Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Acccess


  • This topic is locked This topic is locked
19 replies to this topic

#1 Loccie

Loccie

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 25 November 2012 - 01:43 PM

Hi

I have been having issues for a while, adverts appearing in IE when before they were blocked iplayer buffering and a feeling of everything not being normal. I checked with OTL and a few things were listed under zeroaccess I removed those and a few other things. Things were ok for a while, well no adds but I still felt something was not right. Recently kaspersky has started unloading from memory I checked OTL and again a set of issues were listed under zero access but this time I could not remove them. I did a reinstall last night but it appears it was already infected so I need some help to get to the bottom of it, thanks in advance.

Attached Files

  • Attached File  dds.txt   11.4KB   1 downloads
  • Attached File  OTL.Txt   53.99KB   0 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:42 PM

Posted 25 November 2012 - 02:33 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Loccie

Loccie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 25 November 2012 - 03:37 PM

Hello Gringo and thank you for helping. Just a note I ran rouge killer last night before I reinstalled and it made IE unusable, hence the reinstall. I will reboot now and check IE, just a heads up incase I don't get right back ;-)

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.4001)
CCleaner
Adobe Reader 10.1.4 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````


# AdwCleaner v2.007 - Logfile created 11/25/2012 at 10:07:19
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Loccie - LOCCIE-TOSH
# Boot Mode : Normal
# Running from : C:\Users\Loccie\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [717 octets] - [25/11/2012 09:55:45]
AdwCleaner[R2].txt - [776 octets] - [25/11/2012 09:56:56]
AdwCleaner[S1].txt - [712 octets] - [25/11/2012 10:07:19]

########## EOF - C:\AdwCleaner[S1].txt - [771 octets] ##########



Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Loccie [Admin rights]
Mode : Scan -- Date : 11/25/2012 20:25:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MJA2250BH G2 +++++
--- User ---
[MBR] 8004d9f45bb9ede573c21409b659a454
[BSP] 95a37c0606469ced22fe9c8f715d4108 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 238072 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11252012_02d2025.txt >>
RKreport[1]_S_11252012_02d2025.txt

#4 Loccie

Loccie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 25 November 2012 - 03:59 PM

OK rebooted seems IE is working after rouge killer ;-). I updated adobe reader it reported itself as up to date so I just installed a newer version over the top.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:42 PM

Posted 25 November 2012 - 05:23 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Loccie

Loccie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 26 November 2012 - 05:20 AM

Hello again, well after rouge killer IE has been a bit hit and miss, sometimes opens about:blank then reloads page or gets iframe.dll and blank page or sometimes rather laggy. I ran an older version of combo fix before asking for help and it deleted a couple of things but did not find the zero access stuff (I have included this old log part as context) Another thing is after updating adobe reader ccleaner gave ISearch and WGET as no longer needed registry keys.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\pt
c:\windows\system32\pt\ThpProp.exe.mui
c:\windows\system32\pt\ThpSrv.exe.mui
old log before we talked.


I ran the new combofix and it is finding the locked keys now.


ComboFix 12-11-26.01 - Loccie 26/11/2012 9:11.3.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.2037.1377 [GMT 0:00]
Running from: c:\users\Loccie\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 )))))))))))))))))))))))))))))))
.
.
2012-11-26 10:03 . 2012-11-26 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-25 22:30 . 2012-11-25 22:30 -------- d-----w- c:\windows\ELAMBKUP
2012-11-25 21:52 . 2012-11-25 21:52 -------- d-----w- c:\program files\CCleaner
2012-11-25 20:48 . 2012-11-25 20:48 -------- d-----w- c:\program files\Common Files\Adobe
2012-11-25 16:49 . 2012-11-25 16:49 -------- d-----w- c:\users\Loccie\AppData\Local\WindowsUpdate
2012-11-25 16:46 . 2012-11-25 16:46 -------- d-----w- c:\users\Loccie\AppData\Local\Secunia PSI
2012-11-25 16:46 . 2012-11-25 16:46 -------- d-----w- c:\program files\Secunia
2012-11-25 10:43 . 2012-11-25 15:36 -------- d-----w- c:\users\Loccie\AppData\Roaming\Skype
2012-11-25 10:42 . 2012-11-25 10:42 -------- d-----w- c:\program files\Common Files\Skype
2012-11-25 10:42 . 2012-11-25 10:42 -------- d-----r- c:\program files\Skype
2012-11-25 10:42 . 2012-11-25 10:43 -------- d-----w- c:\programdata\Skype
2012-11-25 08:36 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-25 08:36 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-25 08:36 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-25 08:35 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-25 08:35 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-25 08:35 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-25 08:35 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-25 08:35 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-25 08:35 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-25 08:35 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-25 08:34 . 2012-10-08 07:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-25 08:34 . 2012-10-08 08:37 140960 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-11-25 08:34 . 2012-10-08 07:45 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-11-25 08:34 . 2012-10-08 07:43 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-25 08:15 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-11-25 08:15 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-11-25 08:15 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-11-25 08:15 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-11-25 08:14 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-11-25 08:14 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-25 08:14 . 2012-08-20 17:40 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-25 08:14 . 2012-08-20 17:40 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-25 08:14 . 2012-08-20 17:37 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-25 08:12 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-25 08:01 . 2012-11-19 01:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{045B8143-475E-40B1-B39F-143D9D7DCD6A}\mpengine.dll
2012-11-24 23:17 . 2012-11-26 10:03 -------- d-----w- c:\users\Loccie\AppData\Local\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-25 23:19 . 2012-06-08 11:38 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-11-25 17:05 . 2012-07-31 19:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-25 17:05 . 2012-07-31 19:26 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-25 13:19 . 2012-10-25 13:19 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-10-25 13:19 . 2012-10-25 13:19 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-15 1586472]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 150552]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-25 356376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-26 10:07:26
ComboFix-quarantined-files.txt 2012-11-26 10:07
ComboFix2.txt 2012-11-25 10:38
ComboFix3.txt 2012-11-24 23:17
.
Pre-Run: 234,570,326,016 bytes free
Post-Run: 235,047,653,376 bytes free
.
- - End Of File - - E42CB12BAB37B317C2372656FAB6454D

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:42 PM

Posted 26 November 2012 - 06:51 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Loccie

Loccie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 26 November 2012 - 08:50 AM

Logs as requested. I updated kaspersky to IS 2013.


12:31:09.0712 5432 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:31:10.0507 5432 ============================================================
12:31:10.0507 5432 Current date / time: 2012/11/26 12:31:10.0507
12:31:10.0507 5432 SystemInfo:
12:31:10.0507 5432
12:31:10.0507 5432 OS Version: 6.1.7601 ServicePack: 1.0
12:31:10.0507 5432 Product type: Workstation
12:31:10.0507 5432 ComputerName: LOCCIE-TOSH
12:31:10.0507 5432 UserName: Loccie
12:31:10.0507 5432 Windows directory: C:\Windows
12:31:10.0507 5432 System windows directory: C:\Windows
12:31:10.0507 5432 Processor architecture: Intel x86
12:31:10.0507 5432 Number of processors: 2
12:31:10.0507 5432 Page size: 0x1000
12:31:10.0507 5432 Boot type: Normal boot
12:31:10.0507 5432 ============================================================
12:31:12.0426 5432 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:31:12.0442 5432 ============================================================
12:31:12.0442 5432 \Device\Harddisk0\DR0:
12:31:12.0442 5432 MBR partitions:
12:31:12.0442 5432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1D0FC000
12:31:12.0442 5432 ============================================================
12:31:12.0473 5432 C: <-> \Device\Harddisk0\DR0\Partition1
12:31:12.0473 5432 ============================================================
12:31:12.0473 5432 Initialize success
12:31:12.0473 5432 ============================================================
12:31:46.0746 3988 ============================================================
12:31:46.0746 3988 Scan started
12:31:46.0746 3988 Mode: Manual; SigCheck; TDLFS;
12:31:46.0746 3988 ============================================================
12:31:47.0339 3988 ================ Scan system memory ========================
12:31:47.0339 3988 System memory - ok
12:31:47.0339 3988 ================ Scan services =============================
12:31:47.0651 3988 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:31:48.0774 3988 1394ohci - ok
12:31:48.0821 3988 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:31:48.0946 3988 ACPI - ok
12:31:49.0024 3988 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:31:49.0320 3988 AcpiPmi - ok
12:31:49.0383 3988 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:31:49.0539 3988 adp94xx - ok
12:31:49.0570 3988 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:31:49.0742 3988 adpahci - ok
12:31:49.0757 3988 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:31:49.0866 3988 adpu320 - ok
12:31:49.0913 3988 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:31:50.0381 3988 AeLookupSvc - ok
12:31:50.0444 3988 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
12:31:50.0818 3988 AFD - ok
12:31:50.0849 3988 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:31:50.0943 3988 agp440 - ok
12:31:50.0990 3988 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:31:51.0130 3988 aic78xx - ok
12:31:51.0208 3988 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:31:51.0629 3988 ALG - ok
12:31:51.0707 3988 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:31:51.0863 3988 aliide - ok
12:31:51.0957 3988 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:31:52.0050 3988 amdagp - ok
12:31:52.0082 3988 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:31:52.0175 3988 amdide - ok
12:31:52.0253 3988 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:31:52.0518 3988 AmdK8 - ok
12:31:52.0581 3988 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:31:52.0862 3988 AmdPPM - ok
12:31:52.0955 3988 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:31:53.0064 3988 amdsata - ok
12:31:53.0127 3988 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:31:53.0236 3988 amdsbs - ok
12:31:53.0252 3988 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:31:53.0361 3988 amdxata - ok
12:31:53.0392 3988 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
12:31:53.0766 3988 AppID - ok
12:31:53.0844 3988 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:31:54.0219 3988 AppIDSvc - ok
12:31:54.0297 3988 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
12:31:54.0640 3988 Appinfo - ok
12:31:54.0687 3988 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:31:54.0765 3988 arc - ok
12:31:54.0780 3988 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:31:54.0890 3988 arcsas - ok
12:31:54.0936 3988 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:31:55.0326 3988 AsyncMac - ok
12:31:55.0404 3988 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:31:55.0498 3988 atapi - ok
12:31:55.0560 3988 [ 0F4B6B99D6CDC1D93DF1FA690796B2F7 ] athr C:\Windows\system32\DRIVERS\athr.sys
12:31:55.0950 3988 athr - ok
12:31:56.0013 3988 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:31:56.0356 3988 AudioEndpointBuilder - ok
12:31:56.0418 3988 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:31:56.0652 3988 Audiosrv - ok
12:31:56.0871 3988 AVP - ok
12:31:56.0933 3988 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:31:57.0308 3988 AxInstSV - ok
12:31:57.0370 3988 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:31:57.0791 3988 b06bdrv - ok
12:31:57.0838 3988 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:31:58.0150 3988 b57nd60x - ok
12:31:58.0228 3988 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:31:58.0665 3988 BDESVC - ok
12:31:58.0696 3988 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:31:58.0961 3988 Beep - ok
12:31:59.0024 3988 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
12:31:59.0414 3988 BFE - ok
12:31:59.0476 3988 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
12:31:59.0882 3988 BITS - ok
12:31:59.0944 3988 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:32:00.0225 3988 blbdrive - ok
12:32:00.0272 3988 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:32:00.0474 3988 bowser - ok
12:32:00.0506 3988 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:32:00.0708 3988 BrFiltLo - ok
12:32:00.0708 3988 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:32:00.0989 3988 BrFiltUp - ok
12:32:01.0005 3988 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:32:01.0410 3988 BridgeMP - ok
12:32:01.0473 3988 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
12:32:01.0769 3988 Browser - ok
12:32:01.0816 3988 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:32:02.0112 3988 Brserid - ok
12:32:02.0128 3988 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:32:02.0346 3988 BrSerWdm - ok
12:32:02.0362 3988 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:32:02.0643 3988 BrUsbMdm - ok
12:32:02.0674 3988 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:32:02.0986 3988 BrUsbSer - ok
12:32:03.0017 3988 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:32:03.0267 3988 BTHMODEM - ok
12:32:03.0314 3988 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:32:03.0672 3988 bthserv - ok
12:32:03.0797 3988 catchme - ok
12:32:03.0844 3988 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:32:04.0140 3988 cdfs - ok
12:32:04.0218 3988 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:32:04.0421 3988 cdrom - ok
12:32:04.0484 3988 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
12:32:04.0811 3988 CertPropSvc - ok
12:32:04.0858 3988 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:32:05.0139 3988 circlass - ok
12:32:05.0217 3988 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:32:05.0310 3988 CLFS - ok
12:32:05.0420 3988 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:32:05.0544 3988 clr_optimization_v2.0.50727_32 - ok
12:32:05.0685 3988 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:32:05.0810 3988 clr_optimization_v4.0.30319_32 - ok
12:32:05.0856 3988 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:32:06.0106 3988 CmBatt - ok
12:32:06.0387 3988 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:32:06.0605 3988 cmdide - ok
12:32:06.0652 3988 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
12:32:06.0948 3988 CNG - ok
12:32:07.0042 3988 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:32:07.0198 3988 Compbatt - ok
12:32:07.0276 3988 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:32:07.0479 3988 CompositeBus - ok
12:32:07.0510 3988 COMSysApp - ok
12:32:07.0541 3988 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:32:07.0744 3988 crcdisk - ok
12:32:07.0822 3988 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:32:08.0228 3988 CryptSvc - ok
12:32:08.0290 3988 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:32:08.0649 3988 DcomLaunch - ok
12:32:08.0711 3988 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:32:09.0008 3988 defragsvc - ok
12:32:09.0086 3988 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:32:09.0398 3988 DfsC - ok
12:32:09.0476 3988 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:32:09.0850 3988 Dhcp - ok
12:32:09.0912 3988 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:32:10.0380 3988 discache - ok
12:32:10.0443 3988 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:32:10.0552 3988 Disk - ok
12:32:10.0661 3988 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:32:11.0098 3988 Dnscache - ok
12:32:11.0176 3988 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:32:11.0488 3988 dot3svc - ok
12:32:11.0550 3988 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
12:32:12.0003 3988 DPS - ok
12:32:12.0065 3988 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:32:12.0330 3988 drmkaud - ok
12:32:12.0393 3988 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:32:12.0533 3988 DXGKrnl - ok
12:32:12.0627 3988 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:32:12.0970 3988 EapHost - ok
12:32:13.0126 3988 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:32:13.0734 3988 ebdrv - ok
12:32:13.0781 3988 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
12:32:14.0156 3988 EFS - ok
12:32:14.0234 3988 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:32:14.0390 3988 elxstor - ok
12:32:14.0421 3988 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:32:14.0670 3988 ErrDev - ok
12:32:14.0748 3988 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:32:15.0123 3988 EventSystem - ok
12:32:15.0170 3988 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:32:15.0482 3988 exfat - ok
12:32:15.0497 3988 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:32:15.0934 3988 fastfat - ok
12:32:16.0012 3988 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
12:32:16.0386 3988 Fax - ok
12:32:16.0511 3988 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:32:16.0792 3988 fdc - ok
12:32:17.0042 3988 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:32:17.0354 3988 fdPHost - ok
12:32:17.0369 3988 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:32:17.0728 3988 FDResPub - ok
12:32:17.0822 3988 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:32:17.0931 3988 FileInfo - ok
12:32:17.0946 3988 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:32:18.0290 3988 Filetrace - ok
12:32:18.0305 3988 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:32:18.0633 3988 flpydisk - ok
12:32:18.0680 3988 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:32:18.0789 3988 FltMgr - ok
12:32:18.0851 3988 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
12:32:19.0163 3988 FontCache - ok
12:32:19.0241 3988 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:32:19.0319 3988 FontCache3.0.0.0 - ok
12:32:19.0366 3988 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:32:19.0475 3988 FsDepends - ok
12:32:19.0506 3988 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:32:19.0616 3988 Fs_Rec - ok
12:32:19.0725 3988 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:32:19.0865 3988 fvevol - ok
12:32:19.0928 3988 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:32:20.0021 3988 gagp30kx - ok
12:32:20.0052 3988 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:32:20.0318 3988 gpsvc - ok
12:32:20.0349 3988 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:32:20.0583 3988 hcw85cir - ok
12:32:20.0645 3988 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:32:20.0864 3988 HdAudAddService - ok
12:32:20.0910 3988 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:32:21.0129 3988 HDAudBus - ok
12:32:21.0176 3988 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:32:21.0441 3988 HidBatt - ok
12:32:21.0456 3988 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:32:21.0659 3988 HidBth - ok
12:32:21.0675 3988 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:32:21.0878 3988 HidIr - ok
12:32:21.0909 3988 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
12:32:22.0268 3988 hidserv - ok
12:32:22.0330 3988 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
12:32:22.0564 3988 HidUsb - ok
12:32:22.0595 3988 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:32:23.0001 3988 hkmsvc - ok
12:32:23.0048 3988 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:32:23.0391 3988 HomeGroupListener - ok
12:32:23.0422 3988 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:32:23.0672 3988 HomeGroupProvider - ok
12:32:23.0734 3988 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:32:23.0828 3988 HpSAMD - ok
12:32:23.0890 3988 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:32:24.0249 3988 HTTP - ok
12:32:24.0296 3988 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:32:24.0374 3988 hwpolicy - ok
12:32:24.0436 3988 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:32:24.0670 3988 i8042prt - ok
12:32:24.0732 3988 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:32:24.0982 3988 iaStor - ok
12:32:25.0060 3988 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:32:25.0200 3988 iaStorV - ok
12:32:25.0278 3988 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:32:25.0450 3988 idsvc - ok
12:32:25.0668 3988 [ E21A74A91F7AA3BB2E985C4CDDCA63F2 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
12:32:26.0230 3988 igfx - ok
12:32:26.0277 3988 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:32:26.0370 3988 iirsp - ok
12:32:26.0433 3988 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
12:32:26.0823 3988 IKEEXT - ok
12:32:26.0994 3988 [ 0A0E3C041C20C4175E1CC6580138CA38 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:32:27.0338 3988 IntcAzAudAddService - ok
12:32:27.0384 3988 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:32:27.0525 3988 intelide - ok
12:32:27.0556 3988 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:32:27.0743 3988 intelppm - ok
12:32:27.0837 3988 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:32:28.0149 3988 IPBusEnum - ok
12:32:28.0211 3988 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:32:28.0586 3988 IpFilterDriver - ok
12:32:28.0679 3988 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:32:29.0132 3988 iphlpsvc - ok
12:32:29.0210 3988 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:32:29.0553 3988 IPMIDRV - ok
12:32:29.0662 3988 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:32:30.0083 3988 IPNAT - ok
12:32:30.0130 3988 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:32:30.0489 3988 IRENUM - ok
12:32:30.0614 3988 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:32:30.0816 3988 isapnp - ok
12:32:30.0894 3988 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:32:31.0050 3988 iScsiPrt - ok
12:32:31.0097 3988 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:32:31.0206 3988 kbdclass - ok
12:32:31.0253 3988 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:32:31.0628 3988 kbdhid - ok
12:32:31.0659 3988 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
12:32:31.0924 3988 KeyIso - ok
12:32:32.0002 3988 [ EA26CB00F83686856F2C79673C00C686 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
12:32:32.0174 3988 KL1 - ok
12:32:32.0252 3988 [ FBC7F840F1118D358D2AFB8C1714B384 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
12:32:32.0454 3988 KLIF - ok
12:32:32.0501 3988 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
12:32:32.0642 3988 KLIM6 - ok
12:32:32.0704 3988 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
12:32:32.0829 3988 klkbdflt - ok
12:32:32.0860 3988 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
12:32:33.0000 3988 klmouflt - ok
12:32:33.0063 3988 [ 53C0DF6C5139CB78A631E7AFCD893730 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
12:32:33.0203 3988 kltdi - ok
12:32:33.0281 3988 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
12:32:33.0500 3988 kneps - ok
12:32:33.0546 3988 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:32:33.0671 3988 KSecDD - ok
12:32:33.0749 3988 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:32:33.0890 3988 KSecPkg - ok
12:32:33.0983 3988 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:32:34.0420 3988 KtmRm - ok
12:32:34.0482 3988 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
12:32:34.0872 3988 LanmanServer - ok
12:32:34.0935 3988 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:32:35.0356 3988 LanmanWorkstation - ok
12:32:35.0465 3988 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:32:35.0840 3988 lltdio - ok
12:32:35.0918 3988 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:32:36.0308 3988 lltdsvc - ok
12:32:36.0323 3988 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:32:36.0729 3988 lmhosts - ok
12:32:36.0776 3988 [ 6ADAB14D7AD12B35BDC665B35278099B ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
12:32:36.0947 3988 LPCFilter - ok
12:32:37.0010 3988 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:32:37.0150 3988 LSI_FC - ok
12:32:37.0197 3988 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:32:37.0322 3988 LSI_SAS - ok
12:32:37.0337 3988 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:32:37.0493 3988 LSI_SAS2 - ok
12:32:37.0509 3988 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:32:37.0649 3988 LSI_SCSI - ok
12:32:37.0665 3988 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:32:38.0055 3988 luafv - ok
12:32:38.0086 3988 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:32:38.0226 3988 megasas - ok
12:32:38.0242 3988 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:32:38.0445 3988 MegaSR - ok
12:32:38.0492 3988 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:32:38.0835 3988 MMCSS - ok
12:32:38.0866 3988 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:32:39.0162 3988 Modem - ok
12:32:39.0225 3988 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:32:39.0412 3988 monitor - ok
12:32:39.0490 3988 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
12:32:39.0646 3988 mouclass - ok
12:32:39.0677 3988 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:32:39.0896 3988 mouhid - ok
12:32:39.0958 3988 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:32:40.0145 3988 mountmgr - ok
12:32:40.0192 3988 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:32:40.0301 3988 mpio - ok
12:32:40.0332 3988 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:32:40.0644 3988 mpsdrv - ok
12:32:40.0707 3988 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:32:41.0253 3988 MpsSvc - ok
12:32:41.0315 3988 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:32:41.0690 3988 MRxDAV - ok
12:32:41.0736 3988 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:32:42.0158 3988 mrxsmb - ok
12:32:42.0251 3988 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:32:42.0454 3988 mrxsmb10 - ok
12:32:42.0516 3988 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:32:42.0844 3988 mrxsmb20 - ok
12:32:42.0860 3988 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
12:32:43.0000 3988 msahci - ok
12:32:43.0016 3988 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:32:43.0156 3988 msdsm - ok
12:32:43.0218 3988 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:32:43.0499 3988 MSDTC - ok
12:32:43.0577 3988 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:32:43.0889 3988 Msfs - ok
12:32:43.0905 3988 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:32:44.0248 3988 mshidkmdf - ok
12:32:44.0310 3988 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:32:44.0451 3988 msisadrv - ok
12:32:44.0498 3988 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:32:44.0825 3988 MSiSCSI - ok
12:32:44.0841 3988 msiserver - ok
12:32:44.0919 3988 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:32:45.0184 3988 MSKSSRV - ok
12:32:45.0215 3988 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:32:45.0512 3988 MSPCLOCK - ok
12:32:45.0527 3988 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:32:45.0824 3988 MSPQM - ok
12:32:45.0855 3988 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:32:45.0995 3988 MsRPC - ok
12:32:46.0073 3988 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:32:46.0151 3988 mssmbios - ok
12:32:46.0198 3988 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:32:46.0588 3988 MSTEE - ok
12:32:46.0604 3988 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:32:46.0853 3988 MTConfig - ok
12:32:46.0869 3988 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:32:47.0072 3988 Mup - ok
12:32:47.0103 3988 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
12:32:47.0430 3988 napagent - ok
12:32:47.0508 3988 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:32:47.0696 3988 NativeWifiP - ok
12:32:47.0774 3988 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:32:47.0976 3988 NDIS - ok
12:32:48.0039 3988 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:32:48.0366 3988 NdisCap - ok
12:32:48.0413 3988 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:32:48.0741 3988 NdisTapi - ok
12:32:48.0803 3988 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:32:49.0115 3988 Ndisuio - ok
12:32:49.0193 3988 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:32:49.0552 3988 NdisWan - ok
12:32:49.0583 3988 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:32:49.0911 3988 NDProxy - ok
12:32:49.0989 3988 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:32:50.0238 3988 NetBIOS - ok
12:32:50.0285 3988 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:32:50.0488 3988 NetBT - ok
12:32:50.0535 3988 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
12:32:50.0675 3988 Netlogon - ok
12:32:50.0784 3988 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:32:51.0018 3988 Netman - ok
12:32:51.0096 3988 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:32:51.0408 3988 netprofm - ok
12:32:51.0440 3988 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:32:51.0518 3988 NetTcpPortSharing - ok
12:32:51.0596 3988 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:32:51.0674 3988 nfrd960 - ok
12:32:51.0720 3988 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
12:32:51.0892 3988 NlaSvc - ok
12:32:51.0923 3988 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:32:52.0126 3988 Npfs - ok
12:32:52.0188 3988 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:32:52.0344 3988 nsi - ok
12:32:52.0376 3988 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:32:52.0532 3988 nsiproxy - ok
12:32:52.0610 3988 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:32:52.0781 3988 Ntfs - ok
12:32:52.0828 3988 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:32:52.0953 3988 Null - ok
12:32:53.0031 3988 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:32:53.0109 3988 nvraid - ok
12:32:53.0156 3988 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:32:53.0234 3988 nvstor - ok
12:32:53.0265 3988 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:32:53.0343 3988 nv_agp - ok
12:32:53.0436 3988 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:32:53.0546 3988 ohci1394 - ok
12:32:53.0592 3988 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:32:53.0764 3988 p2pimsvc - ok
12:32:53.0795 3988 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:32:53.0936 3988 p2psvc - ok
12:32:53.0967 3988 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:32:54.0060 3988 Parport - ok
12:32:54.0092 3988 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:32:54.0170 3988 partmgr - ok
12:32:54.0201 3988 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:32:54.0294 3988 Parvdm - ok
12:32:54.0341 3988 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:32:54.0450 3988 PcaSvc - ok
12:32:54.0497 3988 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
12:32:54.0575 3988 pci - ok
12:32:54.0591 3988 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:32:54.0669 3988 pciide - ok
12:32:54.0700 3988 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:32:54.0794 3988 pcmcia - ok
12:32:54.0809 3988 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:32:54.0887 3988 pcw - ok
12:32:54.0965 3988 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:32:55.0293 3988 PEAUTH - ok
12:32:55.0449 3988 [ 1B5011DD8D57F53AED31FF0F7D635802 ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
12:32:55.0558 3988 PGEffect - ok
12:32:55.0636 3988 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
12:32:55.0870 3988 pla - ok
12:32:55.0932 3988 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:32:56.0088 3988 PlugPlay - ok
12:32:56.0151 3988 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:32:56.0276 3988 PNRPAutoReg - ok
12:32:56.0338 3988 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:32:56.0432 3988 PNRPsvc - ok
12:32:56.0619 3988 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:32:56.0790 3988 PolicyAgent - ok
12:32:56.0837 3988 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
12:32:57.0009 3988 Power - ok
12:32:57.0087 3988 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:32:57.0258 3988 PptpMiniport - ok
12:32:57.0290 3988 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:32:57.0368 3988 Processor - ok
12:32:57.0446 3988 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
12:32:57.0570 3988 ProfSvc - ok
12:32:57.0602 3988 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:32:57.0695 3988 ProtectedStorage - ok
12:32:57.0773 3988 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:32:57.0914 3988 Psched - ok
12:32:57.0992 3988 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
12:32:58.0054 3988 PSI - ok
12:32:58.0132 3988 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:32:58.0319 3988 ql2300 - ok
12:32:58.0460 3988 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:32:58.0538 3988 ql40xx - ok
12:32:58.0584 3988 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:32:58.0725 3988 QWAVE - ok
12:32:58.0772 3988 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:32:58.0865 3988 QWAVEdrv - ok
12:32:58.0881 3988 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:32:59.0037 3988 RasAcd - ok
12:32:59.0130 3988 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:32:59.0271 3988 RasAgileVpn - ok
12:32:59.0318 3988 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:32:59.0458 3988 RasAuto - ok
12:32:59.0536 3988 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:32:59.0692 3988 Rasl2tp - ok
12:32:59.0770 3988 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
12:32:59.0957 3988 RasMan - ok
12:33:00.0004 3988 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:33:00.0160 3988 RasPppoe - ok
12:33:00.0176 3988 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:33:00.0347 3988 RasSstp - ok
12:33:00.0378 3988 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:33:00.0534 3988 rdbss - ok
12:33:00.0581 3988 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:33:00.0690 3988 rdpbus - ok
12:33:00.0737 3988 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:33:00.0878 3988 RDPCDD - ok
12:33:00.0971 3988 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:33:01.0112 3988 RDPENCDD - ok
12:33:01.0143 3988 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:33:01.0299 3988 RDPREFMP - ok
12:33:01.0408 3988 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:33:01.0517 3988 RdpVideoMiniport - ok
12:33:01.0564 3988 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:33:01.0689 3988 RDPWD - ok
12:33:01.0782 3988 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:33:01.0860 3988 rdyboost - ok
12:33:01.0892 3988 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:33:02.0063 3988 RemoteAccess - ok
12:33:02.0110 3988 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:33:02.0266 3988 RemoteRegistry - ok
12:33:02.0344 3988 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:33:02.0484 3988 RpcEptMapper - ok
12:33:02.0516 3988 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:33:02.0609 3988 RpcLocator - ok
12:33:02.0656 3988 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
12:33:02.0812 3988 RpcSs - ok
12:33:03.0030 3988 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:33:03.0171 3988 rspndr - ok
12:33:03.0233 3988 [ EF8B2AFC3C0751C5E5A59983C8893260 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
12:33:03.0342 3988 RSUSBSTOR - ok
12:33:03.0405 3988 [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
12:33:03.0608 3988 RTL8167 - ok
12:33:03.0654 3988 RtsUIR - ok
12:33:03.0686 3988 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
12:33:03.0764 3988 SamSs - ok
12:33:03.0826 3988 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:33:03.0904 3988 sbp2port - ok
12:33:03.0966 3988 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:33:04.0122 3988 SCardSvr - ok
12:33:04.0169 3988 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:33:04.0294 3988 scfilter - ok
12:33:04.0341 3988 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
12:33:04.0544 3988 Schedule - ok
12:33:04.0575 3988 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:33:04.0715 3988 SCPolicySvc - ok
12:33:04.0746 3988 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:33:04.0871 3988 SDRSVC - ok
12:33:04.0949 3988 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:33:05.0121 3988 secdrv - ok
12:33:05.0152 3988 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:33:05.0324 3988 seclogon - ok
12:33:05.0495 3988 [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
12:33:05.0636 3988 Secunia PSI Agent - ok
12:33:05.0776 3988 [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
12:33:05.0870 3988 Secunia Update Agent - ok
12:33:05.0948 3988 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
12:33:06.0104 3988 SENS - ok
12:33:06.0135 3988 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:33:06.0213 3988 Serenum - ok
12:33:06.0260 3988 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:33:06.0369 3988 Serial - ok
12:33:06.0400 3988 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:33:06.0478 3988 sermouse - ok
12:33:06.0541 3988 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
12:33:06.0712 3988 SessionEnv - ok
12:33:06.0759 3988 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:33:06.0853 3988 sffdisk - ok
12:33:06.0884 3988 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:33:06.0977 3988 sffp_mmc - ok
12:33:07.0009 3988 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:33:07.0102 3988 sffp_sd - ok
12:33:07.0149 3988 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:33:07.0243 3988 sfloppy - ok
12:33:07.0321 3988 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:33:07.0508 3988 SharedAccess - ok
12:33:07.0555 3988 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:33:07.0726 3988 ShellHWDetection - ok
12:33:07.0757 3988 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:33:07.0835 3988 sisagp - ok
12:33:07.0882 3988 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:33:07.0960 3988 SiSRaid2 - ok
12:33:07.0976 3988 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:33:08.0054 3988 SiSRaid4 - ok
12:33:08.0132 3988 [ C44DA62FBCAE62803EA95600FC263065 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:33:08.0194 3988 SkypeUpdate - ok
12:33:08.0272 3988 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:33:08.0428 3988 Smb - ok
12:33:08.0491 3988 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:33:08.0615 3988 SNMPTRAP - ok
12:33:08.0647 3988 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:33:08.0725 3988 spldr - ok
12:33:08.0818 3988 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
12:33:08.0927 3988 Spooler - ok
12:33:09.0083 3988 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
12:33:09.0380 3988 sppsvc - ok
12:33:09.0411 3988 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:33:09.0551 3988 sppuinotify - ok
12:33:09.0614 3988 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:33:09.0754 3988 srv - ok
12:33:09.0785 3988 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:33:09.0910 3988 srv2 - ok
12:33:09.0941 3988 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:33:10.0066 3988 srvnet - ok
12:33:10.0097 3988 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:33:10.0253 3988 SSDPSRV - ok
12:33:10.0285 3988 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:33:10.0441 3988 SstpSvc - ok
12:33:10.0472 3988 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:33:10.0550 3988 stexstor - ok
12:33:10.0612 3988 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
12:33:10.0784 3988 StiSvc - ok
12:33:10.0940 3988 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
12:33:11.0002 3988 swenum - ok
12:33:11.0080 3988 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:33:11.0283 3988 swprv - ok
12:33:11.0345 3988 [ 6DA97D6B6DE6326EBA8AB8291AB41A09 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:33:11.0455 3988 SynTP - ok
12:33:11.0548 3988 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
12:33:11.0767 3988 SysMain - ok
12:33:11.0813 3988 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:33:11.0923 3988 TabletInputService - ok
12:33:11.0969 3988 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
12:33:12.0157 3988 TapiSrv - ok
12:33:12.0203 3988 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:33:12.0453 3988 TBS - ok
12:33:12.0593 3988 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:33:12.0890 3988 Tcpip - ok
12:33:12.0999 3988 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:33:13.0186 3988 TCPIP6 - ok
12:33:13.0295 3988 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:33:13.0576 3988 tcpipreg - ok
12:33:13.0685 3988 [ 4084EA00D50C858D6F9038F86AE2E2D0 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
12:33:13.0763 3988 tdcmdpst - ok
12:33:13.0810 3988 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:33:14.0185 3988 TDPIPE - ok
12:33:14.0231 3988 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:33:14.0543 3988 TDTCP - ok
12:33:14.0590 3988 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:33:14.0949 3988 tdx - ok
12:33:15.0027 3988 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:33:15.0214 3988 TermDD - ok
12:33:15.0323 3988 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
12:33:15.0745 3988 TermService - ok
12:33:15.0823 3988 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:33:16.0088 3988 Themes - ok
12:33:16.0135 3988 [ 9528F2A39CB660A49F0592D57127F370 ] Thpdrv C:\Windows\system32\DRIVERS\thpdrv.sys
12:33:16.0228 3988 Thpdrv - ok
12:33:16.0259 3988 [ E17DCDE74FF00CA802643B4A9A4A4A5C ] Thpevm C:\Windows\system32\DRIVERS\Thpevm.SYS
12:33:16.0369 3988 Thpevm - ok
12:33:16.0431 3988 [ 32C625D61D2C7CB1EAAC3F094D0887C1 ] Thpsrv C:\Windows\system32\ThpSrv.exe
12:33:16.0743 3988 Thpsrv - ok
12:33:16.0790 3988 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:33:17.0039 3988 THREADORDER - ok
12:33:17.0086 3988 [ FE65D33B7D4FF07DD1D29526A48DF810 ] TODDSrv C:\Windows\system32\TODDSrv.exe
12:33:17.0273 3988 TODDSrv - ok
12:33:17.0383 3988 [ 66C35016E01746715F8F606A9F081BF9 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
12:33:17.0570 3988 TosCoSrv - ok
12:33:17.0663 3988 [ CF3AE1FE5D5D55747F1338DE5C07852A ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
12:33:18.0287 3988 TOSHIBA Bluetooth Service - ok
12:33:18.0365 3988 [ 67C1DA40D78C92622081A3E780C926B2 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
12:33:18.0475 3988 TOSHIBA HDD SSD Alert Service - ok
12:33:18.0490 3988 Tosrfcom - ok
12:33:18.0568 3988 [ 9EE240F7029771B21CC6200BE6516D60 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
12:33:18.0724 3988 tosrfec - ok
12:33:18.0787 3988 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:33:19.0099 3988 TrkWks - ok
12:33:19.0161 3988 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:33:19.0520 3988 TrustedInstaller - ok
12:33:19.0567 3988 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:33:19.0894 3988 tssecsrv - ok
12:33:19.0972 3988 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:33:20.0284 3988 TsUsbFlt - ok
12:33:20.0347 3988 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:33:20.0659 3988 tunnel - ok
12:33:20.0737 3988 [ FC24015B4052600C324C43E3A79C0664 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
12:33:20.0846 3988 TVALZ - ok
12:33:20.0908 3988 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:33:21.0111 3988 uagp35 - ok
12:33:21.0205 3988 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:33:21.0579 3988 udfs - ok
12:33:21.0688 3988 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:33:22.0000 3988 UI0Detect - ok
12:33:22.0031 3988 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:33:22.0156 3988 uliagpkx - ok
12:33:22.0250 3988 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
12:33:22.0375 3988 umbus - ok
12:33:22.0468 3988 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:33:22.0749 3988 UmPass - ok
12:33:22.0811 3988 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:33:23.0233 3988 upnphost - ok
12:33:23.0279 3988 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:33:23.0591 3988 usbccgp - ok
12:33:23.0623 3988 USBCCID - ok
12:33:23.0669 3988 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:33:23.0903 3988 usbcir - ok
12:33:23.0935 3988 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:33:24.0153 3988 usbehci - ok
12:33:24.0215 3988 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:33:24.0496 3988 usbhub - ok
12:33:24.0527 3988 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:33:24.0808 3988 usbohci - ok
12:33:24.0855 3988 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:33:25.0042 3988 usbprint - ok
12:33:25.0073 3988 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:33:25.0448 3988 USBSTOR - ok
12:33:25.0479 3988 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:33:25.0682 3988 usbuhci - ok
12:33:25.0713 3988 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:33:25.0947 3988 usbvideo - ok
12:33:26.0009 3988 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:33:26.0353 3988 UxSms - ok
12:33:26.0399 3988 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
12:33:26.0571 3988 VaultSvc - ok
12:33:26.0649 3988 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:33:26.0789 3988 vdrvroot - ok
12:33:26.0852 3988 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
12:33:27.0367 3988 vds - ok
12:33:27.0445 3988 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:33:27.0725 3988 vga - ok
12:33:27.0741 3988 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:33:28.0069 3988 VgaSave - ok
12:33:28.0131 3988 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:33:28.0334 3988 vhdmp - ok
12:33:28.0396 3988 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:33:28.0552 3988 viaagp - ok
12:33:28.0615 3988 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:33:28.0942 3988 ViaC7 - ok
12:33:28.0973 3988 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
12:33:29.0114 3988 viaide - ok
12:33:29.0145 3988 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:33:29.0285 3988 volmgr - ok
12:33:29.0317 3988 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:33:29.0504 3988 volmgrx - ok
12:33:29.0535 3988 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:33:29.0691 3988 volsnap - ok
12:33:29.0847 3988 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:33:29.0941 3988 vsmraid - ok
12:33:30.0003 3988 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
12:33:30.0502 3988 VSS - ok
12:33:30.0518 3988 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:33:30.0752 3988 vwifibus - ok
12:33:30.0799 3988 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:33:31.0095 3988 vwififlt - ok
12:33:31.0173 3988 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:33:31.0563 3988 W32Time - ok
12:33:31.0610 3988 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:33:33.0435 3988 WacomPen - ok
12:33:33.0482 3988 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:33:33.0700 3988 WANARP - ok
12:33:33.0716 3988 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:33:33.0872 3988 Wanarpv6 - ok
12:33:33.0934 3988 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
12:33:34.0449 3988 wbengine - ok
12:33:34.0496 3988 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:33:34.0808 3988 WbioSrvc - ok
12:33:34.0886 3988 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:33:35.0245 3988 wcncsvc - ok
12:33:35.0260 3988 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:33:35.0697 3988 WcsPlugInService - ok
12:33:35.0759 3988 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:33:35.0962 3988 Wd - ok
12:33:36.0009 3988 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:33:36.0227 3988 Wdf01000 - ok
12:33:36.0290 3988 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:33:37.0569 3988 WdiServiceHost - ok
12:33:37.0585 3988 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:33:37.0772 3988 WdiSystemHost - ok
12:33:37.0803 3988 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
12:33:38.0053 3988 WebClient - ok
12:33:38.0099 3988 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:33:38.0427 3988 Wecsvc - ok
12:33:38.0458 3988 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:33:38.0645 3988 wercplsupport - ok
12:33:38.0708 3988 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:33:39.0035 3988 WerSvc - ok
12:33:39.0129 3988 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:33:39.0254 3988 WfpLwf - ok
12:33:39.0285 3988 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:33:39.0441 3988 WIMMount - ok
12:33:39.0535 3988 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:33:39.0878 3988 WinDefend - ok
12:33:39.0893 3988 WinHttpAutoProxySvc - ok
12:33:40.0034 3988 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:33:40.0408 3988 Winmgmt - ok
12:33:40.0845 3988 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
12:33:41.0297 3988 WinRM - ok
12:33:41.0422 3988 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:33:41.0797 3988 Wlansvc - ok
12:33:41.0812 3988 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:33:41.0921 3988 WmiAcpi - ok
12:33:41.0968 3988 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:33:42.0187 3988 wmiApSrv - ok
12:33:42.0280 3988 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:33:42.0499 3988 WMPNetworkSvc - ok
12:33:42.0530 3988 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:33:42.0873 3988 WPCSvc - ok
12:33:42.0904 3988 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:33:43.0263 3988 WPDBusEnum - ok
12:33:43.0310 3988 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:33:43.0559 3988 ws2ifsl - ok
12:33:43.0606 3988 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
12:33:43.0809 3988 wscsvc - ok
12:33:43.0825 3988 WSearch - ok
12:33:43.0996 3988 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:33:44.0293 3988 wuauserv - ok
12:33:44.0324 3988 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:33:44.0589 3988 WudfPf - ok
12:33:44.0620 3988 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:33:44.0776 3988 WUDFRd - ok
12:33:44.0823 3988 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:33:45.0057 3988 wudfsvc - ok
12:33:45.0119 3988 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:33:45.0322 3988 WwanSvc - ok
12:33:45.0369 3988 ================ Scan global ===============================
12:33:45.0400 3988 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:33:45.0494 3988 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
12:33:45.0541 3988 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
12:33:45.0587 3988 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:33:45.0634 3988 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:33:45.0665 3988 [Global] - ok
12:33:45.0665 3988 ================ Scan MBR ==================================
12:33:45.0681 3988 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:33:55.0135 3988 \Device\Harddisk0\DR0 - ok
12:33:55.0135 3988 ================ Scan VBR ==================================
12:33:55.0166 3988 [ 0BD38260D130C39C749BA80D3CA3DF8B ] \Device\Harddisk0\DR0\Partition1
12:33:55.0166 3988 \Device\Harddisk0\DR0\Partition1 - ok
12:33:55.0181 3988 ============================================================
12:33:55.0181 3988 Scan finished
12:33:55.0181 3988 ============================================================
12:33:55.0228 5784 Detected object count: 0
12:33:55.0228 5784 Actual detected object count: 0
12:34:10.0594 6008 Deinitialize success


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-26 12:36:49
-----------------------------
12:36:49.087 OS Version: Windows 6.1.7601 Service Pack 1
12:36:49.087 Number of processors: 2 586 0x1C0A
12:36:49.102 ComputerName: LOCCIE-TOSH UserName: Loccie
12:37:13.534 Initialize success
12:39:03.341 AVAST engine defs: 12112600
12:39:28.067 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:39:28.083 Disk 0 Vendor: FUJITSU_ 0040 Size: 238475MB BusType: 3
12:39:28.098 Disk 0 MBR read successfully
12:39:28.114 Disk 0 MBR scan
12:39:28.114 Disk 0 Windows 7 default MBR code
12:39:28.145 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
12:39:28.161 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238072 MB offset 821248
12:39:28.192 Disk 0 scanning sectors +488392704
12:39:28.270 Disk 0 scanning C:\Windows\system32\drivers
12:39:45.664 Service scanning
12:40:04.025 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
12:40:04.400 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
12:40:05.070 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
12:40:05.195 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
12:40:05.336 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
12:40:05.507 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
12:40:36.598 Modules scanning
12:40:57.065 Disk 0 trace - called modules:
12:40:57.112 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll iaStor.sys
12:40:57.128 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d98030]
12:40:57.143 3 CLASSPNP.SYS[88fc959e] -> nt!IofCallDriver -> \Device\THPDRV1[0x85d96248]
12:40:57.159 5 thpdrv.sys[891e499f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85333028]
12:40:59.327 AVAST engine scan C:\
13:31:02.135 Scan finished successfully
13:37:38.664 Disk 0 MBR has been saved successfully to "C:\Users\Loccie\Desktop\MBR.dat"
13:37:38.680 The log file has been saved successfully to "C:\Users\Loccie\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:42 PM

Posted 28 November 2012 - 09:18 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Loccie

Loccie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 28 November 2012 - 03:06 PM

Well IE seems bit quicker but the part of the registry that caused my worry (in bold) still appear, are these legit?





ComboFix 12-11-28.02 - Loccie 28/11/2012 16:30:21.4.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.2037.1255 [GMT 0:00]
Running from: c:\users\Loccie\Desktop\ComboFix.exe
Command switches used :: c:\users\Loccie\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
.
.
2012-11-28 17:42 . 2012-11-28 17:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-25 22:30 . 2012-11-25 22:30 -------- d-----w- c:\windows\ELAMBKUP
2012-11-25 21:52 . 2012-11-25 21:52 -------- d-----w- c:\program files\CCleaner
2012-11-25 20:48 . 2012-11-25 20:48 -------- d-----w- c:\program files\Common Files\Adobe
2012-11-25 16:49 . 2012-11-25 16:49 -------- d-----w- c:\users\Loccie\AppData\Local\WindowsUpdate
2012-11-25 16:46 . 2012-11-25 16:46 -------- d-----w- c:\users\Loccie\AppData\Local\Secunia PSI
2012-11-25 16:46 . 2012-11-25 16:46 -------- d-----w- c:\program files\Secunia
2012-11-25 10:43 . 2012-11-28 16:23 -------- d-----w- c:\users\Loccie\AppData\Roaming\Skype
2012-11-25 10:42 . 2012-11-25 10:42 -------- d-----w- c:\program files\Common Files\Skype
2012-11-25 10:42 . 2012-11-25 10:42 -------- d-----r- c:\program files\Skype
2012-11-25 10:42 . 2012-11-25 10:43 -------- d-----w- c:\programdata\Skype
2012-11-25 08:36 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-25 08:36 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-25 08:36 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-25 08:35 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-25 08:35 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-25 08:35 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-25 08:35 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-25 08:35 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-25 08:35 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-25 08:35 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-25 08:34 . 2012-10-08 07:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-25 08:34 . 2012-10-08 08:37 140960 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-11-25 08:34 . 2012-10-08 07:45 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-11-25 08:34 . 2012-10-08 07:43 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-25 08:15 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-11-25 08:15 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-11-25 08:15 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-11-25 08:15 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-11-25 08:14 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-11-25 08:14 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-25 08:14 . 2012-08-20 17:40 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-25 08:14 . 2012-08-20 17:40 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-25 08:14 . 2012-08-20 17:37 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-25 08:12 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-25 08:01 . 2012-11-19 01:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{045B8143-475E-40B1-B39F-143D9D7DCD6A}\mpengine.dll
2012-11-24 23:17 . 2012-11-28 17:42 -------- d-----w- c:\users\Loccie\AppData\Local\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-25 23:19 . 2012-06-08 11:38 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-11-25 17:05 . 2012-07-31 19:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-25 17:05 . 2012-07-31 19:26 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-25 13:19 . 2012-10-25 13:19 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-10-25 13:19 . 2012-10-25 13:19 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-10-16 07:39 . 2012-11-27 18:51 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-15 1586472]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 150552]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-25 356376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

.
Completion time: 2012-11-28 17:46:43
ComboFix-quarantined-files.txt 2012-11-28 17:46
ComboFix2.txt 2012-11-26 10:07
ComboFix3.txt 2012-11-25 10:38
ComboFix4.txt 2012-11-24 23:17
.
Pre-Run: 234,045,321,216 bytes free
Post-Run: 233,713,324,032 bytes free
.
- - End Of File - - 4474D3B69FAD581AF5BFAAADE9A5E321


Part of OTL


========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:42 PM

Posted 28 November 2012 - 09:09 PM

Hello

everything in those sections are ligit and how they are supposed to be

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Loccie

Loccie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 29 November 2012 - 05:08 AM

Well the computer seems quicker but IE has locked up and I just tried opening a new tab and iframe.dll came up then blank page closed tab and google opened again fine. I notice *Deregistered* - TrueSight was listed in my last combofix log what is this? thanks

Adobe Flash Player 11 ActiveX
Adobe Reader XI
Atheros Driver Installation Program
Bluetooth Stack for Windows by Toshiba
CCleaner
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Kaspersky Internet Security 2013
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RegAlyzer
RunAlyzer
Secunia PSI (3.0.0.4001)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Skype™ 6.0
Synaptics Pointing Device Driver
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Utility Common Driver

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:42 PM

Posted 29 November 2012 - 07:19 AM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Loccie

Loccie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 30 November 2012 - 12:11 PM

Computer seems fine thus far, thank you.




Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.29.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Loccie :: LOCCIE-TOSH [administrator]

29/11/2012 17:38:58
mbam-log-2012-11-29 (17-38-58).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255364
Time elapsed: 1 hour(s), 12 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:02:40, on 29/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\Explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtbws.exe
C:\Windows\notepad.exe
C:\Users\Loccie\Downloads\HijackThis.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

--
End of file - 5874 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:42 PM

Posted 30 November 2012 - 03:52 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
      O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
      O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users