcpPortSharing - ok
08:01:10.0008 4804 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:01:10.0008 4804 nfrd960 - ok
08:01:10.0039 4804 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:01:10.0054 4804 NlaSvc - ok
08:01:10.0101 4804 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:01:10.0117 4804 Npfs - ok
08:01:10.0148 4804 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
08:01:10.0148 4804 nsi - ok
08:01:10.0148 4804 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:01:10.0148 4804 nsiproxy - ok
08:01:10.0351 4804 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:01:10.0366 4804 Ntfs - ok
08:01:10.0382 4804 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
08:01:10.0398 4804 ntrigdigi - ok
08:01:10.0413 4804 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
08:01:10.0413 4804 Null - ok
08:01:10.0429 4804 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:01:10.0429 4804 nvraid - ok
08:01:10.0444 4804 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:01:10.0444 4804 nvstor - ok
08:01:10.0460 4804 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:01:10.0460 4804 nv_agp - ok
08:01:10.0460 4804 NwlnkFlt - ok
08:01:10.0460 4804 NwlnkFwd - ok
08:01:10.0585 4804 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:01:10.0585 4804 odserv - ok
08:01:10.0632 4804 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:01:10.0632 4804 ohci1394 - ok
08:01:10.0678 4804 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:01:10.0678 4804 ose - ok
08:01:10.0725 4804 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
08:01:10.0772 4804 p2pimsvc - ok
08:01:10.0788 4804 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
08:01:10.0788 4804 p2psvc - ok
08:01:10.0819 4804 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:01:10.0819 4804 Parport - ok
08:01:10.0850 4804 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:01:10.0866 4804 partmgr - ok
08:01:10.0897 4804 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
08:01:10.0897 4804 Parvdm - ok
08:01:10.0912 4804 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
08:01:10.0928 4804 PcaSvc - ok
08:01:10.0990 4804 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
08:01:11.0037 4804 pci - ok
08:01:11.0053 4804 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
08:01:11.0068 4804 pciide - ok
08:01:11.0100 4804 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:01:11.0100 4804 pcmcia - ok
08:01:11.0146 4804 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:01:11.0178 4804 PEAUTH - ok
08:01:11.0240 4804 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
08:01:11.0271 4804 pla - ok
08:01:11.0334 4804 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:01:11.0380 4804 PlugPlay - ok
08:01:11.0380 4804 pmlrlj - ok
08:01:11.0661 4804 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
08:01:11.0661 4804 PNRPAutoReg - ok
08:01:11.0708 4804 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
08:01:11.0708 4804 PNRPsvc - ok
08:01:11.0739 4804 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:01:11.0755 4804 PolicyAgent - ok
08:01:11.0786 4804 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:01:11.0817 4804 PptpMiniport - ok
08:01:11.0848 4804 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
08:01:11.0864 4804 Processor - ok
08:01:11.0911 4804 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
08:01:11.0926 4804 ProfSvc - ok
08:01:11.0926 4804 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
08:01:11.0942 4804 ProtectedStorage - ok
08:01:11.0973 4804 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
08:01:11.0973 4804 PSched - ok
08:01:12.0020 4804 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:01:12.0051 4804 ql2300 - ok
08:01:12.0098 4804 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:01:12.0160 4804 ql40xx - ok
08:01:12.0207 4804 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
08:01:12.0207 4804 QWAVE - ok
08:01:12.0223 4804 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:01:12.0223 4804 QWAVEdrv - ok
08:01:12.0238 4804 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:01:12.0238 4804 RasAcd - ok
08:01:12.0238 4804 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
08:01:12.0238 4804 RasAuto - ok
08:01:12.0254 4804 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:01:12.0254 4804 Rasl2tp - ok
08:01:12.0285 4804 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
08:01:12.0285 4804 RasMan - ok
08:01:12.0301 4804 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:01:12.0316 4804 RasPppoe - ok
08:01:12.0332 4804 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:01:12.0332 4804 RasSstp - ok
08:01:12.0457 4804 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:01:12.0519 4804 rdbss - ok
08:01:12.0535 4804 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:01:12.0535 4804 RDPCDD - ok
08:01:12.0582 4804 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
08:01:12.0582 4804 rdpdr - ok
08:01:12.0597 4804 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:01:12.0597 4804 RDPENCDD - ok
08:01:12.0628 4804 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:01:12.0644 4804 RDPWD - ok
08:01:12.0675 4804 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:01:12.0675 4804 RemoteAccess - ok
08:01:12.0691 4804 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:01:12.0706 4804 RemoteRegistry - ok
08:01:12.0722 4804 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
08:01:12.0722 4804 RpcLocator - ok
08:01:12.0738 4804 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
08:01:12.0753 4804 RpcSs - ok
08:01:12.0800 4804 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:01:12.0847 4804 rspndr - ok
08:01:12.0847 4804 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
08:01:12.0847 4804 SamSs - ok
08:01:12.0909 4804 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:01:12.0987 4804 sbp2port - ok
08:01:13.0065 4804 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:01:13.0096 4804 SCardSvr - ok
08:01:13.0128 4804 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
08:01:13.0128 4804 Schedule - ok
08:01:13.0159 4804 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:01:13.0159 4804 SCPolicySvc - ok
08:01:13.0221 4804 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:01:13.0237 4804 SDRSVC - ok
08:01:13.0268 4804 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:01:13.0268 4804 secdrv - ok
08:01:13.0299 4804 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
08:01:13.0299 4804 seclogon - ok
08:01:13.0315 4804 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
08:01:13.0330 4804 SENS - ok
08:01:13.0330 4804 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:01:13.0330 4804 Serenum - ok
08:01:13.0346 4804 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:01:13.0346 4804 Serial - ok
08:01:13.0377 4804 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:01:13.0377 4804 sermouse - ok
08:01:13.0393 4804 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
08:01:13.0393 4804 SessionEnv - ok
08:01:13.0424 4804 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:01:13.0424 4804 sffdisk - ok
08:01:13.0440 4804 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:01:13.0440 4804 sffp_mmc - ok
08:01:13.0440 4804 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:01:13.0440 4804 sffp_sd - ok
08:01:13.0455 4804 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:01:13.0455 4804 sfloppy - ok
08:01:13.0502 4804 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:01:13.0502 4804 SharedAccess - ok
08:01:13.0518 4804 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:01:13.0533 4804 ShellHWDetection - ok
08:01:13.0564 4804 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
08:01:13.0564 4804 sisagp - ok
08:01:13.0596 4804 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
08:01:13.0596 4804 SiSRaid2 - ok
08:01:13.0611 4804 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:01:13.0611 4804 SiSRaid4 - ok
08:01:13.0736 4804 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
08:01:13.0814 4804 slsvc - ok
08:01:13.0845 4804 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
08:01:13.0861 4804 SLUINotify - ok
08:01:13.0892 4804 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:01:13.0892 4804 Smb - ok
08:01:13.0908 4804 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:01:13.0923 4804 SNMPTRAP - ok
08:01:13.0939 4804 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
08:01:13.0939 4804 spldr - ok
08:01:13.0970 4804 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
08:01:13.0970 4804 Spooler - ok
08:01:14.0001 4804 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:01:14.0001 4804 srv - ok
08:01:14.0032 4804 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:01:14.0048 4804 srv2 - ok
08:01:14.0064 4804 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:01:14.0064 4804 srvnet - ok
08:01:14.0142 4804 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:01:14.0157 4804 SSDPSRV - ok
08:01:14.0188 4804 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:01:14.0188 4804 SstpSvc - ok
08:01:14.0391 4804 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
08:01:14.0407 4804 stisvc - ok
08:01:14.0422 4804 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:01:14.0438 4804 swenum - ok
08:01:14.0454 4804 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
08:01:14.0469 4804 swprv - ok
08:01:14.0485 4804 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
08:01:14.0485 4804 Symc8xx - ok
08:01:14.0516 4804 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
08:01:14.0516 4804 Sym_hi - ok
08:01:14.0532 4804 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
08:01:14.0532 4804 Sym_u3 - ok
08:01:14.0578 4804 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
08:01:14.0594 4804 SysMain - ok
08:01:14.0625 4804 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:01:14.0625 4804 TabletInputService - ok
08:01:14.0656 4804 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:01:14.0656 4804 TapiSrv - ok
08:01:14.0672 4804 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
08:01:14.0672 4804 TBS - ok
08:01:14.0703 4804 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:01:14.0734 4804 Tcpip - ok
08:01:14.0750 4804 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
08:01:14.0750 4804 Tcpip6 - ok
08:01:14.0766 4804 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:01:14.0781 4804 tcpipreg - ok
08:01:14.0812 4804 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:01:14.0812 4804 TDPIPE - ok
08:01:14.0828 4804 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:01:14.0828 4804 TDTCP - ok
08:01:14.0859 4804 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:01:14.0859 4804 tdx - ok
08:01:14.0859 4804 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:01:14.0859 4804 TermDD - ok
08:01:14.0890 4804 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
08:01:14.0890 4804 TermService - ok
08:01:14.0922 4804 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
08:01:14.0922 4804 Themes - ok
08:01:14.0937 4804 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
08:01:14.0937 4804 THREADORDER - ok
08:01:14.0953 4804 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
08:01:14.0953 4804 TrkWks - ok
08:01:15.0000 4804 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:01:15.0015 4804 TrustedInstaller - ok
08:01:15.0046 4804 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:01:15.0046 4804 tssecsrv - ok
08:01:15.0093 4804 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
08:01:15.0124 4804 tunmp - ok
08:01:15.0156 4804 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:01:15.0156 4804 tunnel - ok
08:01:15.0187 4804 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:01:15.0187 4804 uagp35 - ok
08:01:15.0265 4804 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:01:15.0280 4804 udfs - ok
08:01:15.0327 4804 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:01:15.0327 4804 UI0Detect - ok
08:01:15.0358 4804 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:01:15.0358 4804 uliagpkx - ok
08:01:15.0374 4804 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
08:01:15.0374 4804 uliahci - ok
08:01:15.0390 4804 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
08:01:15.0390 4804 UlSata - ok
08:01:15.0421 4804 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
08:01:15.0421 4804 ulsata2 - ok
08:01:15.0436 4804 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:01:15.0436 4804 umbus - ok
08:01:15.0452 4804 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
08:01:15.0468 4804 UmRdpService - ok
08:01:15.0499 4804 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
08:01:15.0499 4804 upnphost - ok
08:01:15.0546 4804 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:01:15.0561 4804 usbccgp - ok
08:01:15.0561 4804 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:01:15.0561 4804 usbcir - ok
08:01:15.0592 4804 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:01:15.0592 4804 usbehci - ok
08:01:15.0624 4804 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:01:15.0624 4804 usbhub - ok
08:01:15.0655 4804 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:01:15.0655 4804 usbohci - ok
08:01:15.0686 4804 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:01:15.0686 4804 usbprint - ok
08:01:15.0702 4804 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:01:15.0702 4804 usbscan - ok
08:01:15.0733 4804 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:01:15.0733 4804 USBSTOR - ok
08:01:15.0748 4804 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:01:15.0748 4804 usbuhci - ok
08:01:15.0764 4804 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
08:01:15.0764 4804 UxSms - ok
08:01:15.0795 4804 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
08:01:15.0811 4804 vds - ok
08:01:15.0826 4804 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:01:15.0826 4804 vga - ok
08:01:15.0842 4804 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
08:01:15.0842 4804 VgaSave - ok
08:01:15.0842 4804 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
08:01:15.0858 4804 viaagp - ok
08:01:15.0858 4804 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
08:01:15.0873 4804 ViaC7 - ok
08:01:15.0889 4804 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
08:01:15.0889 4804 viaide - ok
08:01:15.0904 4804 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:01:15.0904 4804 volmgr - ok
08:01:15.0920 4804 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:01:15.0936 4804 volmgrx - ok
08:01:15.0967 4804 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:01:15.0967 4804 volsnap - ok
08:01:15.0998 4804 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:01:15.0998 4804 vsmraid - ok
08:01:16.0029 4804 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
08:01:16.0154 4804 VSS - ok
08:01:16.0185 4804 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
08:01:16.0185 4804 W32Time - ok
08:01:16.0232 4804 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:01:16.0232 4804 WacomPen - ok
08:01:16.0248 4804 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
08:01:16.0248 4804 Wanarp - ok
08:01:16.0248 4804 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:01:16.0248 4804 Wanarpv6 - ok
08:01:16.0294 4804 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
08:01:16.0341 4804 wbengine - ok
08:01:16.0388 4804 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:01:16.0388 4804 wcncsvc - ok
08:01:16.0435 4804 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:01:16.0435 4804 WcsPlugInService - ok
08:01:16.0466 4804 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
08:01:16.0466 4804 Wd - ok
08:01:16.0497 4804 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:01:16.0497 4804 Wdf01000 - ok
08:01:16.0528 4804 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:01:16.0528 4804 WdiServiceHost - ok
08:01:16.0544 4804 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:01:16.0544 4804 WdiSystemHost - ok
08:01:16.0606 4804 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
08:01:16.0622 4804 WebClient - ok
08:01:16.0653 4804 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:01:16.0669 4804 Wecsvc - ok
08:01:16.0684 4804 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:01:16.0684 4804 wercplsupport - ok
08:01:16.0731 4804 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
08:01:16.0731 4804 WerSvc - ok
08:01:16.0778 4804 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
08:01:16.0778 4804 WinDefend - ok
08:01:16.0794 4804 WinHttpAutoProxySvc - ok
08:01:16.0840 4804 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:01:16.0840 4804 Winmgmt - ok
08:01:16.0872 4804 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
08:01:16.0918 4804 WinRM - ok
08:01:16.0950 4804 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:01:16.0965 4804 Wlansvc - ok
08:01:16.0981 4804 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:01:16.0981 4804 WmiAcpi - ok
08:01:17.0012 4804 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:01:17.0012 4804 wmiApSrv - ok
08:01:17.0074 4804 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
08:01:17.0106 4804 WMPNetworkSvc - ok
08:01:17.0152 4804 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:01:17.0168 4804 WPDBusEnum - ok
08:01:17.0215 4804 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:01:17.0230 4804 WPFFontCache_v0400 - ok
08:01:17.0262 4804 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:01:17.0262 4804 ws2ifsl - ok
08:01:17.0277 4804 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
08:01:17.0293 4804 wscsvc - ok
08:01:17.0293 4804 WSearch - ok
08:01:17.0355 4804 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
08:01:17.0371 4804 wuauserv - ok
08:01:17.0433 4804 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:01:17.0433 4804 WUDFRd - ok
08:01:17.0449 4804 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:01:17.0464 4804 wudfsvc - ok
08:01:17.0511 4804 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:01:17.0527 4804 YahooAUService - ok
08:01:17.0527 4804 ================ Scan global ===============================
08:01:17.0542 4804 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
08:01:17.0574 4804 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
08:01:17.0589 4804 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
08:01:17.0636 4804 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
08:01:17.0652 4804 [Global] - ok
08:01:17.0652 4804 ================ Scan MBR ==================================
08:01:17.0652 4804 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
08:01:18.0775 4804 \Device\Harddisk0\DR0 - ok
08:01:18.0775 4804 ================ Scan VBR ==================================
08:01:18.0806 4804 [ A817F98AFDE1AEBF07740756395A763D ] \Device\Harddisk0\DR0\Partition1
08:01:18.0806 4804 \Device\Harddisk0\DR0\Partition1 - ok
08:01:18.0806 4804 ============================================================
08:01:18.0806 4804 Scan finished
08:01:18.0806 4804 ============================================================
08:01:18.0806 4792 Detected object count: 0
08:01:18.0806 4792 Actual detected object count: 0




aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-20 08:04:50
-----------------------------
08:04:50.995 OS Version: Windows 6.0.6002 Service Pack 2
08:04:50.995 Number of processors: 2 586 0x1706
08:04:50.995 ComputerName: SECURITY01 UserName: Security
08:04:53.569 Initialize success
08:04:54.724 AVAST engine defs: 12111901
08:05:13.319 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
08:05:13.334 Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3
08:05:13.350 Disk 0 MBR read successfully
08:05:13.350 Disk 0 MBR scan
08:05:13.350 Disk 0 Windows VISTA default MBR code
08:05:13.350 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
08:05:13.366 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152499 MB offset 178176
08:05:13.381 Disk 0 scanning sectors +312496128
08:05:13.490 Disk 0 scanning C:\Windows\system32\drivers
08:05:25.565 Service scanning
08:05:41.024 Modules scanning
08:05:44.878 Disk 0 trace - called modules:
08:05:44.878 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
08:05:44.893 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85201118]
08:05:44.893 3 CLASSPNP.SYS[881a58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84fdcb98]
08:05:45.330 AVAST engine scan C:\Windows
08:05:47.467 AVAST engine scan C:\Windows\system32
08:07:35.794 AVAST engine scan C:\Windows\system32\drivers
08:07:43.484 AVAST engine scan C:\Users\Security
08:15:58.457 AVAST engine scan C:\ProgramData
08:16:54.492 Scan finished successfully
08:18:01.525 Disk 0 MBR has been saved successfully to "C:\Users\Security\Desktop\MBR.dat"
08:18:01.525 The log file has been saved successfully to "C:\Users\Security\Desktop\aswMBR.txt"


thanks
bcrs

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:12 PM

Posted 20 November 2012 - 12:52 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 bcrs

bcrs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 20 November 2012 - 02:34 PM

Gringo,

Everything seems to be running ok at this point. When I ran combofix with the script i did allow combofix to do an update. Hope thats ok. Also, not sure if it matters but when running combofix I get an "Access Denied. Admin privileges are needed...etc" at the start and I always get the same message on stage 38.



ComboFix 12-11-20.02 - Security 11/20/2012 14:07:00.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2004.1030 [GMT -5:00]
Running from: c:\users\Security\Desktop\ComboFix.exe
Command switches used :: c:\users\Security\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-20 to 2012-11-20 )))))))))))))))))))))))))))))))
.
.
2012-11-20 19:13 . 2012-11-20 19:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-11-20 19:13 . 2012-11-20 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-20 19:13 . 2012-11-20 19:13 -------- d-----w- c:\users\Balsam\AppData\Local\temp
2012-11-20 19:13 . 2012-11-20 19:13 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-11-20 09:59 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49BE8318-7DEE-4354-8740-2C5A0778B6E8}\mpengine.dll
2012-11-19 13:26 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-19 13:10 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 23:14 . 2012-11-16 23:14 -------- d--h--w- c:\windows\PIF
2012-11-16 20:23 . 2012-11-16 20:23 -------- d-----w- c:\users\Security\AppData\Roaming\Malwarebytes
2012-11-16 20:23 . 2012-11-16 20:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-16 20:23 . 2012-11-16 20:23 -------- d-----w- c:\programdata\Malwarebytes
2012-11-16 20:23 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 10:08 . 2012-11-16 10:08 -------- d-----w- c:\programdata\WindowsSearch
2012-11-15 09:41 . 2012-11-15 09:41 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 13:28 . 2012-10-10 16:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27 . 2012-10-10 16:25 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 16:25 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-10 16:26 172544 ----a-w- c:\windows\system32\wintrust.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2000-01-01 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 141848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 1167360]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-19 16:42]
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-19 16:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 168.95.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-20 14:22
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2012-11-20 14:26:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-20 19:26
ComboFix2.txt 2012-11-19 22:21
ComboFix3.txt 2012-11-16 22:27
ComboFix4.txt 2012-11-16 21:56
ComboFix5.txt 2012-11-20 19:05
.
Pre-Run: 101,813,174,272 bytes free
Post-Run: 101,578,383,360 bytes free
.
- - End Of File - - C9EB948302BDE498C3629825D33F9BA3






thanks,
bcrs

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:12 PM

Posted 20 November 2012 - 08:52 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 26 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 bcrs

bcrs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 21 November 2012 - 10:02 AM

Gringo,

The computer is running fine. I am not experiencing any problems. Here are the logs:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.21.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Security :: SECURITY01 [administrator]

11/21/2012 9:47:03 AM
mbam-log-2012-11-21 (09-47-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243323
Time elapsed: 4 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:36 AM, on 11/21/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Security\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BMPSL.Local
O17 - HKLM\Software\..\Telephony: DomainName = BMPSL.Local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BMPSL.Local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BMPSL.Local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = BMPSL.Local
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = BMPSL.Local
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = BMPSL.Local
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = BMPSL.Local
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7735 bytes





Thanks,
bcrs

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:12 PM

Posted 21 November 2012 - 11:31 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 bcrs

bcrs
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 23 November 2012 - 10:44 AM

I am out of town right now.... but will run when i get back.

thanks,
bcrs




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users