Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i got uKash virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 iplayloltoomuch

iplayloltoomuch

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 19 November 2012 - 07:47 PM

Hello,
I'm a bit unskilled with computers and have tried to fix the problem myself but alas, i'm useless.

I have the Australian Federal Police Ukash virus, and I still have access to safe mode but my virus removal program did nothing.

Help me please :)

IPLTM

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 AM

Posted 19 November 2012 - 07:59 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 iplayloltoomuch

iplayloltoomuch
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 20 November 2012 - 08:02 PM

security check

Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Norton 360 Premier Edition
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 29
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

dos - attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/01/2009 4:03:04 AM
System Uptime: 21/11/2012 10:26:37 AM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | F5SR
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz | CPU 1 | 1999/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 76.772 GiB free.
D: is FIXED (NTFS) - 139 GiB total, 139.248 GiB free.
E: is CDROM (UDF)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP527: 27/09/2012 9:20:46 AM - Scheduled Checkpoint
RP529: 5/11/2012 11:14:53 AM - Scheduled Checkpoint
RP530: 9/11/2012 12:32:17 PM - Scheduled Checkpoint
RP531: 10/11/2012 9:33:07 PM - Scheduled Checkpoint
RP532: 14/11/2012 1:41:17 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS CopyProtect
ASUS Data Security Manager
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear eXtreme
ASUS SmartLogon
ASUS Touch Pad Extra
Asus_Camera_ScreenSaver
Atheros Client Installation Program
ATI Catalyst Install Manager
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
µTorrent
Bonjour
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-Branding
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Celtx (2.0.2)
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink LabelPrint
CyberLink Power2Go
EA Download Manager
Express Gate
Facebook Plug-In
GearDrvs
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java Auto Updater
Java™ 6 Update 29
League of Legends
LightScribe System Software 1.14.17.1
Media Player Codec Pack 4.1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel 2007 Help §ó·sµ{¦ˇ (KB963678)
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Powerpoint 2007 Help §ó·sµ{¦ˇ (KB963669)
Microsoft Office PowerPoint 2007 §ó·sµ{¦ˇ (KB963669)
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007 Help §ó·sµ{¦ˇ (KB963665)
Microsoft Office Word 2007 §ó·sµ{¦ˇ (KB963665)
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
NB Probe
Norton 360 Premier Edition
Pando Media Booster
Picasa 2
Plants vs. Zombies
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
SecureW2 EAP Suite 1.1.2 for Windows
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shoddy Battle
Skins
Skype™ 5.10
Synaptics Pointing Device Driver
TeamViewer 6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 UVC 1.3M WebCam
Ventrilo Client
VLC media player 1.1.11
WinFlash
Wireless Console 2
Xvid Video Codec
.
==== End Of File ===========================

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.19088
Run by Tom at 10:58:21 on 2012-11-21
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2047.1301 [GMT 10:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Users\Tom\Desktop\Defogger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360 premier edition\engine\5.2.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360 premier edition\engine\5.2.2.3\ips\ipsbho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\5.2.2.3\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\5.2.2.3\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [qgfocfkgpfxevvk] c:\programdata\qgfocfkg.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [P2Go_Menu] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4DE13373-9F1C-40F3-BD45-B9D7F3D4E1A1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CEDBB582-F828-4A63-8FFF-75A4311C0D84} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-1-8 15416]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-6-12 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-6-12 744568]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2007-6-20 47616]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20121106.001\BHDrvx86.sys [2012-10-24 995488]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20121116.001\IDSvix86.sys [2012-11-18 386720]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-6-12 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-6-12 331384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\5.2.2.3\ccsvchst.exe [2012-6-12 130008]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-10-5 2358656]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-8 30192]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-18 13:49:29 66048 ----a-w- c:\programdata\qgfocfkg.exe
2012-11-18 13:49:29 -------- d-----w- c:\programdata\lljiqomupiopcnx
2012-11-18 13:47:51 66048 ----a-w- c:\users\tom\ms.exe
2012-11-18 13:45:42 66048 ----a-w- c:\users\tom\0.6658937083836022.exe
.
==================== Find3M ====================
.
2012-10-09 11:56:37 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 11:56:37 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2008-07-02 03:28:38 61440 ----a-w- c:\program files\common files\CPInstallAction.dll
.
============= FINISH: 10:59:07.51 ===============

Had no issues at all - besides all of this being completed in safe mode due to virus.

Thanks

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 AM

Posted 20 November 2012 - 08:19 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 iplayloltoomuch

iplayloltoomuch
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 20 November 2012 - 08:38 PM

rougue killer -

RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : Tom [Admin rights]
Mode : Remove -- Date : 11/21/2012 11:36:36

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : qgfocfkgpfxevvk (C:\ProgramData\qgfocfkg.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : ASUS Camera ScreenSaver (C:\Windows\AsScrProlog.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : ASUS Screen Saver Protector (C:\Windows\ASScrPro.exe) -> DELETED
[RUN][NOTFOUND] HKUS\S-1-5-19[...]\Run : WindowsWelcomeCenter (rundll32.exe oobefldr.dll,ShowWelcomeCenter) -> DELETED
[RUN][NOTFOUND] HKUS\S-1-5-20[...]\Run : WindowsWelcomeCenter (rundll32.exe oobefldr.dll,ShowWelcomeCenter) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320320AS ATA Device +++++
--- User ---
[MBR] 23e9e8e2e2f11c2a57ed92ffca9473c2
[BSP] 68a9a69bc00139773c4fa2984750dba9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 10001 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20482875 | Size: 152617 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 333045152 | Size: 142624 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11212012_02d1136.txt >>
RKreport[1]_S_11212012_02d1136.txt ; RKreport[2]_D_11212012_02d1136.txt



adw cleaner

# AdwCleaner v2.008 - Logfile created 11/21/2012 at 11:22:54
# Updated 17/11/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# User : Tom - AMENO
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Tom\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Tom\AppData\Local\TempDir

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [960 octets] - [21/11/2012 11:22:54]

########## EOF - C:\AdwCleaner[S1].txt - [1019 octets] ##########



no issues

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 AM

Posted 20 November 2012 - 08:58 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 iplayloltoomuch

iplayloltoomuch
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 20 November 2012 - 09:37 PM

ComboFix 12-11-20.02 - Tom 21/11/2012 12:26:33.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2047.1651 [GMT 10:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\ASPG_icon.ico
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\programdata\qgfocfkg.exe
c:\users\Tom\0.6658937083836022.exe
c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\users\Tom\ms.exe
c:\windows\msvcr71.dll
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-10-21 to 2012-11-21 )))))))))))))))))))))))))))))))
.
.
2012-11-21 02:33 . 2012-11-21 02:33 -------- d-----w- c:\users\Tom\AppData\Local\temp
2012-11-21 02:33 . 2012-11-21 02:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-18 13:49 . 2012-11-18 13:49 -------- d-----w- c:\programdata\lljiqomupiopcnx
2012-11-10 08:39 . 2012-11-10 08:39 -------- d-----w- c:\programdata\WindowsSearch
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 11:56 . 2012-08-17 12:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 11:56 . 2012-08-17 12:11 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-07 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-05 30192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 11:56]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-02 22:47]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-02 22:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-21 12:33
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\ADSM_PData_0150
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-529495162-4103455744-996305035-1000\Software\SecuROM\License information*]
"datasecu"=hex:0a,8a,5d,a0,54,fa,4f,35,00,df,b6,2d,86,63,4f,b1,ba,75,44,54,fb,
83,71,b4,e4,aa,0a,65,67,3b,ad,53,25,01,15,00,ce,2e,06,da,aa,2e,dc,21,33,6e,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1772)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Completion time: 2012-11-21 12:35:39
ComboFix-quarantined-files.txt 2012-11-21 02:35
.
Pre-Run: 91,533,918,208 bytes free
Post-Run: 91,434,864,640 bytes free
.
- - End Of File - - A3366ABF07ADA304F5E0632FFDC12C41


1 problem - could not turn off norton - deleted it but it was still being detected.

Logging off and trying my computer without safe mode on

#8 iplayloltoomuch

iplayloltoomuch
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 20 November 2012 - 09:43 PM

excellent!!! i can use my computer again!

Are there any further steps / issues I should be aware of?

can you recommend a reliable security program?

Thankyou very much for your help, the process was quick and easy and I would be glad to make a donation for your fast responses.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 AM

Posted 20 November 2012 - 10:05 PM

Greetings

we still have more work to do and I will get into all of that soon

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 iplayloltoomuch

iplayloltoomuch
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 20 November 2012 - 11:59 PM

13:41:43.0964 5728 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:41:44.0792 5728 ============================================================
13:41:44.0792 5728 Current date / time: 2012/11/21 13:41:44.0792
13:41:44.0792 5728 SystemInfo:
13:41:44.0792 5728
13:41:44.0792 5728 OS Version: 6.0.6001 ServicePack: 1.0
13:41:44.0792 5728 Product type: Workstation
13:41:44.0792 5728 ComputerName: AMENO
13:41:44.0792 5728 UserName: Tom
13:41:44.0792 5728 Windows directory: C:\Windows
13:41:44.0792 5728 System windows directory: C:\Windows
13:41:44.0792 5728 Processor architecture: Intel x86
13:41:44.0792 5728 Number of processors: 2
13:41:44.0792 5728 Page size: 0x1000
13:41:44.0792 5728 Boot type: Normal boot
13:41:44.0792 5728 ============================================================
13:41:46.0370 5728 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x4B680, SectorsPerTrack: 0x2C, TracksPerCylinder: 0x2E, Type 'K0', Flags 0x00000050
13:41:46.0448 5728 ============================================================
13:41:46.0448 5728 \Device\Harddisk0\DR0:
13:41:46.0464 5728 MBR partitions:
13:41:46.0464 5728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388B3B, BlocksNum 0x12A14C00
13:41:46.0495 5728 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D9DDCC, BlocksNum 0x11690634
13:41:46.0495 5728 ============================================================
13:41:46.0620 5728 C: <-> \Device\Harddisk0\DR0\Partition1
13:41:46.0667 5728 D: <-> \Device\Harddisk0\DR0\Partition2
13:41:46.0714 5728 ============================================================
13:41:46.0714 5728 Initialize success
13:41:46.0714 5728 ============================================================
13:41:51.0558 4908 ============================================================
13:41:51.0558 4908 Scan started
13:41:51.0558 4908 Mode: Manual;
13:41:51.0558 4908 ============================================================
13:41:54.0105 4908 ================ Scan system memory ========================
13:41:54.0105 4908 System memory - ok
13:41:54.0105 4908 ================ Scan services =============================
13:41:54.0370 4908 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
13:41:54.0386 4908 ACPI - ok
13:41:54.0480 4908 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:41:54.0511 4908 AdobeFlashPlayerUpdateSvc - ok
13:41:54.0558 4908 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:41:54.0573 4908 adp94xx - ok
13:41:54.0605 4908 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:41:54.0605 4908 adpahci - ok
13:41:54.0620 4908 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:41:54.0620 4908 adpu160m - ok
13:41:54.0652 4908 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:41:54.0652 4908 adpu320 - ok
13:41:54.0730 4908 [ 609A6F49B6AF0F25837F8A0EDDDB0745 ] ADSMService C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
13:41:54.0761 4908 ADSMService - ok
13:41:54.0792 4908 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:41:54.0808 4908 AeLookupSvc - ok
13:41:54.0855 4908 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
13:41:54.0855 4908 AFD - ok
13:41:54.0886 4908 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
13:41:54.0902 4908 AgereModemAudio - ok
13:41:54.0948 4908 [ 1CFEBA39FC613E45B49D3EDDFBCDA289 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
13:41:55.0011 4908 AgereSoftModem - ok
13:41:55.0027 4908 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:41:55.0089 4908 agp440 - ok
13:41:55.0105 4908 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:41:55.0105 4908 aic78xx - ok
13:41:55.0136 4908 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
13:41:55.0136 4908 ALG - ok
13:41:55.0152 4908 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
13:41:55.0167 4908 aliide - ok
13:41:55.0167 4908 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:41:55.0183 4908 amdagp - ok
13:41:55.0198 4908 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
13:41:55.0198 4908 amdide - ok
13:41:55.0214 4908 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
13:41:55.0230 4908 AmdK7 - ok
13:41:55.0245 4908 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:41:55.0245 4908 AmdK8 - ok
13:41:55.0292 4908 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
13:41:55.0292 4908 Appinfo - ok
13:41:55.0402 4908 [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
13:41:55.0417 4908 Apple Mobile Device - ok
13:41:55.0464 4908 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
13:41:55.0480 4908 arc - ok
13:41:55.0495 4908 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:41:55.0495 4908 arcsas - ok
13:41:55.0527 4908 [ 4385E371C25C94C804E9D3152BD9E1F7 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
13:41:55.0542 4908 AsDsm - ok
13:41:55.0589 4908 [ 66597AD6098352D11239C0C42100B176 ] ASLDRService C:\Program Files\ATK Hotkey\ASLDRSrv.exe
13:41:55.0605 4908 ASLDRService - ok
13:41:55.0605 4908 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys
13:41:55.0620 4908 ASMMAP - ok
13:41:55.0652 4908 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:41:55.0667 4908 AsyncMac - ok
13:41:55.0667 4908 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
13:41:55.0667 4908 atapi - ok
13:41:55.0730 4908 [ 4DF523F49694B2884F8E5D870BF3E253 ] athr C:\Windows\system32\DRIVERS\athr.sys
13:41:55.0761 4908 athr - ok
13:41:55.0808 4908 [ B886D349AFAD502DE4F6EA0C64B1CC4D ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
13:41:55.0839 4908 Ati External Event Utility - ok
13:41:56.0042 4908 [ 8AE1745BFC7D383DAA3F82FE8D7BE7C0 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:41:56.0136 4908 atikmdag - ok
13:41:56.0152 4908 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
13:41:56.0167 4908 ATKGFNEXSrv - ok
13:41:56.0214 4908 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:41:56.0230 4908 AudioEndpointBuilder - ok
13:41:56.0245 4908 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:41:56.0245 4908 Audiosrv - ok
13:41:56.0292 4908 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
13:41:56.0292 4908 Beep - ok
13:41:56.0323 4908 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
13:41:56.0339 4908 BFE - ok
13:41:56.0386 4908 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\system32\qmgr.dll
13:41:56.0495 4908 BITS - ok
13:41:56.0527 4908 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:41:56.0542 4908 blbdrive - ok
13:41:56.0589 4908 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:41:56.0605 4908 Bonjour Service - ok
13:41:56.0620 4908 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:41:56.0636 4908 bowser - ok
13:41:56.0652 4908 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:41:56.0652 4908 BrFiltLo - ok
13:41:56.0667 4908 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:41:56.0667 4908 BrFiltUp - ok
13:41:56.0714 4908 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
13:41:56.0714 4908 Browser - ok
13:41:56.0745 4908 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
13:41:56.0761 4908 Brserid - ok
13:41:56.0777 4908 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:41:56.0777 4908 BrSerWdm - ok
13:41:56.0792 4908 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:41:56.0808 4908 BrUsbMdm - ok
13:41:56.0823 4908 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:41:56.0823 4908 BrUsbSer - ok
13:41:56.0855 4908 [ AE19CFBBBA41800F3D5343E21D2CA09F ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
13:41:56.0870 4908 BthEnum - ok
13:41:56.0870 4908 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:41:56.0870 4908 BTHMODEM - ok
13:41:56.0917 4908 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:41:56.0933 4908 BthPan - ok
13:41:57.0120 4908 [ 75F19DF0BC62992D05FDD8A32D968531 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
13:41:57.0167 4908 BTHPORT - ok
13:41:57.0214 4908 [ FC930B47A83F5F61DFADC64A0719DE43 ] BthServ C:\Windows\System32\bthserv.dll
13:41:57.0230 4908 BthServ - ok
13:41:57.0261 4908 [ 4CE2A25C5936BC515357D60FEE73F221 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
13:41:57.0261 4908 BTHUSB - ok
13:41:57.0308 4908 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
13:41:57.0323 4908 BVRPMPR5 - ok
13:41:57.0417 4908 catchme - ok
13:41:57.0464 4908 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:41:57.0464 4908 cdfs - ok
13:41:57.0480 4908 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:41:57.0495 4908 cdrom - ok
13:41:57.0527 4908 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
13:41:57.0542 4908 CertPropSvc - ok
13:41:57.0589 4908 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
13:41:57.0652 4908 circlass - ok
13:41:57.0730 4908 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
13:41:57.0792 4908 CLFS - ok
13:41:57.0870 4908 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:41:58.0402 4908 clr_optimization_v2.0.50727_32 - ok
13:41:58.0527 4908 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:41:58.0589 4908 clr_optimization_v4.0.30319_32 - ok
13:41:58.0636 4908 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:41:58.0636 4908 CmBatt - ok
13:41:58.0652 4908 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:41:58.0667 4908 cmdide - ok
13:41:58.0683 4908 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:41:58.0698 4908 Compbatt - ok
13:41:58.0698 4908 COMSysApp - ok
13:41:58.0714 4908 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:41:58.0730 4908 crcdisk - ok
13:41:58.0730 4908 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
13:41:58.0745 4908 Crusoe - ok
13:41:58.0777 4908 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:41:58.0808 4908 CryptSvc - ok
13:41:58.0870 4908 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:41:58.0995 4908 DcomLaunch - ok
13:41:59.0011 4908 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:41:59.0027 4908 DfsC - ok
13:41:59.0120 4908 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
13:41:59.0198 4908 DFSR - ok
13:41:59.0245 4908 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:41:59.0277 4908 Dhcp - ok
13:41:59.0308 4908 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
13:41:59.0308 4908 disk - ok
13:41:59.0355 4908 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:41:59.0402 4908 Dnscache - ok
13:41:59.0433 4908 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
13:41:59.0464 4908 dot3svc - ok
13:41:59.0495 4908 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
13:41:59.0558 4908 DPS - ok
13:41:59.0605 4908 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:41:59.0605 4908 drmkaud - ok
13:41:59.0636 4908 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:41:59.0667 4908 DXGKrnl - ok
13:41:59.0714 4908 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
13:41:59.0714 4908 E1G60 - ok
13:41:59.0761 4908 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
13:41:59.0808 4908 EapHost - ok
13:41:59.0839 4908 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
13:41:59.0839 4908 Ecache - ok
13:41:59.0902 4908 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:41:59.0917 4908 ehRecvr - ok
13:41:59.0933 4908 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
13:41:59.0948 4908 ehSched - ok
13:41:59.0948 4908 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
13:41:59.0964 4908 ehstart - ok
13:41:59.0995 4908 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:42:00.0011 4908 elxstor - ok
13:42:00.0089 4908 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:42:00.0152 4908 EMDMgmt - ok
13:42:00.0183 4908 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:42:00.0183 4908 ErrDev - ok
13:42:00.0230 4908 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
13:42:00.0277 4908 EventSystem - ok
13:42:00.0308 4908 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
13:42:00.0323 4908 exfat - ok
13:42:00.0339 4908 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:42:00.0355 4908 fastfat - ok
13:42:00.0386 4908 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:42:00.0402 4908 fdc - ok
13:42:00.0433 4908 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
13:42:00.0480 4908 fdPHost - ok
13:42:00.0480 4908 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
13:42:00.0527 4908 FDResPub - ok
13:42:00.0558 4908 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:42:00.0558 4908 FileInfo - ok
13:42:00.0605 4908 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:42:00.0605 4908 Filetrace - ok
13:42:00.0636 4908 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:42:00.0636 4908 flpydisk - ok
13:42:00.0667 4908 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:42:00.0667 4908 FltMgr - ok
13:42:00.0745 4908 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:42:00.0745 4908 FontCache3.0.0.0 - ok
13:42:00.0761 4908 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:42:00.0761 4908 Fs_Rec - ok
13:42:00.0777 4908 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:42:00.0777 4908 gagp30kx - ok
13:42:00.0792 4908 GEARAspiWDM - ok
13:42:00.0855 4908 [ 31B40F40E09513ADDC460F6A297AD474 ] ghaio C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
13:42:00.0855 4908 ghaio - ok
13:42:00.0917 4908 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
13:42:00.0917 4908 GoogleDesktopManager-051210-111108 - ok
13:42:00.0964 4908 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
13:42:01.0027 4908 gpsvc - ok
13:42:01.0152 4908 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:42:01.0167 4908 gupdate - ok
13:42:01.0167 4908 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:42:01.0167 4908 gupdatem - ok
13:42:01.0245 4908 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:42:01.0261 4908 gusvc - ok
13:42:01.0292 4908 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:42:01.0308 4908 HdAudAddService - ok
13:42:01.0323 4908 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:42:01.0323 4908 HDAudBus - ok
13:42:01.0355 4908 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:42:01.0355 4908 HidBth - ok
13:42:01.0386 4908 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
13:42:01.0386 4908 HidIr - ok
13:42:01.0402 4908 [ 53D5A2F9CE6AE47D7507727DF1DA79F8 ] hidserv C:\Windows\System32\hidserv.dll
13:42:01.0448 4908 hidserv - ok
13:42:01.0480 4908 [ E2B5BD48AFCC0F0974FB44641B223250 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:42:01.0495 4908 HidUsb - ok
13:42:01.0511 4908 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:42:01.0589 4908 hkmsvc - ok
13:42:01.0605 4908 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:42:01.0620 4908 HpCISSs - ok
13:42:01.0667 4908 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:42:01.0683 4908 HTTP - ok
13:42:01.0698 4908 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:42:01.0698 4908 i2omp - ok
13:42:01.0745 4908 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:42:01.0745 4908 i8042prt - ok
13:42:01.0777 4908 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:42:01.0792 4908 iaStorV - ok
13:42:01.0839 4908 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:42:01.0855 4908 IDriverT - ok
13:42:01.0933 4908 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:42:02.0011 4908 idsvc - ok
13:42:02.0027 4908 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:42:02.0073 4908 iirsp - ok
13:42:02.0105 4908 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
13:42:02.0152 4908 IKEEXT - ok
13:42:02.0230 4908 [ B795745F7E51AA20D46753EC5A811ACA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:42:02.0292 4908 IntcAzAudAddService - ok
13:42:02.0323 4908 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
13:42:02.0323 4908 intelide - ok
13:42:02.0370 4908 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:42:02.0370 4908 intelppm - ok
13:42:02.0402 4908 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:42:02.0433 4908 IPBusEnum - ok
13:42:02.0448 4908 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:42:02.0464 4908 IpFilterDriver - ok
13:42:02.0495 4908 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:42:02.0542 4908 iphlpsvc - ok
13:42:02.0542 4908 IpInIp - ok
13:42:02.0573 4908 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:42:02.0573 4908 IPMIDRV - ok
13:42:02.0605 4908 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:42:02.0605 4908 IPNAT - ok
13:42:02.0667 4908 [ 6E0FAEA90E71C5F1B9F3BC71B4CCA2FA ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:42:02.0761 4908 iPod Service - ok
13:42:02.0839 4908 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:42:02.0855 4908 IRENUM - ok
13:42:02.0933 4908 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:42:03.0011 4908 isapnp - ok
13:42:03.0027 4908 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:42:03.0058 4908 iScsiPrt - ok
13:42:03.0073 4908 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:42:03.0073 4908 iteatapi - ok
13:42:03.0105 4908 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:42:03.0105 4908 iteraid - ok
13:42:03.0136 4908 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:42:03.0136 4908 kbdclass - ok
13:42:03.0152 4908 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:42:03.0152 4908 kbdhid - ok
13:42:03.0183 4908 [ 27BD4AC228EF6C0D490617C32E86A672 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
13:42:03.0198 4908 kbfiltr - ok
13:42:03.0230 4908 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
13:42:03.0292 4908 KeyIso - ok
13:42:03.0323 4908 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:42:03.0355 4908 KSecDD - ok
13:42:03.0402 4908 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:42:03.0495 4908 KtmRm - ok
13:42:03.0542 4908 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:42:03.0652 4908 LanmanServer - ok
13:42:03.0683 4908 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:42:03.0855 4908 LanmanWorkstation - ok
13:42:03.0902 4908 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:42:03.0933 4908 LightScribeService - ok
13:42:03.0964 4908 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:42:03.0995 4908 lltdio - ok
13:42:04.0058 4908 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:42:04.0136 4908 lltdsvc - ok
13:42:04.0167 4908 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:42:04.0292 4908 lmhosts - ok
13:42:04.0323 4908 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:42:04.0323 4908 LSI_FC - ok
13:42:04.0339 4908 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:42:04.0355 4908 LSI_SAS - ok
13:42:04.0386 4908 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:42:04.0402 4908 LSI_SCSI - ok
13:42:04.0417 4908 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
13:42:04.0417 4908 luafv - ok
13:42:04.0448 4908 [ 8039F480C192DD99FED4EBC71FFBF795 ] lullaby C:\Windows\system32\DRIVERS\lullaby.sys
13:42:04.0464 4908 lullaby - ok
13:42:04.0480 4908 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:42:04.0558 4908 Mcx2Svc - ok
13:42:04.0605 4908 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
13:42:04.0605 4908 megasas - ok
13:42:04.0636 4908 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
13:42:04.0667 4908 MegaSR - ok
13:42:04.0683 4908 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
13:42:04.0761 4908 MMCSS - ok
13:42:04.0777 4908 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
13:42:04.0792 4908 Modem - ok
13:42:04.0808 4908 [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
13:42:04.0808 4908 MODEMCSA - ok
13:42:04.0839 4908 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:42:04.0839 4908 monitor - ok
13:42:04.0870 4908 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:42:04.0870 4908 mouclass - ok
13:42:04.0886 4908 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:42:04.0902 4908 mouhid - ok
13:42:04.0917 4908 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:42:04.0933 4908 MountMgr - ok
13:42:04.0964 4908 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
13:42:04.0980 4908 mpio - ok
13:42:04.0995 4908 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:42:04.0995 4908 mpsdrv - ok
13:42:05.0042 4908 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
13:42:05.0136 4908 MpsSvc - ok
13:42:05.0152 4908 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:42:05.0167 4908 Mraid35x - ok
13:42:05.0183 4908 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:42:05.0198 4908 MRxDAV - ok
13:42:05.0230 4908 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:42:05.0230 4908 mrxsmb - ok
13:42:05.0277 4908 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:42:05.0292 4908 mrxsmb10 - ok
13:42:05.0323 4908 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:42:05.0323 4908 mrxsmb20 - ok
13:42:05.0355 4908 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
13:42:05.0355 4908 msahci - ok
13:42:05.0370 4908 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:42:05.0370 4908 msdsm - ok
13:42:05.0402 4908 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
13:42:05.0464 4908 MSDTC - ok
13:42:05.0511 4908 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:42:05.0527 4908 Msfs - ok
13:42:05.0558 4908 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:42:05.0558 4908 msisadrv - ok
13:42:05.0589 4908 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:42:05.0667 4908 MSiSCSI - ok
13:42:05.0698 4908 msiserver - ok
13:42:05.0714 4908 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:42:05.0730 4908 MSKSSRV - ok
13:42:05.0761 4908 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:42:05.0777 4908 MSPCLOCK - ok
13:42:05.0792 4908 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:42:05.0808 4908 MSPQM - ok
13:42:05.0823 4908 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:42:05.0839 4908 MsRPC - ok
13:42:05.0870 4908 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:42:05.0870 4908 mssmbios - ok
13:42:05.0902 4908 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:42:05.0902 4908 MSTEE - ok
13:42:05.0933 4908 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
13:42:05.0933 4908 MTsensor - ok
13:42:05.0964 4908 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
13:42:05.0980 4908 Mup - ok
13:42:06.0011 4908 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
13:42:06.0120 4908 napagent - ok
13:42:06.0167 4908 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:42:06.0167 4908 NativeWifiP - ok
13:42:06.0214 4908 [ C8560010A542B5DCA94C62468DC20784 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:42:06.0230 4908 NDIS - ok
13:42:06.0245 4908 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:42:06.0261 4908 NdisTapi - ok
13:42:06.0277 4908 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:42:06.0292 4908 Ndisuio - ok
13:42:06.0308 4908 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:42:06.0323 4908 NdisWan - ok
13:42:06.0339 4908 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:42:06.0355 4908 NDProxy - ok
13:42:06.0370 4908 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:42:06.0370 4908 NetBIOS - ok
13:42:06.0402 4908 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:42:06.0402 4908 netbt - ok
13:42:06.0433 4908 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
13:42:06.0480 4908 Netlogon - ok
13:42:06.0495 4908 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
13:42:06.0558 4908 Netman - ok
13:42:06.0605 4908 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
13:42:06.0667 4908 netprofm - ok
13:42:06.0698 4908 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:42:06.0698 4908 NetTcpPortSharing - ok
13:42:06.0730 4908 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:42:06.0745 4908 nfrd960 - ok
13:42:06.0777 4908 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:42:06.0855 4908 NlaSvc - ok
13:42:06.0870 4908 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:42:06.0870 4908 Npfs - ok
13:42:06.0886 4908 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
13:42:06.0948 4908 nsi - ok
13:42:06.0980 4908 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:42:06.0980 4908 nsiproxy - ok
13:42:07.0027 4908 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:42:07.0058 4908 Ntfs - ok
13:42:07.0089 4908 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
13:42:07.0105 4908 ntrigdigi - ok
13:42:07.0120 4908 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
13:42:07.0136 4908 Null - ok
13:42:07.0152 4908 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:42:07.0167 4908 nvraid - ok
13:42:07.0183 4908 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:42:07.0183 4908 nvstor - ok
13:42:07.0214 4908 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:42:07.0245 4908 nv_agp - ok
13:42:07.0245 4908 NwlnkFlt - ok
13:42:07.0261 4908 NwlnkFwd - ok
13:42:07.0355 4908 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:42:07.0370 4908 odserv - ok
13:42:07.0402 4908 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:42:07.0402 4908 ohci1394 - ok
13:42:07.0433 4908 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:42:07.0433 4908 ose - ok
13:42:07.0480 4908 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:42:07.0573 4908 p2pimsvc - ok
13:42:07.0605 4908 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
13:42:07.0667 4908 p2psvc - ok
13:42:07.0714 4908 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
13:42:07.0730 4908 Parport - ok
13:42:07.0745 4908 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:42:07.0745 4908 partmgr - ok
13:42:07.0761 4908 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
13:42:07.0761 4908 Parvdm - ok
13:42:07.0777 4908 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
13:42:07.0886 4908 PcaSvc - ok
13:42:07.0902 4908 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
13:42:07.0917 4908 pci - ok
13:42:07.0948 4908 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
13:42:07.0948 4908 pciide - ok
13:42:07.0980 4908 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:42:07.0995 4908 pcmcia - ok
13:42:08.0230 4908 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:42:08.0339 4908 PEAUTH - ok
13:42:08.0448 4908 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
13:42:08.0589 4908 pla - ok
13:42:08.0620 4908 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:42:08.0761 4908 PlugPlay - ok
13:42:08.0792 4908 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:42:08.0886 4908 PNRPAutoReg - ok
13:42:08.0917 4908 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:42:08.0995 4908 PNRPsvc - ok
13:42:09.0042 4908 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:42:09.0105 4908 PolicyAgent - ok
13:42:09.0152 4908 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:42:09.0152 4908 PptpMiniport - ok
13:42:09.0167 4908 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
13:42:09.0183 4908 Processor - ok
13:42:09.0214 4908 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
13:42:09.0308 4908 ProfSvc - ok
13:42:09.0323 4908 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:42:09.0370 4908 ProtectedStorage - ok
13:42:09.0402 4908 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:42:09.0402 4908 PSched - ok
13:42:09.0433 4908 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
13:42:09.0433 4908 PxHelp20 - ok
13:42:09.0495 4908 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:42:09.0558 4908 ql2300 - ok
13:42:09.0589 4908 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:42:09.0589 4908 ql40xx - ok
13:42:09.0620 4908 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
13:42:09.0714 4908 QWAVE - ok
13:42:09.0745 4908 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:42:09.0745 4908 QWAVEdrv - ok
13:42:09.0761 4908 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:42:09.0777 4908 RasAcd - ok
13:42:09.0792 4908 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
13:42:09.0870 4908 RasAuto - ok
13:42:09.0902 4908 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:42:09.0917 4908 Rasl2tp - ok
13:42:09.0948 4908 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
13:42:10.0042 4908 RasMan - ok
13:42:10.0058 4908 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:42:10.0073 4908 RasPppoe - ok
13:42:10.0073 4908 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:42:10.0089 4908 RasSstp - ok
13:42:10.0120 4908 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:42:10.0120 4908 rdbss - ok
13:42:10.0136 4908 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:42:10.0152 4908 RDPCDD - ok
13:42:10.0167 4908 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:42:10.0183 4908 rdpdr - ok
13:42:10.0198 4908 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:42:10.0198 4908 RDPENCDD - ok
13:42:10.0230 4908 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:42:10.0245 4908 RDPWD - ok
13:42:10.0292 4908 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:42:10.0386 4908 RemoteAccess - ok
13:42:10.0417 4908 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:42:10.0527 4908 RemoteRegistry - ok
13:42:10.0558 4908 [ 23F486726DA7A9B2F3EC7326421A9C36 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:42:10.0589 4908 RFCOMM - ok
13:42:10.0620 4908 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
13:42:10.0698 4908 RpcLocator - ok
13:42:10.0714 4908 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
13:42:10.0823 4908 RpcSs - ok
13:42:10.0870 4908 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:42:10.0886 4908 rspndr - ok
13:42:10.0917 4908 [ 557D431125AA3D58F2D132FDA1EB8255 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
13:42:10.0917 4908 RTSTOR - ok
13:42:10.0933 4908 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
13:42:10.0995 4908 SamSs - ok
13:42:11.0058 4908 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:42:11.0058 4908 sbp2port - ok
13:42:11.0089 4908 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:42:11.0214 4908 SCardSvr - ok
13:42:11.0277 4908 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
13:42:11.0370 4908 Schedule - ok
13:42:11.0386 4908 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
13:42:11.0386 4908 SCPolicySvc - ok
13:42:11.0433 4908 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
13:42:11.0433 4908 sdbus - ok
13:42:11.0480 4908 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:42:11.0573 4908 SDRSVC - ok
13:42:11.0589 4908 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
13:42:11.0667 4908 seclogon - ok
13:42:11.0683 4908 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
13:42:11.0777 4908 SENS - ok
13:42:11.0808 4908 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
13:42:11.0808 4908 Serenum - ok
13:42:11.0823 4908 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
13:42:11.0839 4908 Serial - ok
13:42:11.0855 4908 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:42:11.0855 4908 sermouse - ok
13:42:11.0902 4908 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
13:42:11.0980 4908 SessionEnv - ok
13:42:11.0995 4908 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:42:11.0995 4908 sffdisk - ok
13:42:12.0011 4908 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:42:12.0011 4908 sffp_mmc - ok
13:42:12.0042 4908 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:42:12.0042 4908 sffp_sd - ok
13:42:12.0073 4908 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:42:12.0089 4908 sfloppy - ok
13:42:12.0136 4908 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:42:12.0183 4908 SharedAccess - ok
13:42:12.0230 4908 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:42:12.0323 4908 ShellHWDetection - ok
13:42:12.0339 4908 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:42:12.0355 4908 sisagp - ok
13:42:12.0386 4908 [ A029482BE40DEF54DF02FCE751AA16DC ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSGB6.sys
13:42:12.0402 4908 SiSGbeLH - ok
13:42:12.0417 4908 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:42:12.0417 4908 SiSRaid2 - ok
13:42:12.0433 4908 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:42:12.0448 4908 SiSRaid4 - ok
13:42:12.0495 4908 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:42:12.0495 4908 SkypeUpdate - ok
13:42:12.0667 4908 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
13:42:12.0823 4908 slsvc - ok
13:42:12.0855 4908 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:42:12.0948 4908 SLUINotify - ok
13:42:12.0980 4908 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:42:12.0995 4908 Smb - ok
13:42:13.0073 4908 [ C8A58FC905C9184FA70E37F71060C64D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
13:42:13.0120 4908 smserial - ok
13:42:13.0167 4908 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:42:13.0245 4908 SNMPTRAP - ok
13:42:13.0339 4908 [ A709DFA1674C1ED61EF7B5F29B38EEB1 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
13:42:13.0402 4908 SNP2UVC - ok
13:42:13.0417 4908 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
13:42:13.0417 4908 spldr - ok
13:42:13.0464 4908 [ 739DB668DBD812285ECC553E64A5E212 ] spmgr C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
13:42:13.0464 4908 spmgr - ok
13:42:13.0495 4908 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
13:42:13.0589 4908 Spooler - ok
13:42:13.0683 4908 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:42:13.0714 4908 srv - ok
13:42:13.0745 4908 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:42:13.0761 4908 srv2 - ok
13:42:13.0777 4908 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:42:13.0792 4908 srvnet - ok
13:42:13.0823 4908 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:42:13.0917 4908 SSDPSRV - ok
13:42:13.0933 4908 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:42:14.0011 4908 SstpSvc - ok
13:42:14.0042 4908 Steam Client Service - ok
13:42:14.0089 4908 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
13:42:14.0198 4908 stisvc - ok
13:42:14.0277 4908 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:42:14.0277 4908 swenum - ok
13:42:14.0308 4908 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
13:42:14.0386 4908 swprv - ok
13:42:14.0402 4908 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:42:14.0417 4908 Symc8xx - ok
13:42:14.0448 4908 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:42:14.0464 4908 Sym_hi - ok
13:42:14.0480 4908 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:42:14.0480 4908 Sym_u3 - ok
13:42:14.0511 4908 [ 55F6E55CC2430CA8713387106FA79817 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:42:14.0527 4908 SynTP - ok
13:42:14.0573 4908 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
13:42:14.0684 4908 SysMain - ok
13:42:14.0720 4908 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:42:14.0803 4908 TabletInputService - ok
13:42:14.0834 4908 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
13:42:14.0912 4908 TapiSrv - ok
13:42:14.0928 4908 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
13:42:14.0990 4908 TBS - ok
13:42:15.0147 4908 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:42:15.0209 4908 Tcpip - ok
13:42:15.0350 4908 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:42:15.0365 4908 Tcpip6 - ok
13:42:15.0459 4908 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:42:15.0490 4908 tcpipreg - ok
13:42:15.0522 4908 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:42:15.0537 4908 TDPIPE - ok
13:42:15.0553 4908 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:42:15.0569 4908 TDTCP - ok
13:42:15.0600 4908 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:42:15.0615 4908 tdx - ok
13:42:15.0897 4908 [ 1C46C27E9F1938B9589859C70450D275 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
13:42:16.0006 4908 TeamViewer6 - ok
13:42:16.0053 4908 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:42:16.0084 4908 TermDD - ok
13:42:16.0131 4908 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
13:42:16.0256 4908 TermService - ok
13:42:16.0300 4908 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
13:42:16.0437 4908 Themes - ok
13:42:16.0452 4908 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
13:42:16.0499 4908 THREADORDER - ok
13:42:16.0546 4908 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
13:42:16.0671 4908 TrkWks - ok
13:42:16.0702 4908 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:42:16.0718 4908 TrustedInstaller - ok
13:42:16.0734 4908 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:42:16.0749 4908 tssecsrv - ok
13:42:16.0780 4908 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:42:16.0780 4908 tunmp - ok
13:42:16.0812 4908 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:42:16.0827 4908 tunnel - ok
13:42:16.0843 4908 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:42:16.0843 4908 uagp35 - ok
13:42:16.0874 4908 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:42:16.0905 4908 udfs - ok
13:42:16.0921 4908 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:42:17.0015 4908 UI0Detect - ok
13:42:17.0030 4908 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:42:17.0046 4908 uliagpkx - ok
13:42:17.0077 4908 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:42:17.0109 4908 uliahci - ok
13:42:17.0155 4908 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:42:17.0155 4908 UlSata - ok
13:42:17.0202 4908 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:42:17.0218 4908 ulsata2 - ok
13:42:17.0249 4908 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:42:17.0280 4908 umbus - ok
13:42:17.0374 4908 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
13:42:17.0546 4908 upnphost - ok
13:42:17.0671 4908 [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
13:42:17.0687 4908 USBAAPL - ok
13:42:17.0734 4908 [ A7CD5B4ADEA26765CAB06BDAB7B07B13 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:42:17.0749 4908 usbccgp - ok
13:42:17.0780 4908 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:42:17.0796 4908 usbcir - ok
13:42:17.0812 4908 [ 686D4188AE36254C3008B71FEDACADF3 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:42:17.0827 4908 usbehci - ok
13:42:17.0874 4908 [ 4E42F665A658F08D153F7FFFE7C83806 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:42:17.0890 4908 usbhub - ok
13:42:17.0921 4908 [ D16C39CF6C1EC57614FBD8BD3EF2682D ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:42:17.0937 4908 usbohci - ok
13:42:17.0999 4908 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:42:17.0999 4908 usbprint - ok
13:42:18.0030 4908 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:42:18.0046 4908 USBSTOR - ok
13:42:18.0062 4908 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:42:18.0140 4908 usbuhci - ok
13:42:18.0234 4908 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:42:18.0249 4908 usbvideo - ok
13:42:18.0312 4908 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
13:42:18.0468 4908 UxSms - ok
13:42:18.0562 4908 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
13:42:18.0734 4908 vds - ok
13:42:18.0780 4908 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:42:18.0796 4908 vga - ok
13:42:18.0843 4908 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
13:42:18.0859 4908 VgaSave - ok
13:42:18.0890 4908 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:42:18.0937 4908 viaagp - ok
13:42:18.0984 4908 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:42:18.0984 4908 ViaC7 - ok
13:42:19.0015 4908 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
13:42:19.0030 4908 viaide - ok
13:42:19.0046 4908 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:42:19.0077 4908 volmgr - ok
13:42:19.0265 4908 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:42:19.0312 4908 volmgrx - ok
13:42:19.0343 4908 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:42:19.0374 4908 volsnap - ok
13:42:19.0405 4908 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:42:19.0405 4908 vsmraid - ok
13:42:19.0468 4908 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
13:42:19.0609 4908 VSS - ok
13:42:19.0655 4908 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
13:42:19.0749 4908 W32Time - ok
13:42:19.0780 4908 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:42:19.0796 4908 WacomPen - ok
13:42:19.0812 4908 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:42:19.0843 4908 Wanarp - ok
13:42:19.0874 4908 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:42:19.0874 4908 Wanarpv6 - ok
13:42:19.0968 4908 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:42:20.0077 4908 wcncsvc - ok
13:42:20.0140 4908 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:42:20.0234 4908 WcsPlugInService - ok
13:42:20.0296 4908 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
13:42:20.0312 4908 Wd - ok
13:42:20.0374 4908 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
13:42:20.0390 4908 WDC_SAM - ok
13:42:20.0421 4908 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:42:20.0437 4908 Wdf01000 - ok
13:42:20.0468 4908 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:42:20.0609 4908 WdiServiceHost - ok
13:42:20.0624 4908 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:42:20.0718 4908 WdiSystemHost - ok
13:42:20.0749 4908 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
13:42:20.0843 4908 WebClient - ok
13:42:20.0874 4908 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:42:20.0984 4908 Wecsvc - ok
13:42:21.0015 4908 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:42:21.0109 4908 wercplsupport - ok
13:42:21.0171 4908 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
13:42:21.0249 4908 WerSvc - ok
13:42:21.0312 4908 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:42:21.0327 4908 WinDefend - ok
13:42:21.0343 4908 WinHttpAutoProxySvc - ok
13:42:21.0374 4908 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:42:21.0609 4908 Winmgmt - ok
13:42:21.0734 4908 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
13:42:21.0874 4908 WinRM - ok
13:42:21.0974 4908 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:42:22.0052 4908 Wlansvc - ok
13:42:22.0099 4908 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:42:22.0114 4908 WmiAcpi - ok
13:42:22.0193 4908 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:42:22.0255 4908 wmiApSrv - ok
13:42:22.0474 4908 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:42:22.0568 4908 WMPNetworkSvc - ok
13:42:22.0599 4908 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:42:22.0739 4908 WPCSvc - ok
13:42:22.0771 4908 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:42:22.0864 4908 WPDBusEnum - ok
13:42:22.0911 4908 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:42:22.0911 4908 WpdUsb - ok
13:42:23.0114 4908 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:42:23.0271 4908 WPFFontCache_v0400 - ok
13:42:23.0302 4908 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:42:23.0302 4908 ws2ifsl - ok
13:42:23.0349 4908 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\system32\wscsvc.dll
13:42:23.0443 4908 wscsvc - ok
13:42:23.0458 4908 WSearch - ok
13:42:23.0630 4908 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
13:42:23.0786 4908 wuauserv - ok
13:42:23.0818 4908 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:42:23.0833 4908 WUDFRd - ok
13:42:23.0849 4908 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:42:23.0974 4908 wudfsvc - ok
13:42:24.0021 4908 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
13:42:24.0021 4908 yukonwlh - ok
13:42:24.0068 4908 ================ Scan global ===============================
13:42:24.0083 4908 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:42:24.0161 4908 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
13:42:24.0271 4908 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
13:42:24.0380 4908 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
13:42:24.0458 4908 [Global] - ok
13:42:24.0458 4908 ================ Scan MBR ==================================
13:42:24.0489 4908 [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
13:42:24.0974 4908 \Device\Harddisk0\DR0 - ok
13:42:24.0974 4908 ================ Scan VBR ==================================
13:42:24.0974 4908 [ 492923B6D5691E082E3A56CD6882F0B3 ] \Device\Harddisk0\DR0\Partition1
13:42:24.0974 4908 \Device\Harddisk0\DR0\Partition1 - ok
13:42:25.0021 4908 [ 4C202ED95912042FB8E9168CA0AFDC5D ] \Device\Harddisk0\DR0\Partition2
13:42:25.0021 4908 \Device\Harddisk0\DR0\Partition2 - ok
13:42:25.0021 4908 ============================================================
13:42:25.0021 4908 Scan finished
13:42:25.0021 4908 ============================================================
13:42:25.0036 4824 Detected object count: 0
13:42:25.0036 4824 Actual detected object count: 0

no reboot needed.


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-21 13:50:16
-----------------------------
13:50:16.788 OS Version: Windows 6.0.6001 Service Pack 1
13:50:16.788 Number of processors: 2 586 0x170A
13:50:16.788 ComputerName: AMENO UserName: Tom
13:50:21.898 Initialize success
13:52:49.495 AVAST engine defs: 12112000
13:52:58.386 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
13:52:58.386 Disk 0 Vendor: ST9320320AS 0303 Size: 305245MB BusType: 3
13:52:58.433 Disk 0 MBR read successfully
13:52:58.433 Disk 0 MBR scan
13:52:58.464 Disk 0 unknown MBR code
13:52:58.464 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10001 MB offset 63
13:52:58.479 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 20482875
13:52:58.479 Disk 0 Partition - 00 0F Extended LBA 142624 MB offset 333045152
13:52:58.542 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 142624 MB offset 333045196
13:52:58.558 Disk 0 scanning sectors +625140736
13:52:58.745 Disk 0 scanning C:\Windows\system32\drivers
13:53:13.558 Service scanning
13:53:46.709 Modules scanning
13:53:54.053 Disk 0 trace - called modules:
13:53:54.069
13:53:55.522 AVAST engine scan C:\Windows
13:54:01.632 AVAST engine scan C:\Windows\system32
13:55:34.397 Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\virus protectin\MBR.dat"
13:55:34.412 The log file has been saved successfully to "C:\Users\Tom\Desktop\virus protectin\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-21 13:50:16
-----------------------------
13:50:16.788 OS Version: Windows 6.0.6001 Service Pack 1
13:50:16.788 Number of processors: 2 586 0x170A
13:50:16.788 ComputerName: AMENO UserName: Tom
13:50:21.898 Initialize success
13:52:49.495 AVAST engine defs: 12112000
13:52:58.386 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
13:52:58.386 Disk 0 Vendor: ST9320320AS 0303 Size: 305245MB BusType: 3
13:52:58.433 Disk 0 MBR read successfully
13:52:58.433 Disk 0 MBR scan
13:52:58.464 Disk 0 unknown MBR code
13:52:58.464 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10001 MB offset 63
13:52:58.479 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 20482875
13:52:58.479 Disk 0 Partition - 00 0F Extended LBA 142624 MB offset 333045152
13:52:58.542 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 142624 MB offset 333045196
13:52:58.558 Disk 0 scanning sectors +625140736
13:52:58.745 Disk 0 scanning C:\Windows\system32\drivers
13:53:13.558 Service scanning
13:53:46.709 Modules scanning
13:53:54.053 Disk 0 trace - called modules:
13:53:54.069
13:53:55.522 AVAST engine scan C:\Windows
13:54:01.632 AVAST engine scan C:\Windows\system32
13:55:34.397 Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\virus protectin\MBR.dat"
13:55:34.412 The log file has been saved successfully to "C:\Users\Tom\Desktop\virus protectin\aswMBR.txt"
14:00:39.919 AVAST engine scan C:\Windows\system32\drivers
14:00:59.403 AVAST engine scan C:\Users\Tom
14:16:53.288 AVAST engine scan C:\ProgramData
14:20:27.734 Scan finished successfully
14:58:15.024 Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\virus protectin\MBR.dat"
14:58:15.055 The log file has been saved successfully to "C:\Users\Tom\Desktop\virus protectin\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 AM

Posted 21 November 2012 - 12:32 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\programdata\lljiqomupiopcnx

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 AM

Posted 25 November 2012 - 08:00 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 AM

Posted 28 November 2012 - 08:08 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 AM

Posted 30 November 2012 - 11:59 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users