Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Ransom


  • This topic is locked This topic is locked
18 replies to this topic

#1 spitdrumr

spitdrumr

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 29 November 2012 - 10:56 AM

Hello I'm hoping someone can help me with this trojan infection. Malwarebytes recently detected and removed a Trojan.Ransom virus on my Windows 7 computer. Now every time I boot up I get a BSOD error 0x0000008e and the computer restarts. Below is the Malwarebytes log. What can I do next?

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.29.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Chad :: CHAD-PC [administrator]

Protection: Enabled

11/28/2012 9:29:55 PM
mbam-log-2012-11-28 (21-29-55).txt

Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 403489
Time elapsed: 2 hour(s), 53 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\ProgramData\Microsoft\Windows\DRM\4DAF.tmp (Trojan.Ransom) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\Microsoft\Windows\DRM\4DAF.tmp (Trojan.Ransom) -> Delete on reboot.
C:\Users\Chad\AppData\Local\Temp\367.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Users\Chad\AppData\Local\Temp\EA1E.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.

(end)

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 PM

Posted 04 December 2012 - 11:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/476863 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 spitdrumr

spitdrumr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 04 December 2012 - 10:25 PM

Hello I still need help with this! I am having the same issues, BSOD whenever I start the computer. I am running Windows 7 Ultimate Edition, 32bit. Running in normal mode I am unable to run DDS because BSOD reboots my computer before it completes it's checks. However, I just tried running DDS in Safe Mode and it worked. Below are the DDS logs and attach file:


.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Chad at 20:05:06 on 2012-12-04
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2655 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - g:\program files\avg\avg10\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - g:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
mRun: [NBAgent] "g:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BCSSync] "g:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: c:\users\chad\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\chad\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: NoPrinters = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
uPolicies-system: NoSecCpl = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - g:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - g:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: intuit.com\ttlc
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{BB066F7D-845D-48C1-82EC-918104108C52} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{BB066F7D-845D-48C1-82EC-918104108C52}\14E64627F69646455647865627 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{BB066F7D-845D-48C1-82EC-918104108C52}\65562796A7F6E602D494649443531303C4024343634302355636572756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BB066F7D-845D-48C1-82EC-918104108C52}\65562796A7F6E602D494649443531303C4025343147302355636572756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BB066F7D-845D-48C1-82EC-918104108C52}\C416273756E602E4564777F627B6 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chad\appdata\roaming\mozilla\firefox\profiles\wyad956n.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15119
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PSI&o=15116&locale=en_US&apn_uid=3d997d24-ac20-45c0-ad35-59b74d9034d9&apn_ptnrs=L6&apn_sauid=974901E3-7D86-45BD-9425-E4AC7EE16B3C&apn_dtid=YYYYYYYYUS&&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adp\npDPFPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\chad\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\chad\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\chad\appdata\roaming\igg\web3d\1.0.0.38\NPIGGWeb3DUpdater.dll
FF - plugin: c:\users\chad\appdata\roaming\igg\web3d\1.0.0.38\NPJoyConnectShell.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - plugin: g:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: g:\progra~1\micros~1\office14\NPSPWRAP.DLL
.
============= SERVICES / DRIVERS ===============
.
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-5-3 221784]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-5-3 78936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
S2 AVGIDSAgent;AVGIDSAgent;"g:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> g:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-1-16 8192]
S2 MBAMScheduler;MBAMScheduler;g:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-16 399432]
S2 MBAMService;MBAMService;g:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-23 676936]
S2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 99272]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-7-18 2458944]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;g:\program files\avg\avg10\toolbar\toolbarbroker.exe --> g:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-17 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-9 115168]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-23 14848]
S3 RTL8192su;RNX-N180UBE Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [2010-11-25 603240]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-5-3 69208]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-5-3 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-5-3 94040]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-23 49664]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-11 1343400]
.
=============== Created Last 30 ================
.
2012-11-29 14:28:04 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{edb47441-1de5-4ea9-9c73-b8899b8e723b}\mpengine.dll
2012-11-28 14:32:55 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cd666069-6efc-48ea-af52-3648adfc5be0}\gapaengine.dll
2012-11-28 14:31:22 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-18 17:32:25 -------- d-----w- c:\users\chad\appdata\roaming\IGG
2012-11-16 10:04:37 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 10:04:37 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 10:04:37 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 10:03:48 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 10:03:48 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 10:03:46 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 10:03:46 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 10:03:43 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 10:03:42 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 10:03:42 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 01:32:39 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-16 01:32:39 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-16 01:32:39 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-16 01:32:39 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-16 01:32:39 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-16 01:32:38 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-16 01:32:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-16 01:32:38 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-16 01:32:31 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 01:32:30 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 01:32:26 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 01:32:26 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
==================== Find3M ====================
.
2012-10-23 21:18:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-23 21:18:15 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-30 01:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 20:07:28.46 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 PM

Posted 04 December 2012 - 11:26 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 spitdrumr

spitdrumr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 05 December 2012 - 11:52 AM

Hello Gringo! I ran the programs as requested and below are the logs. Please note that all of these had to be run in Safe Mode because my computer won't stay on long enough to run them in Normal Mode. Also, I am still getting the BSOD when running in Normal Mode. Thanks for all of your help!!



Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
WinPatrol
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java 7 Update 7
Java version out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 16.0.2 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
WinPatrol winpatrol.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````




# AdwCleaner v2.011 - Logfile created 12/05/2012 at 09:29:54
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Chad - CHAD-PC
# Boot Mode : Safe mode
# Running from : C:\Users\Chad\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\wyad956n.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\Chad\AppData\Local\APN
Folder Deleted : C:\Users\Chad\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\wyad956n.default\extensions\toolbar@ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\wyad956n.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=15119");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PSI&o=15116&locale=e[...]

-\\ Google Chrome v23.0.1271.91

File : C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.13] : homepage = "hxxp://www.ask.com/?l=dis&o=15119cr",
Deleted [l.50] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.53] : keyword = "ask.com",
Deleted [l.56] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=PSI&o=15116&locale=en_US&[...]
Deleted [l.57] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
Deleted [l.1588] : homepage = "hxxp://www.ask.com/?l=dis&o=15119cr",

*************************

AdwCleaner[S1].txt - [6822 octets] - [05/12/2012 09:29:54]

########## EOF - C:\AdwCleaner[S1].txt - [6882 octets] ##########





RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode
User : Chad [Admin rights]
Mode : Scan -- Date : 12/05/2012 09:41:26

Bad processes : 0

Registry Entries : 4
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: ST340014AS ATA Device +++++
--- User ---
[MBR] ae40fb74e3d0dedc813f89cd7eafd53b
[BSP] 2737ef636b37e6b772c422327d8bcc41 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 71682030 | Size: 3137 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 35000 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] e72bc7cce185c068926ed1648aa9c35f
[BSP] 2737ef636b37e6b772c422327d8bcc41 : Windows 7/8 MBR Code
Partition table:
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 71682030 | Size: 3137 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 35000 Mo

Finished : << RKreport[1]_S_12052012_02d0941.txt >>
RKreport[1]_S_12052012_02d0941.txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 PM

Posted 05 December 2012 - 05:39 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 spitdrumr

spitdrumr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 05 December 2012 - 07:54 PM

Ok I ran ComboFix as requested. Below is the log from that. I didn't have any problems running in Safe Mode, but when I reboot into Normal Mode I am still getting the BSOD. Thanks for your help!




ComboFix 12-12-04.01 - Chad 12/05/2012 17:26:50.3.1 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2624 [GMT -7:00]
Running from: c:\users\Chad\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-11-06 to 2012-12-06 )))))))))))))))))))))))))))))))
.
.
2012-11-29 14:28 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDB47441-1DE5-4EA9-9C73-B8899B8E723B}\mpengine.dll
2012-11-28 14:32 . 2012-11-28 14:30 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD666069-6EFC-48EA-AF52-3648ADFC5BE0}\gapaengine.dll
2012-11-28 14:31 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-18 17:32 . 2012-11-18 17:32 -------- d-----w- c:\users\Chad\AppData\Roaming\IGG
2012-11-16 10:04 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 10:04 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 10:04 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 10:03 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 10:03 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 10:03 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 10:03 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 10:03 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 10:03 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 10:03 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 01:32 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-16 01:32 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-16 01:32 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-16 01:32 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-16 01:32 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-16 01:32 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-16 01:32 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-16 01:32 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-16 01:32 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 01:32 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 01:32 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 01:32 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 00:28 . 2012-08-18 02:03 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-23 21:18 . 2012-05-31 01:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-23 21:18 . 2012-05-31 01:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-16 07:39 . 2012-11-28 03:03 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-30 01:54 . 2012-09-17 16:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 18:28 . 2012-10-23 23:47 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-29 21:22 . 2012-10-29 21:21 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-07-13 384232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0g:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0g:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart\0SBBD.exe /d \Device\HarddiskVolume3\Program Files\Ad-Aware Antivirus\Engine\Definitions
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"MusicManager"="c:\users\Chad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" -s
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SelectRebates"=c:\program files\SelectRebates\SelectRebates.exe
.
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;g:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 MBAMScheduler;MBAMScheduler;g:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;g:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;g:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;RNX-N180UBE Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
GPSvcGroup REG_MULTI_SZ GPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1166799441-644486007-2581645919-1002Core.job
- c:\users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 22:11]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1166799441-644486007-2581645919-1002UA.job
- c:\users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\wyad956n.default\
FF - ExtSQL: 2012-11-02 20:13; toolbar@ask.com; c:\users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\wyad956n.default\extensions\toolbar@ask.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-NBAgent - g:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
HKLM-Run-BCSSync - g:\program files\Microsoft Office\Office14\BCSSync.exe
HKLM-RunOnce-Malwarebytes Anti-Malware (cleanup) - c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll
AddRemove-AnyDVD - g:\program files\SlySoft\AnyDVD\AnyDVD-uninst.exe
AddRemove-AviSynth - g:\program files\AviSynth 2.5\Uninstall.exe
AddRemove-BitComet_x64 - c:\program files\BitComet\uninst.exe
AddRemove-CCleaner - g:\program files\CCleaner\uninst.exe
AddRemove-DVD Shrink_is1 - g:\program files\DVD Shrink\unins000.exe
AddRemove-ffdshow_is1 - g:\program files\ffdshow\unins000.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - g:\program files\Malwarebytes' Anti-Malware\unins000.exe
AddRemove-Revo Uninstaller - g:\program files\VS Revo Group\Revo Uninstaller\uninst.exe
AddRemove-WinRAR archiver - g:\program files\WinRAR\uninstall.exe
AddRemove-Xvid_is1 - g:\program files\Xvid\unins000.exe
AddRemove-{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539} - c:\progra~2\INSTAL~1\{A62F9~1\Setup.exe
AddRemove-{D0795B21-0CDA-4a92-AB9E-6E92D8111E44} - g:\program files\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(272)
c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\NetworkExplorer.dll
.
Completion time: 2012-12-05 17:37:19
ComboFix-quarantined-files.txt 2012-12-06 00:37
.
Pre-Run: 1,388,675,072 bytes free
Post-Run: 1,666,920,448 bytes free
.
- - End Of File - - 14271406D586D94CEB941D6D59D0EE9B

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 PM

Posted 05 December 2012 - 08:15 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 spitdrumr

spitdrumr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 06 December 2012 - 08:15 PM

Hi Gringo! I ran the programs as requested, below are the logs. I ran these in Safe Mode first.



17:07:00.0925 1652 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:07:00.0941 1652 ============================================================
17:07:00.0941 1652 Current date / time: 2012/12/06 17:07:00.0941
17:07:00.0941 1652 SystemInfo:
17:07:00.0941 1652
17:07:00.0941 1652 OS Version: 6.1.7601 ServicePack: 1.0
17:07:00.0941 1652 Product type: Workstation
17:07:00.0941 1652 ComputerName: CHAD-PC
17:07:00.0941 1652 UserName: Chad
17:07:00.0941 1652 Windows directory: C:\Windows
17:07:00.0941 1652 System windows directory: C:\Windows
17:07:00.0941 1652 Processor architecture: Intel x86
17:07:00.0941 1652 Number of processors: 1
17:07:00.0941 1652 Page size: 0x1000
17:07:00.0941 1652 Boot type: Safe boot
17:07:00.0941 1652 ============================================================
17:07:02.0844 1652 BG loaded
17:07:03.0499 1652 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:07:03.0515 1652 ============================================================
17:07:03.0515 1652 \Device\Harddisk0\DR0:
17:07:03.0515 1652 MBR partitions:
17:07:03.0530 1652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x620D51
17:07:03.0530 1652 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x445C7AF
17:07:03.0530 1652 ============================================================
17:07:03.0546 1652 D: <-> \Device\Harddisk0\DR0\Partition1
17:07:03.0608 1652 C: <-> \Device\Harddisk0\DR0\Partition2
17:07:03.0608 1652 ============================================================
17:07:03.0608 1652 Initialize success
17:07:03.0608 1652 ============================================================
17:07:06.0822 1684 ============================================================
17:07:06.0822 1684 Scan started
17:07:06.0822 1684 Mode: Manual;
17:07:06.0822 1684 ============================================================
17:07:08.0725 1684 ================ Scan system memory ========================
17:07:08.0725 1684 System memory - ok
17:07:08.0725 1684 ================ Scan services =============================
17:07:08.0959 1684 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:07:08.0959 1684 1394ohci - ok
17:07:09.0021 1684 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:07:09.0021 1684 ACPI - ok
17:07:09.0068 1684 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:07:09.0068 1684 AcpiPmi - ok
17:07:09.0255 1684 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:07:09.0255 1684 AdobeARMservice - ok
17:07:09.0349 1684 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:07:09.0365 1684 adp94xx - ok
17:07:09.0411 1684 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:07:09.0427 1684 adpahci - ok
17:07:09.0489 1684 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:07:09.0489 1684 adpu320 - ok
17:07:09.0552 1684 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:07:09.0567 1684 AeLookupSvc - ok
17:07:09.0614 1684 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
17:07:09.0630 1684 AFD - ok
17:07:09.0677 1684 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:07:09.0677 1684 agp440 - ok
17:07:09.0739 1684 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:07:09.0739 1684 aic78xx - ok
17:07:09.0817 1684 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:07:09.0817 1684 ALG - ok
17:07:09.0848 1684 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:07:09.0848 1684 aliide - ok
17:07:09.0879 1684 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:07:09.0879 1684 amdagp - ok
17:07:09.0911 1684 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:07:09.0911 1684 amdide - ok
17:07:09.0957 1684 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:07:09.0957 1684 AmdK8 - ok
17:07:09.0989 1684 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:07:09.0989 1684 AmdPPM - ok
17:07:10.0035 1684 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:07:10.0035 1684 amdsata - ok
17:07:10.0129 1684 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:07:10.0129 1684 amdsbs - ok
17:07:10.0160 1684 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:07:10.0160 1684 amdxata - ok
17:07:10.0238 1684 [ A289FB3BB1894F14AC9C7230EF28F0BE ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
17:07:10.0238 1684 AnyDVD - ok
17:07:10.0316 1684 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
17:07:10.0316 1684 AppID - ok
17:07:10.0379 1684 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:07:10.0379 1684 AppIDSvc - ok
17:07:10.0441 1684 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
17:07:10.0441 1684 Appinfo - ok
17:07:10.0519 1684 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:07:10.0535 1684 Apple Mobile Device - ok
17:07:10.0613 1684 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
17:07:10.0628 1684 AppMgmt - ok
17:07:10.0691 1684 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:07:10.0691 1684 arc - ok
17:07:10.0722 1684 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:07:10.0722 1684 arcsas - ok
17:07:10.0737 1684 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:07:10.0737 1684 AsyncMac - ok
17:07:10.0831 1684 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:07:10.0831 1684 atapi - ok
17:07:10.0893 1684 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:07:10.0925 1684 AudioEndpointBuilder - ok
17:07:10.0956 1684 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:07:10.0956 1684 Audiosrv - ok
17:07:10.0987 1684 AVG Security Toolbar Service - ok
17:07:11.0003 1684 AVGIDSAgent - ok
17:07:11.0127 1684 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:07:11.0127 1684 AxInstSV - ok
17:07:11.0190 1684 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:07:11.0205 1684 b06bdrv - ok
17:07:11.0283 1684 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:07:11.0299 1684 b57nd60x - ok
17:07:11.0424 1684 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:07:11.0424 1684 BDESVC - ok
17:07:11.0455 1684 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:07:11.0455 1684 Beep - ok
17:07:11.0517 1684 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
17:07:11.0549 1684 BFE - ok
17:07:11.0642 1684 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
17:07:11.0767 1684 BITS - ok
17:07:11.0814 1684 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:07:11.0814 1684 blbdrive - ok
17:07:11.0892 1684 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:07:11.0907 1684 Bonjour Service - ok
17:07:11.0939 1684 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:07:11.0939 1684 bowser - ok
17:07:12.0001 1684 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:07:12.0001 1684 BrFiltLo - ok
17:07:12.0017 1684 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:07:12.0017 1684 BrFiltUp - ok
17:07:12.0079 1684 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:07:12.0079 1684 BridgeMP - ok
17:07:12.0141 1684 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
17:07:12.0141 1684 Browser - ok
17:07:12.0204 1684 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:07:12.0219 1684 Brserid - ok
17:07:12.0251 1684 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:07:12.0251 1684 BrSerWdm - ok
17:07:12.0297 1684 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:07:12.0313 1684 BrUsbMdm - ok
17:07:12.0360 1684 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:07:12.0360 1684 BrUsbSer - ok
17:07:12.0407 1684 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:07:12.0407 1684 BTHMODEM - ok
17:07:12.0485 1684 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:07:12.0485 1684 bthserv - ok
17:07:12.0625 1684 catchme - ok
17:07:12.0656 1684 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:07:12.0656 1684 cdfs - ok
17:07:12.0719 1684 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:07:12.0719 1684 cdrom - ok
17:07:12.0781 1684 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
17:07:12.0781 1684 CertPropSvc - ok
17:07:12.0843 1684 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:07:12.0843 1684 circlass - ok
17:07:12.0906 1684 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:07:12.0906 1684 CLFS - ok
17:07:13.0093 1684 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:07:13.0093 1684 clr_optimization_v2.0.50727_32 - ok
17:07:13.0233 1684 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:07:13.0296 1684 clr_optimization_v4.0.30319_32 - ok
17:07:13.0358 1684 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:07:13.0358 1684 CmBatt - ok
17:07:13.0389 1684 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:07:13.0389 1684 cmdide - ok
17:07:13.0452 1684 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
17:07:13.0467 1684 CNG - ok
17:07:13.0514 1684 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:07:13.0530 1684 Compbatt - ok
17:07:13.0561 1684 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:07:13.0561 1684 CompositeBus - ok
17:07:13.0592 1684 COMSysApp - ok
17:07:13.0655 1684 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:07:13.0655 1684 crcdisk - ok
17:07:13.0733 1684 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:07:13.0733 1684 CryptSvc - ok
17:07:13.0811 1684 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
17:07:13.0842 1684 CSC - ok
17:07:13.0904 1684 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
17:07:13.0920 1684 CscService - ok
17:07:13.0967 1684 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:07:13.0967 1684 DcomLaunch - ok
17:07:14.0029 1684 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:07:14.0060 1684 defragsvc - ok
17:07:14.0123 1684 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:07:14.0123 1684 DfsC - ok
17:07:14.0216 1684 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:07:14.0216 1684 Dhcp - ok
17:07:14.0247 1684 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:07:14.0263 1684 discache - ok
17:07:14.0325 1684 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:07:14.0325 1684 Disk - ok
17:07:14.0372 1684 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:07:14.0372 1684 Dnscache - ok
17:07:14.0435 1684 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
17:07:14.0435 1684 dot3svc - ok
17:07:14.0497 1684 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
17:07:14.0497 1684 DPS - ok
17:07:14.0544 1684 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:07:14.0544 1684 drmkaud - ok
17:07:14.0606 1684 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:07:14.0637 1684 DXGKrnl - ok
17:07:14.0684 1684 [ 20DE769B84960606D8DBB2AEC123021A ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
17:07:14.0700 1684 E100B - ok
17:07:14.0793 1684 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:07:14.0793 1684 EapHost - ok
17:07:14.0965 1684 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:07:15.0074 1684 ebdrv - ok
17:07:15.0105 1684 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
17:07:15.0105 1684 EFS - ok
17:07:15.0230 1684 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:07:15.0246 1684 ehRecvr - ok
17:07:15.0308 1684 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:07:15.0324 1684 ehSched - ok
17:07:15.0386 1684 [ 76CAD4F1291990FC47824B845032E997 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
17:07:15.0386 1684 ElbyCDIO - ok
17:07:15.0464 1684 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:07:15.0480 1684 elxstor - ok
17:07:15.0527 1684 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:07:15.0527 1684 ErrDev - ok
17:07:15.0620 1684 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:07:15.0620 1684 EventSystem - ok
17:07:15.0651 1684 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:07:15.0651 1684 exfat - ok
17:07:15.0683 1684 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:07:15.0698 1684 fastfat - ok
17:07:15.0761 1684 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
17:07:15.0776 1684 Fax - ok
17:07:15.0839 1684 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:07:15.0839 1684 fdc - ok
17:07:15.0885 1684 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:07:15.0901 1684 fdPHost - ok
17:07:15.0917 1684 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:07:15.0917 1684 FDResPub - ok
17:07:15.0948 1684 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:07:15.0948 1684 FileInfo - ok
17:07:15.0995 1684 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:07:15.0995 1684 Filetrace - ok
17:07:16.0026 1684 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:07:16.0026 1684 flpydisk - ok
17:07:16.0057 1684 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:07:16.0057 1684 FltMgr - ok
17:07:16.0119 1684 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
17:07:16.0151 1684 FontCache - ok
17:07:16.0244 1684 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:07:16.0244 1684 FontCache3.0.0.0 - ok
17:07:16.0307 1684 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:07:16.0307 1684 FsDepends - ok
17:07:16.0353 1684 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:07:16.0353 1684 Fs_Rec - ok
17:07:16.0447 1684 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:07:16.0447 1684 fvevol - ok
17:07:16.0509 1684 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:07:16.0509 1684 gagp30kx - ok
17:07:16.0572 1684 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:07:16.0572 1684 GEARAspiWDM - ok
17:07:16.0634 1684 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
17:07:16.0665 1684 gpsvc - ok
17:07:16.0697 1684 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:07:16.0697 1684 hcw85cir - ok
17:07:16.0728 1684 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:07:16.0743 1684 HDAudBus - ok
17:07:16.0759 1684 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:07:16.0759 1684 HidBatt - ok
17:07:16.0790 1684 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:07:16.0790 1684 HidBth - ok
17:07:16.0837 1684 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:07:16.0837 1684 HidIr - ok
17:07:16.0899 1684 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
17:07:16.0915 1684 hidserv - ok
17:07:16.0962 1684 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:07:16.0962 1684 HidUsb - ok
17:07:17.0024 1684 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:07:17.0024 1684 hkmsvc - ok
17:07:17.0071 1684 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:07:17.0087 1684 HomeGroupListener - ok
17:07:17.0149 1684 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:07:17.0149 1684 HomeGroupProvider - ok
17:07:17.0211 1684 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:07:17.0211 1684 HpSAMD - ok
17:07:17.0274 1684 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:07:17.0289 1684 HTTP - ok
17:07:17.0352 1684 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:07:17.0352 1684 hwpolicy - ok
17:07:17.0414 1684 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:07:17.0414 1684 i8042prt - ok
17:07:17.0461 1684 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:07:17.0492 1684 iaStorV - ok
17:07:17.0570 1684 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:07:17.0601 1684 idsvc - ok
17:07:17.0664 1684 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:07:17.0664 1684 iirsp - ok
17:07:17.0757 1684 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
17:07:17.0789 1684 IKEEXT - ok
17:07:17.0835 1684 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:07:17.0835 1684 intelide - ok
17:07:17.0913 1684 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:07:17.0913 1684 intelppm - ok
17:07:17.0976 1684 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:07:17.0976 1684 IPBusEnum - ok
17:07:18.0007 1684 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:07:18.0007 1684 IpFilterDriver - ok
17:07:18.0085 1684 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:07:18.0116 1684 iphlpsvc - ok
17:07:18.0147 1684 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:07:18.0147 1684 IPMIDRV - ok
17:07:18.0194 1684 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:07:18.0194 1684 IPNAT - ok
17:07:18.0272 1684 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:07:18.0288 1684 iPod Service - ok
17:07:18.0350 1684 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:07:18.0366 1684 IRENUM - ok
17:07:18.0413 1684 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:07:18.0413 1684 isapnp - ok
17:07:18.0459 1684 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:07:18.0459 1684 iScsiPrt - ok
17:07:18.0522 1684 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:07:18.0522 1684 kbdclass - ok
17:07:18.0569 1684 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:07:18.0569 1684 kbdhid - ok
17:07:18.0584 1684 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
17:07:18.0600 1684 KeyIso - ok
17:07:18.0662 1684 [ 4635935FC972C582632BF45C26BFCB0E ] KMService C:\Windows\system32\srvany.exe
17:07:18.0662 1684 KMService - ok
17:07:18.0740 1684 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:07:18.0740 1684 KSecDD - ok
17:07:18.0803 1684 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:07:18.0803 1684 KSecPkg - ok
17:07:18.0881 1684 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:07:18.0896 1684 KtmRm - ok
17:07:18.0927 1684 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
17:07:18.0943 1684 LanmanServer - ok
17:07:19.0005 1684 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:07:19.0037 1684 LanmanWorkstation - ok
17:07:19.0130 1684 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:07:19.0146 1684 LightScribeService - ok
17:07:19.0208 1684 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:07:19.0208 1684 lltdio - ok
17:07:19.0255 1684 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:07:19.0271 1684 lltdsvc - ok
17:07:19.0302 1684 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:07:19.0302 1684 lmhosts - ok
17:07:19.0380 1684 [ 9A84F41E421287A712C90E5384400E4F ] LPDSVC C:\Windows\system32\lpdsvc.dll
17:07:19.0395 1684 LPDSVC - ok
17:07:19.0473 1684 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:07:19.0473 1684 LSI_FC - ok
17:07:19.0505 1684 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:07:19.0505 1684 LSI_SAS - ok
17:07:19.0551 1684 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:07:19.0567 1684 LSI_SAS2 - ok
17:07:19.0583 1684 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:07:19.0583 1684 LSI_SCSI - ok
17:07:19.0614 1684 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:07:19.0614 1684 luafv - ok
17:07:19.0692 1684 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:07:19.0692 1684 MBAMProtector - ok
17:07:19.0723 1684 MBAMScheduler - ok
17:07:19.0770 1684 MBAMService - ok
17:07:19.0832 1684 MBAMSwissArmy - ok
17:07:20.0144 1684 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:07:20.0144 1684 Mcx2Svc - ok
17:07:20.0191 1684 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:07:20.0191 1684 megasas - ok
17:07:20.0269 1684 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:07:20.0269 1684 MegaSR - ok
17:07:20.0316 1684 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:07:20.0331 1684 MMCSS - ok
17:07:20.0363 1684 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:07:20.0363 1684 Modem - ok
17:07:20.0425 1684 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:07:20.0425 1684 monitor - ok
17:07:20.0472 1684 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:07:20.0472 1684 mouclass - ok
17:07:20.0550 1684 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:07:20.0550 1684 mouhid - ok
17:07:20.0597 1684 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:07:20.0612 1684 mountmgr - ok
17:07:20.0690 1684 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:07:20.0690 1684 MozillaMaintenance - ok
17:07:20.0768 1684 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:07:20.0768 1684 MpFilter - ok
17:07:20.0799 1684 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:07:20.0799 1684 mpio - ok
17:07:20.0862 1684 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:07:20.0862 1684 mpsdrv - ok
17:07:20.0955 1684 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:07:20.0987 1684 MpsSvc - ok
17:07:21.0033 1684 [ 7E7370BF64462A09D5E82FCF4A481D78 ] MRV6X32P C:\Windows\system32\DRIVERS\MRVW13B.sys
17:07:21.0033 1684 MRV6X32P - ok
17:07:21.0111 1684 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:07:21.0111 1684 MRxDAV - ok
17:07:21.0143 1684 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:07:21.0158 1684 mrxsmb - ok
17:07:21.0189 1684 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:07:21.0189 1684 mrxsmb10 - ok
17:07:21.0221 1684 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:07:21.0221 1684 mrxsmb20 - ok
17:07:21.0283 1684 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
17:07:21.0283 1684 msahci - ok
17:07:21.0330 1684 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:07:21.0330 1684 msdsm - ok
17:07:21.0361 1684 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:07:21.0361 1684 MSDTC - ok
17:07:21.0423 1684 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:07:21.0423 1684 Msfs - ok
17:07:21.0455 1684 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:07:21.0455 1684 mshidkmdf - ok
17:07:21.0486 1684 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:07:21.0486 1684 msisadrv - ok
17:07:21.0548 1684 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:07:21.0548 1684 MSiSCSI - ok
17:07:21.0564 1684 msiserver - ok
17:07:21.0657 1684 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:07:21.0657 1684 MSKSSRV - ok
17:07:21.0751 1684 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:07:21.0751 1684 MsMpSvc - ok
17:07:21.0782 1684 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:07:21.0798 1684 MSPCLOCK - ok
17:07:21.0829 1684 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:07:21.0829 1684 MSPQM - ok
17:07:21.0876 1684 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:07:21.0876 1684 MsRPC - ok
17:07:21.0923 1684 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:07:21.0923 1684 mssmbios - ok
17:07:21.0985 1684 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:07:21.0985 1684 MSTEE - ok
17:07:22.0001 1684 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:07:22.0016 1684 MTConfig - ok
17:07:22.0032 1684 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:07:22.0032 1684 Mup - ok
17:07:22.0125 1684 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
17:07:22.0125 1684 napagent - ok
17:07:22.0203 1684 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:07:22.0219 1684 NativeWifiP - ok
17:07:22.0359 1684 [ E4534BCCDD1EA7A7A256BB9D6688A5FC ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
17:07:22.0375 1684 NAUpdate - ok
17:07:22.0437 1684 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:07:22.0469 1684 NDIS - ok
17:07:22.0531 1684 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:07:22.0531 1684 NdisCap - ok
17:07:22.0562 1684 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:07:22.0562 1684 NdisTapi - ok
17:07:22.0625 1684 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:07:22.0625 1684 Ndisuio - ok
17:07:22.0687 1684 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:07:22.0687 1684 NdisWan - ok
17:07:22.0765 1684 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:07:22.0765 1684 NDProxy - ok
17:07:22.0843 1684 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:07:22.0843 1684 NetBIOS - ok
17:07:22.0905 1684 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:07:22.0905 1684 NetBT - ok
17:07:22.0937 1684 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
17:07:22.0937 1684 Netlogon - ok
17:07:23.0015 1684 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:07:23.0030 1684 Netman - ok
17:07:23.0061 1684 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:07:23.0077 1684 netprofm - ok
17:07:23.0139 1684 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:07:23.0139 1684 NetTcpPortSharing - ok
17:07:23.0202 1684 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:07:23.0202 1684 nfrd960 - ok
17:07:23.0280 1684 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:07:23.0280 1684 NisDrv - ok
17:07:23.0358 1684 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
17:07:23.0373 1684 NisSrv - ok
17:07:23.0420 1684 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
17:07:23.0436 1684 NlaSvc - ok
17:07:23.0467 1684 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:07:23.0467 1684 Npfs - ok
17:07:23.0514 1684 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:07:23.0514 1684 nsi - ok
17:07:23.0592 1684 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:07:23.0592 1684 nsiproxy - ok
17:07:23.0701 1684 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:07:23.0732 1684 Ntfs - ok
17:07:23.0795 1684 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:07:23.0795 1684 Null - ok
17:07:24.0138 1684 [ 87522F44E3291B059A220ACC8AB0B54E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:07:24.0419 1684 nvlddmkm - ok
17:07:24.0450 1684 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:07:24.0450 1684 nvraid - ok
17:07:24.0481 1684 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:07:24.0481 1684 nvstor - ok
17:07:24.0559 1684 [ 9D7033C20C209EF90C8DF24FFBA854EF ] nvsvc C:\Windows\system32\nvvsvc.exe
17:07:24.0575 1684 nvsvc - ok
17:07:24.0715 1684 [ 96A196F8D9900B91227BDACADA2EE48F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:07:24.0777 1684 nvUpdatusService - ok
17:07:24.0809 1684 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:07:24.0809 1684 nv_agp - ok
17:07:24.0855 1684 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:07:24.0871 1684 ohci1394 - ok
17:07:24.0949 1684 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:07:24.0949 1684 ose - ok
17:07:25.0183 1684 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:07:25.0308 1684 osppsvc - ok
17:07:25.0370 1684 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:07:25.0386 1684 p2pimsvc - ok
17:07:25.0448 1684 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:07:25.0464 1684 p2psvc - ok
17:07:25.0542 1684 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:07:25.0542 1684 Parport - ok
17:07:25.0589 1684 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:07:25.0589 1684 partmgr - ok
17:07:25.0604 1684 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:07:25.0604 1684 Parvdm - ok
17:07:25.0667 1684 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:07:25.0667 1684 PcaSvc - ok
17:07:25.0713 1684 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
17:07:25.0713 1684 pci - ok
17:07:25.0776 1684 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:07:25.0776 1684 pciide - ok
17:07:25.0838 1684 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:07:25.0838 1684 pcmcia - ok
17:07:25.0869 1684 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:07:25.0869 1684 pcw - ok
17:07:25.0932 1684 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:07:25.0947 1684 PEAUTH - ok
17:07:26.0041 1684 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:07:26.0072 1684 PeerDistSvc - ok
17:07:26.0213 1684 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
17:07:26.0259 1684 pla - ok
17:07:26.0306 1684 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:07:26.0306 1684 PlugPlay - ok
17:07:26.0337 1684 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:07:26.0337 1684 PNRPAutoReg - ok
17:07:26.0384 1684 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:07:26.0384 1684 PNRPsvc - ok
17:07:26.0447 1684 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:07:26.0462 1684 PolicyAgent - ok
17:07:26.0540 1684 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
17:07:26.0540 1684 Power - ok
17:07:26.0618 1684 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:07:26.0618 1684 PptpMiniport - ok
17:07:26.0665 1684 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:07:26.0665 1684 Processor - ok
17:07:26.0743 1684 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
17:07:26.0743 1684 ProfSvc - ok
17:07:26.0774 1684 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:07:26.0774 1684 ProtectedStorage - ok
17:07:26.0821 1684 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:07:26.0821 1684 Psched - ok
17:07:26.0899 1684 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:07:26.0946 1684 ql2300 - ok
17:07:27.0008 1684 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:07:27.0024 1684 ql40xx - ok
17:07:27.0086 1684 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:07:27.0102 1684 QWAVE - ok
17:07:27.0117 1684 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:07:27.0117 1684 QWAVEdrv - ok
17:07:27.0149 1684 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:07:27.0149 1684 RasAcd - ok
17:07:27.0211 1684 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:07:27.0211 1684 RasAgileVpn - ok
17:07:27.0273 1684 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:07:27.0273 1684 RasAuto - ok
17:07:27.0336 1684 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:07:27.0336 1684 Rasl2tp - ok
17:07:27.0414 1684 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
17:07:27.0429 1684 RasMan - ok
17:07:27.0461 1684 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:07:27.0461 1684 RasPppoe - ok
17:07:27.0492 1684 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:07:27.0492 1684 RasSstp - ok
17:07:27.0554 1684 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:07:27.0554 1684 rdbss - ok
17:07:27.0617 1684 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:07:27.0617 1684 rdpbus - ok
17:07:27.0663 1684 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:07:27.0663 1684 RDPCDD - ok
17:07:27.0757 1684 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:07:27.0757 1684 RDPDR - ok
17:07:27.0835 1684 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:07:27.0835 1684 RDPENCDD - ok
17:07:27.0897 1684 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:07:27.0897 1684 RDPREFMP - ok
17:07:27.0975 1684 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:07:27.0975 1684 RdpVideoMiniport - ok
17:07:28.0038 1684 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:07:28.0053 1684 RDPWD - ok
17:07:28.0131 1684 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:07:28.0131 1684 rdyboost - ok
17:07:28.0209 1684 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:07:28.0209 1684 RemoteAccess - ok
17:07:28.0287 1684 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:07:28.0287 1684 RemoteRegistry - ok
17:07:28.0365 1684 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:07:28.0365 1684 RpcEptMapper - ok
17:07:28.0428 1684 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:07:28.0428 1684 RpcLocator - ok
17:07:28.0459 1684 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
17:07:28.0475 1684 RpcSs - ok
17:07:28.0553 1684 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:07:28.0553 1684 rspndr - ok
17:07:28.0646 1684 [ 9CE8DEFFAFFCCBF473015D76AE8EE514 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
17:07:28.0662 1684 RTL8192su - ok
17:07:28.0693 1684 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:07:28.0693 1684 s3cap - ok
17:07:28.0740 1684 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
17:07:28.0740 1684 SamSs - ok
17:07:28.0802 1684 [ 9C9BCC79AEF0AA97F16766C498002D36 ] SbFw C:\Windows\system32\drivers\SbFw.sys
17:07:28.0818 1684 SbFw - ok
17:07:28.0880 1684 [ F27B38D70B7621378161D6F48BE04D2C ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
17:07:28.0880 1684 SBFWIMCL - ok
17:07:28.0943 1684 [ F27B38D70B7621378161D6F48BE04D2C ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
17:07:28.0943 1684 SBFWIMCLMP - ok
17:07:29.0005 1684 [ 53E5E7DC26BB920B97F258BBD52ABFDC ] sbhips C:\Windows\system32\drivers\sbhips.sys
17:07:29.0005 1684 sbhips - ok
17:07:29.0036 1684 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:07:29.0052 1684 sbp2port - ok
17:07:29.0067 1684 SBRE - ok
17:07:29.0114 1684 [ 6468E2973E04525DECC105947DDD0D34 ] SbTis C:\Windows\system32\drivers\sbtis.sys
17:07:29.0114 1684 SbTis - ok
17:07:29.0192 1684 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:07:29.0192 1684 SCardSvr - ok
17:07:29.0239 1684 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:07:29.0255 1684 scfilter - ok
17:07:29.0317 1684 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
17:07:29.0348 1684 Schedule - ok
17:07:29.0379 1684 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:07:29.0379 1684 SCPolicySvc - ok
17:07:29.0426 1684 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:07:29.0442 1684 SDRSVC - ok
17:07:29.0489 1684 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:07:29.0489 1684 secdrv - ok
17:07:29.0551 1684 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:07:29.0551 1684 seclogon - ok
17:07:29.0582 1684 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
17:07:29.0598 1684 SENS - ok
17:07:29.0660 1684 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:07:29.0660 1684 SensrSvc - ok
17:07:29.0691 1684 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:07:29.0691 1684 Serenum - ok
17:07:29.0754 1684 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:07:29.0754 1684 Serial - ok
17:07:29.0801 1684 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:07:29.0801 1684 sermouse - ok
17:07:29.0879 1684 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
17:07:29.0879 1684 SessionEnv - ok
17:07:29.0925 1684 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:07:29.0925 1684 sffdisk - ok
17:07:29.0957 1684 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:07:29.0957 1684 sffp_mmc - ok
17:07:29.0972 1684 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:07:29.0988 1684 sffp_sd - ok
17:07:30.0035 1684 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:07:30.0035 1684 sfloppy - ok
17:07:30.0113 1684 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:07:30.0128 1684 SharedAccess - ok
17:07:30.0284 1684 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:07:30.0300 1684 ShellHWDetection - ok
17:07:30.0331 1684 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:07:30.0347 1684 sisagp - ok
17:07:30.0409 1684 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:07:30.0409 1684 SiSRaid2 - ok
17:07:30.0471 1684 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:07:30.0471 1684 SiSRaid4 - ok
17:07:30.0518 1684 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:07:30.0518 1684 Smb - ok
17:07:30.0596 1684 [ C80B84E4843B33DA56A806E1A1275BA0 ] smwdm C:\Windows\system32\drivers\smwdm.sys
17:07:30.0612 1684 smwdm - ok
17:07:30.0659 1684 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:07:30.0674 1684 SNMPTRAP - ok
17:07:30.0721 1684 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:07:30.0721 1684 spldr - ok
17:07:30.0768 1684 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
17:07:30.0783 1684 Spooler - ok
17:07:30.0908 1684 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
17:07:30.0986 1684 sppsvc - ok
17:07:31.0049 1684 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:07:31.0049 1684 sppuinotify - ok
17:07:31.0095 1684 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:07:31.0111 1684 srv - ok
17:07:31.0142 1684 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:07:31.0158 1684 srv2 - ok
17:07:31.0189 1684 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:07:31.0189 1684 srvnet - ok
17:07:31.0236 1684 [ FFE42941E0326C322F40B0B79A46493C ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
17:07:31.0251 1684 sscdbus - ok
17:07:31.0283 1684 [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
17:07:31.0283 1684 sscdmdfl - ok
17:07:31.0314 1684 [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
17:07:31.0314 1684 sscdmdm - ok
17:07:31.0392 1684 [ D04BD59F28C78E2E66632092CAFC0A2B ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
17:07:31.0392 1684 sscdserd - ok
17:07:31.0470 1684 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:07:31.0470 1684 SSDPSRV - ok
17:07:31.0501 1684 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:07:31.0501 1684 SstpSvc - ok
17:07:31.0548 1684 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:07:31.0548 1684 stexstor - ok
17:07:31.0595 1684 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
17:07:31.0595 1684 StillCam - ok
17:07:31.0673 1684 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
17:07:31.0688 1684 StiSvc - ok
17:07:31.0719 1684 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:07:31.0719 1684 storflt - ok
17:07:31.0766 1684 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:07:31.0782 1684 storvsc - ok
17:07:31.0829 1684 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
17:07:31.0829 1684 swenum - ok
17:07:31.0969 1684 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:07:32.0031 1684 SwitchBoard - ok
17:07:32.0094 1684 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:07:32.0109 1684 swprv - ok
17:07:32.0125 1684 Synth3dVsc - ok
17:07:32.0219 1684 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
17:07:32.0250 1684 SysMain - ok
17:07:32.0312 1684 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:07:32.0312 1684 TabletInputService - ok
17:07:32.0375 1684 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
17:07:32.0390 1684 TapiSrv - ok
17:07:32.0468 1684 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:07:32.0468 1684 TBS - ok
17:07:32.0577 1684 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:07:32.0609 1684 Tcpip - ok
17:07:32.0671 1684 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:07:32.0687 1684 TCPIP6 - ok
17:07:32.0702 1684 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:07:32.0702 1684 tcpipreg - ok
17:07:32.0765 1684 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:07:32.0765 1684 TDPIPE - ok
17:07:32.0827 1684 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:07:32.0827 1684 TDTCP - ok
17:07:32.0905 1684 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:07:32.0905 1684 tdx - ok
17:07:32.0921 1684 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:07:32.0936 1684 TermDD - ok
17:07:32.0999 1684 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
17:07:33.0014 1684 TermService - ok
17:07:33.0077 1684 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:07:33.0077 1684 Themes - ok
17:07:33.0108 1684 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:07:33.0108 1684 THREADORDER - ok
17:07:33.0233 1684 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
17:07:33.0233 1684 TomTomHOMEService - ok
17:07:33.0279 1684 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:07:33.0295 1684 TrkWks - ok
17:07:33.0404 1684 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:07:33.0404 1684 TrustedInstaller - ok
17:07:33.0467 1684 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:07:33.0467 1684 tssecsrv - ok
17:07:33.0529 1684 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:07:33.0529 1684 TsUsbFlt - ok
17:07:33.0545 1684 tsusbhub - ok
17:07:33.0607 1684 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:07:33.0623 1684 tunnel - ok
17:07:33.0669 1684 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:07:33.0685 1684 uagp35 - ok
17:07:33.0701 1684 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:07:33.0716 1684 udfs - ok
17:07:33.0779 1684 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:07:33.0794 1684 UI0Detect - ok
17:07:33.0825 1684 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:07:33.0825 1684 uliagpkx - ok
17:07:33.0857 1684 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
17:07:33.0857 1684 umbus - ok
17:07:33.0919 1684 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:07:33.0919 1684 UmPass - ok
17:07:33.0997 1684 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
17:07:33.0997 1684 UmRdpService - ok
17:07:34.0059 1684 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:07:34.0059 1684 upnphost - ok
17:07:34.0122 1684 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
17:07:34.0122 1684 USBAAPL - ok
17:07:34.0153 1684 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:07:34.0153 1684 usbaudio - ok
17:07:34.0184 1684 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:07:34.0184 1684 usbccgp - ok
17:07:34.0231 1684 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:07:34.0231 1684 usbcir - ok
17:07:34.0262 1684 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:07:34.0262 1684 usbehci - ok
17:07:34.0309 1684 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:07:34.0309 1684 usbhub - ok
17:07:34.0371 1684 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:07:34.0371 1684 usbohci - ok
17:07:34.0418 1684 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:07:34.0418 1684 usbprint - ok
17:07:34.0481 1684 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:07:34.0496 1684 usbscan - ok
17:07:34.0512 1684 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:07:34.0512 1684 USBSTOR - ok
17:07:34.0559 1684 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:07:34.0559 1684 usbuhci - ok
17:07:34.0621 1684 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:07:34.0621 1684 UxSms - ok
17:07:34.0652 1684 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
17:07:34.0652 1684 VaultSvc - ok
17:07:34.0699 1684 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:07:34.0699 1684 vdrvroot - ok
17:07:34.0761 1684 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
17:07:34.0777 1684 vds - ok
17:07:34.0839 1684 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:07:34.0839 1684 vga - ok
17:07:34.0871 1684 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:07:34.0871 1684 VgaSave - ok
17:07:34.0886 1684 VGPU - ok
17:07:34.0933 1684 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:07:34.0933 1684 vhdmp - ok
17:07:34.0995 1684 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:07:34.0995 1684 viaagp - ok
17:07:35.0042 1684 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:07:35.0042 1684 ViaC7 - ok
17:07:35.0073 1684 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:07:35.0073 1684 viaide - ok
17:07:35.0136 1684 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:07:35.0136 1684 vmbus - ok
17:07:35.0167 1684 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:07:35.0167 1684 VMBusHID - ok
17:07:35.0214 1684 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:07:35.0214 1684 volmgr - ok
17:07:35.0276 1684 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:07:35.0292 1684 volmgrx - ok
17:07:35.0323 1684 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:07:35.0339 1684 volsnap - ok
17:07:35.0370 1684 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:07:35.0385 1684 vsmraid - ok
17:07:35.0463 1684 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
17:07:35.0495 1684 VSS - ok
17:07:35.0526 1684 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:07:35.0526 1684 vwifibus - ok
17:07:35.0557 1684 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:07:35.0573 1684 vwififlt - ok
17:07:35.0604 1684 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:07:35.0604 1684 vwifimp - ok
17:07:35.0666 1684 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:07:35.0682 1684 W32Time - ok
17:07:35.0791 1684 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:07:35.0791 1684 WacomPen - ok
17:07:35.0822 1684 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:07:35.0822 1684 WANARP - ok
17:07:35.0838 1684 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:07:35.0838 1684 Wanarpv6 - ok
17:07:35.0963 1684 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:07:35.0994 1684 WatAdminSvc - ok
17:07:36.0056 1684 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
17:07:36.0087 1684 wbengine - ok
17:07:36.0150 1684 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:07:36.0165 1684 WbioSrvc - ok
17:07:36.0228 1684 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:07:36.0228 1684 wcncsvc - ok
17:07:36.0259 1684 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:07:36.0259 1684 WcsPlugInService - ok
17:07:36.0321 1684 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:07:36.0337 1684 Wd - ok
17:07:36.0399 1684 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:07:36.0415 1684 Wdf01000 - ok
17:07:36.0446 1684 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:07:36.0446 1684 WdiServiceHost - ok
17:07:36.0462 1684 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:07:36.0462 1684 WdiSystemHost - ok
17:07:36.0540 1684 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
17:07:36.0540 1684 WebClient - ok
17:07:36.0587 1684 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:07:36.0602 1684 Wecsvc - ok
17:07:36.0618 1684 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:07:36.0618 1684 wercplsupport - ok
17:07:36.0696 1684 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:07:36.0696 1684 WerSvc - ok
17:07:36.0758 1684 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:07:36.0758 1684 WfpLwf - ok
17:07:36.0789 1684 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:07:36.0789 1684 WIMMount - ok
17:07:36.0914 1684 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:07:36.0930 1684 WinDefend - ok
17:07:36.0945 1684 WinHttpAutoProxySvc - ok
17:07:37.0055 1684 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:07:37.0055 1684 Winmgmt - ok
17:07:37.0133 1684 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
17:07:37.0179 1684 WinRM - ok
17:07:37.0242 1684 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:07:37.0242 1684 WinUsb - ok
17:07:37.0304 1684 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:07:37.0351 1684 Wlansvc - ok
17:07:37.0382 1684 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:07:37.0382 1684 WmiAcpi - ok
17:07:37.0445 1684 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:07:37.0445 1684 wmiApSrv - ok
17:07:37.0601 1684 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:07:37.0647 1684 WMPNetworkSvc - ok
17:07:37.0710 1684 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:07:37.0710 1684 WPCSvc - ok
17:07:37.0772 1684 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:07:37.0772 1684 WPDBusEnum - ok
17:07:37.0835 1684 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:07:37.0835 1684 ws2ifsl - ok
17:07:37.0913 1684 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
17:07:37.0928 1684 wscsvc - ok
17:07:37.0928 1684 WSearch - ok
17:07:38.0037 1684 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:07:38.0100 1684 wuauserv - ok
17:07:38.0147 1684 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:07:38.0147 1684 WudfPf - ok
17:07:38.0178 1684 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:07:38.0193 1684 WUDFRd - ok
17:07:38.0256 1684 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:07:38.0256 1684 wudfsvc - ok
17:07:38.0334 1684 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:07:38.0349 1684 WwanSvc - ok
17:07:38.0412 1684 ================ Scan global ===============================
17:07:38.0459 1684 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:07:38.0521 1684 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
17:07:38.0537 1684 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
17:07:38.0599 1684 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:07:38.0630 1684 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:07:38.0630 1684 [Global] - ok
17:07:38.0630 1684 ================ Scan MBR ==================================
17:07:38.0661 1684 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:07:39.0114 1684 \Device\Harddisk0\DR0 - ok
17:07:39.0114 1684 ================ Scan VBR ==================================
17:07:39.0129 1684 [ 1947135F38609C6067A67E5F28445944 ] \Device\Harddisk0\DR0\Partition1
17:07:39.0129 1684 \Device\Harddisk0\DR0\Partition1 - ok
17:07:39.0192 1684 [ FEE89751B7DA4BEE35DB883F2166F996 ] \Device\Harddisk0\DR0\Partition2
17:07:39.0192 1684 \Device\Harddisk0\DR0\Partition2 - ok
17:07:39.0192 1684 ============================================================
17:07:39.0192 1684 Scan finished
17:07:39.0192 1684 ============================================================
17:07:39.0223 1676 Detected object count: 0
17:07:39.0223 1676 Actual detected object count: 0
17:08:14.0807 1648 Deinitialize success



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-06 17:08:40
-----------------------------
17:08:40.562 OS Version: Windows 6.1.7601 Service Pack 1
17:08:40.562 Number of processors: 1 586 0x401
17:08:40.562 ComputerName: CHAD-PC UserName: Chad
17:09:04.836 Initialize success
17:09:25.537 AVAST engine download error: 0
17:09:59.249 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
17:09:59.249 Disk 0 Vendor: ST340014AS 8.12 Size: 38146MB BusType: 3
17:09:59.264 Disk 0 MBR read successfully
17:09:59.264 Disk 0 MBR scan
17:09:59.280 Disk 0 Windows 7 default MBR code
17:09:59.280 Disk 0 Partition - 00 0F Extended LBA 3137 MB offset 71682030
17:09:59.280 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 35000 MB offset 63
17:09:59.327 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 3137 MB offset 71682093
17:09:59.327 Disk 0 scanning sectors +78108030
17:09:59.405 Disk 0 scanning C:\Windows\system32\drivers
17:10:07.688 Service scanning
17:10:59.340 Modules scanning
17:11:10.369 Disk 0 trace - called modules:
17:11:10.884 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
17:11:10.900 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85106948]
17:11:10.915 3 CLASSPNP.SYS[8ac7059e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85069030]
17:11:10.915 Scan finished successfully
17:11:59.977 Disk 0 MBR has been saved successfully to "C:\Users\Chad\Desktop\MBR.dat"
17:11:59.993 The log file has been saved successfully to "C:\Users\Chad\Desktop\aswMBR.txt"


After running these I then rebooted the computer in Normal Mode and ran both programs again. TDSKiller found nothing. Below is the log from aswMBR in normal mode. Also, everything seems to be running fine now. I am no longer getting BSOD errors. Thanks for your help!!



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-06 17:29:42
-----------------------------
17:29:42.966 OS Version: Windows 6.1.7601 Service Pack 1
17:29:42.966 Number of processors: 1 586 0x401
17:29:42.966 ComputerName: CHAD-PC UserName: Chad
17:30:08.456 Initialize success
17:31:00.572 AVAST engine defs: 12120602
17:32:26.294 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:32:26.294 Disk 0 Vendor: ST340014AS 8.12 Size: 38146MB BusType: 3
17:32:26.326 Disk 0 MBR read successfully
17:32:26.326 Disk 0 MBR scan
17:32:26.341 Disk 0 Windows 7 default MBR code
17:32:26.341 Disk 0 Partition - 00 0F Extended LBA 3137 MB offset 71682030
17:32:26.341 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 35000 MB offset 63
17:32:26.388 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 3137 MB offset 71682093
17:32:26.404 Disk 0 scanning sectors +78108030
17:32:26.466 Disk 0 scanning C:\Windows\system32\drivers
17:32:52.580 Service scanning
17:33:18.024 Service MpKsl4b801a63 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12F546CF-7F60-4281-AB1E-C4E5A87E15F0}\MpKsl4b801a63.sys **LOCKED** 32
17:33:59.099 Modules scanning
17:34:20.721 Disk 0 trace - called modules:
17:34:20.752 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
17:34:20.767 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d08648]
17:34:20.767 3 CLASSPNP.SYS[8b47a59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85c78908]
17:34:21.298 AVAST engine scan C:\Windows
17:34:28.521 AVAST engine scan C:\Windows\system32
17:40:03.469 AVAST engine scan C:\Windows\system32\drivers
17:40:32.516 AVAST engine scan C:\Users\Chad
17:49:07.847 AVAST engine scan C:\ProgramData
17:51:09.060 Scan finished successfully
17:55:52.559 Disk 0 MBR has been saved successfully to "C:\Users\Chad\Desktop\MBR.dat"
17:55:52.574 The log file has been saved successfully to "C:\Users\Chad\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 PM

Posted 06 December 2012 - 08:31 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 spitdrumr

spitdrumr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 06 December 2012 - 10:31 PM

Ok Gringo I ran the program requested. Everything ran great! Below is the log. The computer seems to be running great, no issues. Thanks for all your help!!



ComboFix 12-12-04.01 - Chad 12/06/2012 20:14:10.4.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2154 [GMT -7:00]
Running from: c:\users\Chad\Desktop\ComboFix.exe
Command switches used :: c:\users\Chad\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-07 to 2012-12-07 )))))))))))))))))))))))))))))))
.
.
2012-12-07 03:23 . 2012-12-07 03:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-07 03:23 . 2012-12-07 03:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-07 03:23 . 2012-12-07 03:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-07 03:09 . 2012-12-07 03:09 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12F546CF-7F60-4281-AB1E-C4E5A87E15F0}\MpKsla55d7842.sys
2012-12-07 00:21 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12F546CF-7F60-4281-AB1E-C4E5A87E15F0}\mpengine.dll
2012-12-07 00:02 . 2012-12-07 00:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-29 14:28 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-28 14:32 . 2012-11-28 14:30 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD666069-6EFC-48EA-AF52-3648ADFC5BE0}\gapaengine.dll
2012-11-18 17:32 . 2012-11-18 17:32 -------- d-----w- c:\users\Chad\AppData\Roaming\IGG
2012-11-16 10:04 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 10:04 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 10:04 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 10:03 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 10:03 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 10:03 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 10:03 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 10:03 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 10:03 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 10:03 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 01:32 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-16 01:32 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-16 01:32 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-16 01:32 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-16 01:32 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-16 01:32 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-16 01:32 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-16 01:32 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-16 01:32 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 01:32 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 01:32 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 01:32 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 00:28 . 2012-08-18 02:03 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-23 21:18 . 2012-05-31 01:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-23 21:18 . 2012-05-31 01:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-16 07:39 . 2012-11-28 03:03 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-30 01:54 . 2012-09-17 16:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 18:28 . 2012-10-23 23:47 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-29 21:22 . 2012-10-29 21:21 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-07-13 384232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0g:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0g:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart\0SBBD.exe /d \Device\HarddiskVolume3\Program Files\Ad-Aware Antivirus\Engine\Definitions
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"MusicManager"="c:\users\Chad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" -s
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SelectRebates"=c:\program files\SelectRebates\SelectRebates.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;g:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;g:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 MpKsla55d7842;MpKsla55d7842;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12F546CF-7F60-4281-AB1E-C4E5A87E15F0}\MpKsla55d7842.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S2 MBAMScheduler;MBAMScheduler;g:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;g:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8192su;RNX-N180UBE Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLA55D7842
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
GPSvcGroup REG_MULTI_SZ GPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1166799441-644486007-2581645919-1002Core.job
- c:\users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 22:11]
.
2012-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1166799441-644486007-2581645919-1002UA.job
- c:\users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\wyad956n.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-87599177.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3972)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-12-06 20:25:34
ComboFix-quarantined-files.txt 2012-12-07 03:25
ComboFix2.txt 2012-12-06 00:37
.
Pre-Run: 1,686,691,840 bytes free
Post-Run: 1,792,086,016 bytes free
.
- - End Of File - - 19DB8FC56072122CC6ACDD5F9F7BA980

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 PM

Posted 07 December 2012 - 10:50 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Ask Toolbar
Ask Toolbar Updater
BitComet 1.30 64-bit
Coupon Printer for Windows
Java 7 Update 7
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 spitdrumr

spitdrumr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 07 December 2012 - 08:01 PM

Hi Gringo! I ran the programs requested and the logs are below. Everything ran fine and the computer seems to be doing great! Thanks for all your help!



Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.07.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Chad :: CHAD-PC [administrator]

Protection: Enabled

12/7/2012 5:42:45 PM
mbam-log-2012-12-07 (17-42-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224727
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:57:19 PM, on 12/7/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chad\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - Startup: Dropbox.lnk = Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - G:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - G:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - G:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVG10\avgpp.dll (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - G:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVGIDSAgent - Unknown owner - G:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - G:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - G:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 6673 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 PM

Posted 07 December 2012 - 08:43 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - Startup: Dropbox.lnk = Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 spitdrumr

spitdrumr
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 09 December 2012 - 06:21 PM

Hi Gringo, I ran the requested program. Below is the report requested. Thanks for your help!!



C:\TDSSKiller_Quarantine\06.12.2012_17.01.28\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.12.2012_17.01.28\mbr0000\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\06.12.2012_17.01.28\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.QM trojan
C:\TDSSKiller_Quarantine\06.12.2012_17.01.28\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\06.12.2012_17.01.28\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\06.12.2012_17.01.28\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan
G:\Downloads\Program Setup\Uniblue Registry Booster 2010 v4.5.0.17 + SERIAL ~ IslandGirl@1337x.org\registrybooster.exe Win32/RegistryBooster application
G:\Downloads\Program Setup\Uniblue Registry Booster 2010 v4.5.0.17 + SERIAL ~ IslandGirl@1337x.org\Uniblue PowerSuite 2.1.10.14 [h33t.com] Full\Uniblue PowerSuite 2.1.10.14 Setup.exe multiple threats
G:\Downloads\Program Setup\Uniblue Registry Booster 2010 v4.5.0.17 + SERIAL ~ IslandGirl@1337x.org\Uniblue RegistryBooster 2010 v4.7.7.25 + Serial-[HB]\registrybooster.exe multiple threats




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users