Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess


  • This topic is locked This topic is locked
45 replies to this topic

#1 Menessis

Menessis

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 05 December 2012 - 06:06 PM

OK this is a link to the last thread:

http://www.bleepingcomputer.com/forums/index.php?app=forums&module=post&section=post&do=reply_post&f=103&t=477364

I have been trying to set up a network between the new Win7 machine and the old XP machine. In the middle of all that I picked up a virus/trojan and found that my firewall was not working. I removed all that I could find using various tools. Then while asking for help with my network not being able to see each other it was discovered that there may still be a virus.

Thanks again Guys!

Here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 10.5.1
Run by owner at 17:51:07 on 2012-12-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.2978 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files (x86)\PI Engineering\MacroWorks 3\MacroWorks 3.exe
C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=110195&tt=3012_8&babsrc=HP_ss&mntrId=749adec3000000000000a4badbfa8e8f
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [HOTASMode] "C:\Program Files (x86)\HOTAS\HOTASConfig.exe" /MODE /FOXY /AU /DM /BU "/PC:\Program Files (x86)\HOTAS\Profiles\A_Great_Day.tmc"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MACROW~1.LNK - C:\Program Files (x86)\PI Engineering\MacroWorks 3\MacroWorks 3.exe
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OFFICE~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOCA~1.LNK - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: Interfaces\{8199BD67-9E40-4DC5-9011-7B020B4DC614} : NameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
x64-Notify: WB - C:\Program Files (x86)\Stardock\MyColors\fast64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\e7evqo24.default-1343249736468\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-7-9 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-7-9 15920]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-7-27 52856]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-26 399432]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2012-7-22 2337144]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-26 25928]
R3 npusbio;npusbio;C:\Windows\System32\drivers\npusbio_x64.sys [2012-7-22 45600]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-2-24 78336]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-2-24 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 STTub203;Thrustmaster HOTAS USB Bulk Out;C:\Windows\System32\drivers\STTub203.sys [2012-7-20 33280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-26 676936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-7-19 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-16 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-11-7 14544]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="C:\Windows\SysWOW64\notepad.exe" "%1"
.
=============== Created Last 30 ================
.
2012-11-27 02:55:21 -------- d-----w- C:\Windows\System32\catroot2
2012-11-27 02:47:36 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-11-27 02:44:46 303616 ----a-w- C:\SetACL.exe
2012-11-27 02:35:36 290304 ----a-w- C:\subinacl.exe
2012-11-27 02:34:37 -------- d-----w- C:\RegBackup
2012-11-27 02:20:47 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-11-27 02:20:30 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-11-27 00:54:44 -------- d-----w- C:\Program Files\HitmanPro
2012-11-27 00:54:38 -------- d-----w- C:\ProgramData\HitmanPro
2012-11-27 00:34:07 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2012-11-26 23:30:25 -------- d-----w- C:\MGTools
2012-11-26 23:11:36 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes
2012-11-26 23:11:26 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-26 23:11:25 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-26 23:11:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-26 22:10:05 -------- d-----w- C:\Users\owner\AppData\Roaming\Owxuq
2012-11-26 22:10:05 -------- d-----w- C:\Users\owner\AppData\Roaming\Lyyko
2012-11-24 22:23:18 -------- d-----w- C:\Program Files (x86)\ESET
2012-11-24 21:02:35 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-11-22 00:58:57 -------- d-----w- C:\Users\owner\AppData\Roaming\PFStaticIP
2012-11-22 00:58:11 -------- d-----w- C:\Program Files (x86)\PFStaticIP
2012-11-19 17:34:04 -------- d-----w- C:\Books
2012-11-08 02:02:29 -------- d-----w- C:\Users\owner\AppData\Local\Microsoft Games
2012-11-08 02:00:34 -------- d-----w- C:\ProgramData\IObit
2012-11-08 02:00:34 -------- d-----w- C:\Program Files (x86)\IObit
.
==================== Find3M ====================
.
2012-10-08 18:49:44 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 18:49:44 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 17:51:16.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 PM

Posted 05 December 2012 - 08:29 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Menessis

Menessis
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 05 December 2012 - 11:47 PM

Hey Gringo! Here we go.

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.287 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

On to step 2....
be right back

Menessis

#4 Menessis

Menessis
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 06 December 2012 - 12:10 AM

Ok this is AdwCleaner's log:

# AdwCleaner v2.011 - Logfile created 12/06/2012 at 00:04:24
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : owner - ALIENI5
# Boot Mode : Normal
# Running from : C:\Users\owner\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\owner\AppData\Local\APN
Folder Deleted : C:\Users\owner\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16447

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110195&tt=3012_8&babsrc=HP_ss&mntrId=749adec3000000000000a4badbfa8e8f --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\271uz01c.default\prefs.js

C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\271uz01c.default\user.js ... Deleted !

[OK] File is clean.

Profile name : default-1343249736468 [Profil par défaut]
File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\e7evqo24.default-1343249736468\prefs.js

C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\e7evqo24.default-1343249736468\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "749adec3000000000000a4badbfa8e8f");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15550");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110195&tt=3012_8");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.111:31:15");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.9] : homepage = "hxxp://search.babylon.com/?affID=110195&tt=3012_8&babsrc=HP_ss&mntrId=749adec3000[...]
Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110195&tt=3012_8&babsrc=H[...]
Deleted [l.44] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Deleted [l.47] : keyword = "babylon.com",
Deleted [l.50] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110195&tt=3012_8&babsrc=SP_ss&[...]
Deleted [l.952] : homepage = "hxxp://search.babylon.com/?affID=110195&tt=3012_8&babsrc=HP_ss&mntrId=749adec3000000[...]
Deleted [l.1178] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110195&tt=3012_8&babsrc=HP_s[...]

*************************

AdwCleaner[S1].txt - [4550 octets] - [06/12/2012 00:04:24]

########## EOF - C:\AdwCleaner[S1].txt - [4610 octets] ##########

On to step#3

Menessis

#5 Menessis

Menessis
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 06 December 2012 - 12:16 AM

OK step #3 Rogue Killer log:

RogueKiller V8.3.1 [Dec 5 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : owner [Admin rights]
Mode : Remove -- Date : 12/06/2012 00:13:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$e294b41f36d84a3fa3ee69d5d4e792f1\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1889143696-757944529-1089859472-1001\$e294b41f36d84a3fa3ee69d5d4e792f1\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$e294b41f36d84a3fa3ee69d5d4e792f1\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1889143696-757944529-1089859472-1001\$e294b41f36d84a3fa3ee69d5d4e792f1\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$e294b41f36d84a3fa3ee69d5d4e792f1\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$e294b41f36d84a3fa3ee69d5d4e792f1\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$e294b41f36d84a3fa3ee69d5d4e792f1\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1889143696-757944529-1089859472-1001\$e294b41f36d84a3fa3ee69d5d4e792f1\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG MMCRE28G8MXP-0VBL1 ATA Device +++++
--- User ---
[MBR] 19056efb079dd2349e412b60baca8d13
[BSP] 9706a50f984231f346c75f2c0013f170 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12062012_02d0013.txt >>
RKreport[1]_S_12062012_02d0013.txt ; RKreport[2]_D_12062012_02d0013.txt



So far so good Gringo!

Menessis

#6 Menessis

Menessis
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 06 December 2012 - 12:17 AM

Can you see how long this infection has been on the pc? Just wondering.

Thanks again.

Menessis

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 PM

Posted 06 December 2012 - 06:05 PM

Hello

sometimes I can get hints as to when it gets on the computer but with the last reports it does not show any dates

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Menessis

Menessis
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 06 December 2012 - 06:43 PM

OK Combo Fix ran without a hitch. When I came back and started FireFox I got the "Illegal operation attempted on a registery key that has been marked for deletion." error and FireFox wouldn't open. Did a reboot and that was fixed. But then I couldn't get back on the internet. The Default gateway numbers where gone. Took me a few minutes to figure that one out.

Combo Fix Log:

ComboFix 12-12-04.01 - owner 12/06/2012 18:16:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.3014 [GMT -5:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\owner\AppData\Local\Temp\1r0q7faf.dll
c:\windows\offitems.log
.
.
((((((((((((((((((((((((( Files Created from 2012-11-06 to 2012-12-06 )))))))))))))))))))))))))))))))
.
.
2012-11-27 02:55 . 2012-11-28 21:26 -------- d-----w- c:\windows\system32\catroot2
2012-11-27 02:47 . 2012-11-27 02:48 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-11-27 02:44 . 2008-05-08 06:03 303616 ----a-w- C:\SetACL.exe
2012-11-27 02:35 . 2004-06-12 00:33 290304 ----a-w- C:\subinacl.exe
2012-11-27 02:34 . 2012-11-27 02:34 -------- d-----w- C:\RegBackup
2012-11-27 02:22 . 2012-11-27 02:53 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-11-27 02:20 . 2012-11-27 02:52 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-11-27 02:20 . 2012-11-27 02:20 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-11-27 00:54 . 2012-11-29 00:09 -------- d-----w- c:\program files\HitmanPro
2012-11-27 00:54 . 2012-11-27 01:03 -------- d-----w- c:\programdata\HitmanPro
2012-11-27 00:34 . 2012-11-29 00:14 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-11-26 23:30 . 2012-11-26 23:33 -------- d-----w- C:\MGTools
2012-11-26 23:11 . 2012-11-26 23:11 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2012-11-26 23:11 . 2012-11-26 23:11 -------- d-----w- c:\programdata\Malwarebytes
2012-11-26 23:11 . 2012-11-26 23:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-26 23:11 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-26 22:10 . 2012-11-27 02:49 -------- d-----w- c:\users\owner\AppData\Roaming\Lyyko
2012-11-26 22:10 . 2012-11-26 22:10 -------- d-----w- c:\users\owner\AppData\Roaming\Owxuq
2012-11-24 22:23 . 2012-11-24 22:23 -------- d-----w- c:\program files (x86)\ESET
2012-11-24 21:02 . 2012-11-24 21:02 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-11-22 00:58 . 2012-11-28 22:36 -------- d-----w- c:\users\owner\AppData\Roaming\PFStaticIP
2012-11-22 00:58 . 2012-11-22 00:58 -------- d-----w- c:\program files (x86)\PFStaticIP
2012-11-19 17:34 . 2012-11-19 17:34 -------- d-----w- C:\Books
2012-11-08 02:02 . 2012-11-08 02:02 -------- d-----w- c:\users\owner\AppData\Local\Microsoft Games
2012-11-08 02:00 . 2012-11-08 02:00 -------- d-----w- c:\programdata\IObit
2012-11-08 02:00 . 2012-11-08 02:00 -------- d-----w- c:\program files (x86)\IObit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-04 02:19 . 2012-10-22 23:03 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-12-04 02:09 . 2012-10-22 23:03 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-12-04 01:56 . 2012-10-22 23:02 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-04 01:56 . 2012-10-30 23:38 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-12-01 00:10 . 2012-10-29 00:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-12-01 00:10 . 2012-10-29 00:23 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-12-01 00:09 . 2012-10-29 00:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-11-29 00:06 . 2012-10-22 23:02 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-26 23:33 . 2012-11-26 23:32 106054 ----a-w- C:\MGlogs.zip
2012-10-08 18:49 . 2012-07-09 20:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 18:49 . 2012-07-09 20:35 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HOTASMode"="c:\program files (x86)\HOTAS\HOTASConfig.exe" [2007-06-12 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MacroWorks 3.lnk - c:\program files (x86)\PI Engineering\MacroWorks 3\MacroWorks 3.exe [2010-8-30 605184]
Microsoft Find Fast.lnk - c:\program files (x86)\Microsoft Office\Office\FINDFAST.EXE [1996-11-16 111376]
Office Startup.lnk - c:\program files (x86)\Microsoft Office\Office\OSA.EXE [1996-11-16 51984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IconPackager.lnk - c:\program files (x86)\Stardock\MyColors\IconPackager.exe [2009-12-16 1387688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-16 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-07-27 52856]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys [2009-12-17 45600]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 78336]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 STTub203;Thrustmaster HOTAS USB Bulk Out;c:\windows\system32\Drivers\STTub203.sys [2007-05-02 33280]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 18:49]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-23 22:35]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-23 22:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-02 10038304]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2012-09-09 4730448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{8199BD67-9E40-4DC5-9011-7B020B4DC614}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\e7evqo24.default-1343249736468\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-12-06 18:22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-06 23:22
.
Pre-Run: 42,744,827,904 bytes free
Post-Run: 42,381,496,320 bytes free
.
- - End Of File - - 3BFE1A0DB5508CFB330ACFC8B5B674F3


Hey Gringo how close is it to being fixed??? I haven't had a chance to do anything with it yet. Took care of all your instructions first.

Menessis

#9 Menessis

Menessis
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 06 December 2012 - 07:15 PM

Ok I have noticed that TeamSpeak3 is very slow to open. And I tried opening AudoCad and if I just double click the icon I get the hour glass for a few seconds and then nothing. But If I right click and choose run as Admin and say OK to the "user account control" prompt it opens right up.

Thanks

Menessis

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 PM

Posted 06 December 2012 - 07:34 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Menessis

Menessis
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 06 December 2012 - 10:14 PM

OK here we go:

22:00:58.0470 3420 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:00:58.0873 3420 ============================================================
22:00:58.0873 3420 Current date / time: 2012/12/06 22:00:58.0873
22:00:58.0873 3420 SystemInfo:
22:00:58.0873 3420
22:00:58.0873 3420 OS Version: 6.1.7601 ServicePack: 1.0
22:00:58.0873 3420 Product type: Workstation
22:00:58.0873 3420 ComputerName: ALIENI5
22:00:58.0873 3420 UserName: owner
22:00:58.0873 3420 Windows directory: C:\Windows
22:00:58.0873 3420 System windows directory: C:\Windows
22:00:58.0873 3420 Running under WOW64
22:00:58.0873 3420 Processor architecture: Intel x64
22:00:58.0873 3420 Number of processors: 4
22:00:58.0873 3420 Page size: 0x1000
22:00:58.0873 3420 Boot type: Normal boot
22:00:58.0873 3420 ============================================================
22:00:59.0094 3420 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:00:59.0096 3420 ============================================================
22:00:59.0096 3420 \Device\Harddisk0\DR0:
22:00:59.0096 3420 MBR partitions:
22:00:59.0096 3420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:00:59.0096 3420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
22:00:59.0096 3420 ============================================================
22:00:59.0100 3420 C: <-> \Device\Harddisk0\DR0\Partition2
22:00:59.0100 3420 ============================================================
22:00:59.0100 3420 Initialize success
22:00:59.0100 3420 ============================================================
22:01:11.0523 2008 ============================================================
22:01:11.0523 2008 Scan started
22:01:11.0523 2008 Mode: Manual;
22:01:11.0523 2008 ============================================================
22:01:11.0631 2008 ================ Scan system memory ========================
22:01:11.0631 2008 System memory - ok
22:01:11.0631 2008 ================ Scan services =============================
22:01:11.0665 2008 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:01:11.0667 2008 1394ohci - ok
22:01:11.0675 2008 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:01:11.0678 2008 ACPI - ok
22:01:11.0682 2008 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:01:11.0683 2008 AcpiPmi - ok
22:01:11.0706 2008 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:01:11.0708 2008 AdobeFlashPlayerUpdateSvc - ok
22:01:11.0717 2008 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:01:11.0723 2008 adp94xx - ok
22:01:11.0730 2008 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:01:11.0734 2008 adpahci - ok
22:01:11.0740 2008 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:01:11.0742 2008 adpu320 - ok
22:01:11.0749 2008 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:01:11.0750 2008 AeLookupSvc - ok
22:01:11.0759 2008 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:01:11.0764 2008 AFD - ok
22:01:11.0769 2008 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:01:11.0770 2008 agp440 - ok
22:01:11.0775 2008 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:01:11.0776 2008 ALG - ok
22:01:11.0780 2008 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:01:11.0780 2008 aliide - ok
22:01:11.0784 2008 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:01:11.0785 2008 amdide - ok
22:01:11.0789 2008 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:01:11.0790 2008 AmdK8 - ok
22:01:11.0793 2008 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:01:11.0794 2008 AmdPPM - ok
22:01:11.0797 2008 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:01:11.0798 2008 amdsata - ok
22:01:11.0803 2008 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:01:11.0805 2008 amdsbs - ok
22:01:11.0807 2008 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:01:11.0808 2008 amdxata - ok
22:01:11.0812 2008 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:01:11.0813 2008 AppID - ok
22:01:11.0815 2008 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:01:11.0816 2008 AppIDSvc - ok
22:01:11.0819 2008 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:01:11.0820 2008 Appinfo - ok
22:01:11.0828 2008 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:01:11.0829 2008 arc - ok
22:01:11.0832 2008 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:01:11.0833 2008 arcsas - ok
22:01:11.0836 2008 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:01:11.0836 2008 AsyncMac - ok
22:01:11.0839 2008 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:01:11.0839 2008 atapi - ok
22:01:11.0849 2008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:01:11.0854 2008 AudioEndpointBuilder - ok
22:01:11.0862 2008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:01:11.0865 2008 AudioSrv - ok
22:01:11.0875 2008 [ 7CC8CD6F86054C563E47E7F063CE7A61 ] Autodesk Licensing Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
22:01:11.0877 2008 Autodesk Licensing Service - ok
22:01:11.0882 2008 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:01:11.0883 2008 AxInstSV - ok
22:01:11.0890 2008 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:01:11.0894 2008 b06bdrv - ok
22:01:11.0900 2008 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:01:11.0902 2008 b57nd60a - ok
22:01:11.0910 2008 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:01:11.0911 2008 BDESVC - ok
22:01:11.0914 2008 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:01:11.0914 2008 Beep - ok
22:01:11.0925 2008 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:01:11.0930 2008 BFE - ok
22:01:11.0943 2008 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:01:11.0950 2008 BITS - ok
22:01:11.0954 2008 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:01:11.0954 2008 blbdrive - ok
22:01:11.0958 2008 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:01:11.0959 2008 bowser - ok
22:01:11.0962 2008 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:01:11.0963 2008 BrFiltLo - ok
22:01:11.0965 2008 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:01:11.0966 2008 BrFiltUp - ok
22:01:11.0973 2008 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:01:11.0974 2008 BridgeMP - ok
22:01:11.0979 2008 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
22:01:11.0980 2008 Browser - ok
22:01:11.0985 2008 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:01:11.0988 2008 Brserid - ok
22:01:11.0991 2008 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:01:11.0992 2008 BrSerWdm - ok
22:01:11.0994 2008 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:01:11.0995 2008 BrUsbMdm - ok
22:01:11.0997 2008 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:01:11.0998 2008 BrUsbSer - ok
22:01:12.0001 2008 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:01:12.0002 2008 BTHMODEM - ok
22:01:12.0007 2008 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:01:12.0008 2008 bthserv - ok
22:01:12.0010 2008 catchme - ok
22:01:12.0014 2008 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:01:12.0015 2008 cdfs - ok
22:01:12.0019 2008 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:01:12.0020 2008 cdrom - ok
22:01:12.0025 2008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:01:12.0026 2008 CertPropSvc - ok
22:01:12.0029 2008 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:01:12.0029 2008 circlass - ok
22:01:12.0036 2008 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:01:12.0039 2008 CLFS - ok
22:01:12.0046 2008 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:01:12.0047 2008 clr_optimization_v2.0.50727_32 - ok
22:01:12.0053 2008 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:01:12.0054 2008 clr_optimization_v2.0.50727_64 - ok
22:01:12.0062 2008 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:01:12.0063 2008 clr_optimization_v4.0.30319_32 - ok
22:01:12.0071 2008 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:01:12.0072 2008 clr_optimization_v4.0.30319_64 - ok
22:01:12.0075 2008 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:01:12.0076 2008 CmBatt - ok
22:01:12.0079 2008 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:01:12.0079 2008 cmdide - ok
22:01:12.0087 2008 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:01:12.0091 2008 CNG - ok
22:01:12.0093 2008 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:01:12.0094 2008 Compbatt - ok
22:01:12.0097 2008 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:01:12.0097 2008 CompositeBus - ok
22:01:12.0100 2008 COMSysApp - ok
22:01:12.0103 2008 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:01:12.0104 2008 crcdisk - ok
22:01:12.0109 2008 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:01:12.0111 2008 CryptSvc - ok
22:01:12.0119 2008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:01:12.0122 2008 DcomLaunch - ok
22:01:12.0129 2008 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:01:12.0131 2008 defragsvc - ok
22:01:12.0135 2008 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:01:12.0136 2008 DfsC - ok
22:01:12.0144 2008 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:01:12.0147 2008 Dhcp - ok
22:01:12.0150 2008 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:01:12.0151 2008 discache - ok
22:01:12.0154 2008 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:01:12.0155 2008 Disk - ok
22:01:12.0160 2008 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:01:12.0162 2008 Dnscache - ok
22:01:12.0167 2008 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:01:12.0170 2008 dot3svc - ok
22:01:12.0174 2008 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:01:12.0176 2008 DPS - ok
22:01:12.0179 2008 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:01:12.0180 2008 drmkaud - ok
22:01:12.0192 2008 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:01:12.0195 2008 DXGKrnl - ok
22:01:12.0200 2008 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:01:12.0201 2008 EapHost - ok
22:01:12.0237 2008 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:01:12.0265 2008 ebdrv - ok
22:01:12.0269 2008 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:01:12.0270 2008 EFS - ok
22:01:12.0280 2008 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:01:12.0286 2008 ehRecvr - ok
22:01:12.0290 2008 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:01:12.0291 2008 ehSched - ok
22:01:12.0300 2008 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:01:12.0304 2008 elxstor - ok
22:01:12.0307 2008 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:01:12.0308 2008 ErrDev - ok
22:01:12.0317 2008 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:01:12.0319 2008 EventSystem - ok
22:01:12.0323 2008 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:01:12.0325 2008 exfat - ok
22:01:12.0330 2008 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:01:12.0332 2008 fastfat - ok
22:01:12.0341 2008 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:01:12.0347 2008 Fax - ok
22:01:12.0350 2008 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:01:12.0351 2008 fdc - ok
22:01:12.0353 2008 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:01:12.0354 2008 fdPHost - ok
22:01:12.0356 2008 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:01:12.0357 2008 FDResPub - ok
22:01:12.0360 2008 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:01:12.0361 2008 FileInfo - ok
22:01:12.0363 2008 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:01:12.0364 2008 Filetrace - ok
22:01:12.0373 2008 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:01:12.0379 2008 FLEXnet Licensing Service - ok
22:01:12.0381 2008 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:01:12.0382 2008 flpydisk - ok
22:01:12.0388 2008 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:01:12.0390 2008 FltMgr - ok
22:01:12.0404 2008 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
22:01:12.0415 2008 FontCache - ok
22:01:12.0419 2008 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:01:12.0421 2008 FontCache3.0.0.0 - ok
22:01:12.0424 2008 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:01:12.0424 2008 FsDepends - ok
22:01:12.0427 2008 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:01:12.0427 2008 Fs_Rec - ok
22:01:12.0433 2008 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:01:12.0435 2008 fvevol - ok
22:01:12.0438 2008 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:01:12.0439 2008 gagp30kx - ok
22:01:12.0450 2008 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:01:12.0456 2008 gpsvc - ok
22:01:12.0463 2008 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:01:12.0464 2008 gupdate - ok
22:01:12.0468 2008 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:01:12.0469 2008 gupdatem - ok
22:01:12.0477 2008 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:01:12.0479 2008 gusvc - ok
22:01:12.0482 2008 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:01:12.0483 2008 hcw85cir - ok
22:01:12.0489 2008 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:01:12.0492 2008 HdAudAddService - ok
22:01:12.0496 2008 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:01:12.0497 2008 HDAudBus - ok
22:01:12.0500 2008 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:01:12.0501 2008 HidBatt - ok
22:01:12.0504 2008 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:01:12.0505 2008 HidBth - ok
22:01:12.0508 2008 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:01:12.0509 2008 HidIr - ok
22:01:12.0512 2008 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:01:12.0513 2008 hidserv - ok
22:01:12.0516 2008 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:01:12.0517 2008 HidUsb - ok
22:01:12.0521 2008 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:01:12.0522 2008 hkmsvc - ok
22:01:12.0529 2008 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:01:12.0531 2008 HomeGroupListener - ok
22:01:12.0536 2008 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:01:12.0538 2008 HomeGroupProvider - ok
22:01:12.0541 2008 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:01:12.0542 2008 HpSAMD - ok
22:01:12.0552 2008 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:01:12.0558 2008 HTTP - ok
22:01:12.0561 2008 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:01:12.0561 2008 hwpolicy - ok
22:01:12.0565 2008 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:01:12.0566 2008 i8042prt - ok
22:01:12.0573 2008 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:01:12.0576 2008 iaStorV - ok
22:01:12.0588 2008 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:01:12.0595 2008 idsvc - ok
22:01:12.0599 2008 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:01:12.0600 2008 iirsp - ok
22:01:12.0611 2008 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:01:12.0618 2008 IKEEXT - ok
22:01:12.0645 2008 [ 697C927E0DE2ABAF1A5F455033F687CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:01:12.0654 2008 IntcAzAudAddService - ok
22:01:12.0658 2008 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:01:12.0658 2008 intelide - ok
22:01:12.0661 2008 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:01:12.0662 2008 intelppm - ok
22:01:12.0665 2008 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:01:12.0666 2008 IPBusEnum - ok
22:01:12.0670 2008 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:01:12.0671 2008 IpFilterDriver - ok
22:01:12.0682 2008 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:01:12.0687 2008 iphlpsvc - ok
22:01:12.0691 2008 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:01:12.0692 2008 IPMIDRV - ok
22:01:12.0696 2008 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:01:12.0697 2008 IPNAT - ok
22:01:12.0700 2008 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:01:12.0701 2008 IRENUM - ok
22:01:12.0703 2008 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:01:12.0704 2008 isapnp - ok
22:01:12.0710 2008 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:01:12.0712 2008 iScsiPrt - ok
22:01:12.0715 2008 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:01:12.0715 2008 kbdclass - ok
22:01:12.0718 2008 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:01:12.0719 2008 kbdhid - ok
22:01:12.0721 2008 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:01:12.0722 2008 KeyIso - ok
22:01:12.0726 2008 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:01:12.0726 2008 KSecDD - ok
22:01:12.0731 2008 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:01:12.0732 2008 KSecPkg - ok
22:01:12.0735 2008 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:01:12.0736 2008 ksthunk - ok
22:01:12.0742 2008 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:01:12.0746 2008 KtmRm - ok
22:01:12.0751 2008 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:01:12.0754 2008 LanmanServer - ok
22:01:12.0757 2008 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:01:12.0759 2008 LanmanWorkstation - ok
22:01:12.0764 2008 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:01:12.0764 2008 lltdio - ok
22:01:12.0770 2008 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:01:12.0773 2008 lltdsvc - ok
22:01:12.0776 2008 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:01:12.0777 2008 lmhosts - ok
22:01:12.0781 2008 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:01:12.0783 2008 LSI_FC - ok
22:01:12.0786 2008 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:01:12.0787 2008 LSI_SAS - ok
22:01:12.0790 2008 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:01:12.0791 2008 LSI_SAS2 - ok
22:01:12.0795 2008 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:01:12.0796 2008 LSI_SCSI - ok
22:01:12.0799 2008 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:01:12.0801 2008 luafv - ok
22:01:12.0805 2008 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:01:12.0805 2008 MBAMProtector - ok
22:01:12.0812 2008 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:01:12.0815 2008 MBAMScheduler - ok
22:01:12.0824 2008 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:01:12.0827 2008 MBAMService - ok
22:01:12.0831 2008 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:01:12.0833 2008 Mcx2Svc - ok
22:01:12.0835 2008 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:01:12.0836 2008 megasas - ok
22:01:12.0842 2008 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:01:12.0844 2008 MegaSR - ok
22:01:12.0847 2008 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:01:12.0849 2008 MMCSS - ok
22:01:12.0852 2008 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:01:12.0853 2008 Modem - ok
22:01:12.0856 2008 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:01:12.0856 2008 monitor - ok
22:01:12.0859 2008 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:01:12.0859 2008 mouclass - ok
22:01:12.0862 2008 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:01:12.0863 2008 mouhid - ok
22:01:12.0866 2008 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:01:12.0867 2008 mountmgr - ok
22:01:12.0871 2008 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:01:12.0873 2008 MozillaMaintenance - ok
22:01:12.0878 2008 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:01:12.0879 2008 mpio - ok
22:01:12.0882 2008 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:01:12.0884 2008 mpsdrv - ok
22:01:12.0898 2008 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:01:12.0905 2008 MpsSvc - ok
22:01:12.0910 2008 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:01:12.0911 2008 MRxDAV - ok
22:01:12.0916 2008 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:01:12.0917 2008 mrxsmb - ok
22:01:12.0923 2008 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:01:12.0926 2008 mrxsmb10 - ok
22:01:12.0929 2008 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:01:12.0931 2008 mrxsmb20 - ok
22:01:12.0934 2008 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:01:12.0934 2008 msahci - ok
22:01:12.0938 2008 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:01:12.0939 2008 msdsm - ok
22:01:12.0943 2008 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:01:12.0945 2008 MSDTC - ok
22:01:12.0950 2008 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:01:12.0950 2008 Msfs - ok
22:01:12.0952 2008 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:01:12.0953 2008 mshidkmdf - ok
22:01:12.0956 2008 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:01:12.0956 2008 msisadrv - ok
22:01:12.0960 2008 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:01:12.0962 2008 MSiSCSI - ok
22:01:12.0964 2008 msiserver - ok
22:01:12.0967 2008 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:01:12.0968 2008 MSKSSRV - ok
22:01:12.0970 2008 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:01:12.0970 2008 MSPCLOCK - ok
22:01:12.0972 2008 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:01:12.0973 2008 MSPQM - ok
22:01:12.0979 2008 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:01:12.0982 2008 MsRPC - ok
22:01:12.0986 2008 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:01:12.0986 2008 mssmbios - ok
22:01:12.0988 2008 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:01:12.0989 2008 MSTEE - ok
22:01:12.0992 2008 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:01:12.0992 2008 MTConfig - ok
22:01:12.0995 2008 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:01:12.0995 2008 Mup - ok
22:01:13.0003 2008 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:01:13.0007 2008 napagent - ok
22:01:13.0013 2008 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:01:13.0016 2008 NativeWifiP - ok
22:01:13.0025 2008 [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
22:01:13.0027 2008 NAUpdate - ok
22:01:13.0031 2008 [ 7B2D90BBBBED11C8DFBA441D34AE901E ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys
22:01:13.0032 2008 NBVol - ok
22:01:13.0034 2008 [ 4FE7B5757279D82C4D171E9F7FD52A75 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys
22:01:13.0034 2008 NBVolUp - ok
22:01:13.0047 2008 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:01:13.0054 2008 NDIS - ok
22:01:13.0057 2008 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:01:13.0058 2008 NdisCap - ok
22:01:13.0061 2008 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:01:13.0062 2008 NdisTapi - ok
22:01:13.0064 2008 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:01:13.0065 2008 Ndisuio - ok
22:01:13.0069 2008 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:01:13.0071 2008 NdisWan - ok
22:01:13.0074 2008 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:01:13.0075 2008 NDProxy - ok
22:01:13.0078 2008 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:01:13.0079 2008 NetBIOS - ok
22:01:13.0084 2008 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:01:13.0086 2008 NetBT - ok
22:01:13.0089 2008 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:01:13.0089 2008 Netlogon - ok
22:01:13.0096 2008 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:01:13.0098 2008 Netman - ok
22:01:13.0106 2008 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:01:13.0110 2008 netprofm - ok
22:01:13.0113 2008 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:01:13.0114 2008 NetTcpPortSharing - ok
22:01:13.0117 2008 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:01:13.0118 2008 nfrd960 - ok
22:01:13.0124 2008 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:01:13.0127 2008 NlaSvc - ok
22:01:13.0130 2008 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:01:13.0131 2008 Npfs - ok
22:01:13.0134 2008 [ 95A2AB418251A3B2A2571CDE880B80D0 ] npusbio C:\Windows\system32\Drivers\npusbio_x64.sys
22:01:13.0134 2008 npusbio - ok
22:01:13.0137 2008 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:01:13.0138 2008 nsi - ok
22:01:13.0141 2008 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:01:13.0141 2008 nsiproxy - ok
22:01:13.0160 2008 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:01:13.0174 2008 Ntfs - ok
22:01:13.0177 2008 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:01:13.0178 2008 Null - ok
22:01:13.0181 2008 [ 088CD71003F21F96F01C63955150A1FB ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
22:01:13.0182 2008 nusb3hub - ok
22:01:13.0187 2008 [ D90A2D44E93DAEA47AEA946D9E87000F ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:01:13.0189 2008 nusb3xhc - ok
22:01:13.0194 2008 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:01:13.0194 2008 NVHDA - ok
22:01:13.0356 2008 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:01:13.0411 2008 nvlddmkm - ok
22:01:13.0421 2008 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:01:13.0423 2008 nvraid - ok
22:01:13.0427 2008 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:01:13.0429 2008 nvstor - ok
22:01:13.0440 2008 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:01:13.0447 2008 nvsvc - ok
22:01:13.0462 2008 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:01:13.0467 2008 nvUpdatusService - ok
22:01:13.0472 2008 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:01:13.0473 2008 nv_agp - ok
22:01:13.0476 2008 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:01:13.0477 2008 ohci1394 - ok
22:01:13.0483 2008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:01:13.0487 2008 p2pimsvc - ok
22:01:13.0493 2008 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:01:13.0497 2008 p2psvc - ok
22:01:13.0501 2008 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:01:13.0502 2008 Parport - ok
22:01:13.0505 2008 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:01:13.0506 2008 partmgr - ok
22:01:13.0511 2008 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:01:13.0513 2008 PcaSvc - ok
22:01:13.0517 2008 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:01:13.0519 2008 pci - ok
22:01:13.0522 2008 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:01:13.0522 2008 pciide - ok
22:01:13.0527 2008 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:01:13.0530 2008 pcmcia - ok
22:01:13.0533 2008 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:01:13.0533 2008 pcw - ok
22:01:13.0541 2008 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:01:13.0546 2008 PEAUTH - ok
22:01:13.0564 2008 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:01:13.0565 2008 PerfHost - ok
22:01:13.0585 2008 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:01:13.0598 2008 pla - ok
22:01:13.0605 2008 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:01:13.0609 2008 PlugPlay - ok
22:01:13.0612 2008 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:01:13.0614 2008 PNRPAutoReg - ok
22:01:13.0619 2008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:01:13.0621 2008 PNRPsvc - ok
22:01:13.0629 2008 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:01:13.0633 2008 PolicyAgent - ok
22:01:13.0639 2008 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:01:13.0641 2008 Power - ok
22:01:13.0645 2008 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:01:13.0647 2008 PptpMiniport - ok
22:01:13.0651 2008 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:01:13.0652 2008 Processor - ok
22:01:13.0657 2008 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:01:13.0659 2008 ProfSvc - ok
22:01:13.0662 2008 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:01:13.0662 2008 ProtectedStorage - ok
22:01:13.0666 2008 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:01:13.0667 2008 Psched - ok
22:01:13.0671 2008 [ A6BF0A9B5A30D743623CA0D3BE35DF05 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:01:13.0671 2008 PxHlpa64 - ok
22:01:13.0688 2008 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:01:13.0702 2008 ql2300 - ok
22:01:13.0707 2008 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:01:13.0708 2008 ql40xx - ok
22:01:13.0713 2008 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:01:13.0716 2008 QWAVE - ok
22:01:13.0719 2008 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:01:13.0720 2008 QWAVEdrv - ok
22:01:13.0722 2008 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:01:13.0723 2008 RasAcd - ok
22:01:13.0727 2008 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:01:13.0728 2008 RasAgileVpn - ok
22:01:13.0731 2008 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:01:13.0733 2008 RasAuto - ok
22:01:13.0736 2008 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:01:13.0738 2008 Rasl2tp - ok
22:01:13.0744 2008 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:01:13.0747 2008 RasMan - ok
22:01:13.0750 2008 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:01:13.0752 2008 RasPppoe - ok
22:01:13.0755 2008 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:01:13.0756 2008 RasSstp - ok
22:01:13.0761 2008 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:01:13.0764 2008 rdbss - ok
22:01:13.0766 2008 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:01:13.0767 2008 rdpbus - ok
22:01:13.0770 2008 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:01:13.0771 2008 RDPCDD - ok
22:01:13.0774 2008 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:01:13.0775 2008 RDPENCDD - ok
22:01:13.0779 2008 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:01:13.0779 2008 RDPREFMP - ok
22:01:13.0784 2008 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:01:13.0786 2008 RDPWD - ok
22:01:13.0791 2008 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:01:13.0793 2008 rdyboost - ok
22:01:13.0797 2008 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:01:13.0799 2008 RemoteAccess - ok
22:01:13.0803 2008 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:01:13.0805 2008 RemoteRegistry - ok
22:01:13.0808 2008 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
22:01:13.0809 2008 RimUsb - ok
22:01:13.0812 2008 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:01:13.0814 2008 RpcEptMapper - ok
22:01:13.0816 2008 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:01:13.0817 2008 RpcLocator - ok
22:01:13.0824 2008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
22:01:13.0827 2008 RpcSs - ok
22:01:13.0831 2008 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:01:13.0832 2008 rspndr - ok
22:01:13.0837 2008 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:01:13.0838 2008 RTL8167 - ok
22:01:13.0841 2008 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:01:13.0842 2008 SamSs - ok
22:01:13.0845 2008 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:01:13.0847 2008 sbp2port - ok
22:01:13.0851 2008 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:01:13.0854 2008 SCardSvr - ok
22:01:13.0856 2008 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:01:13.0857 2008 scfilter - ok
22:01:13.0869 2008 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:01:13.0880 2008 Schedule - ok
22:01:13.0884 2008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:01:13.0884 2008 SCPolicySvc - ok
22:01:13.0889 2008 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:01:13.0891 2008 SDRSVC - ok
22:01:13.0894 2008 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:01:13.0895 2008 secdrv - ok
22:01:13.0897 2008 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:01:13.0899 2008 seclogon - ok
22:01:13.0902 2008 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:01:13.0903 2008 SENS - ok
22:01:13.0906 2008 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:01:13.0908 2008 SensrSvc - ok
22:01:13.0912 2008 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:01:13.0913 2008 Serenum - ok
22:01:13.0916 2008 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:01:13.0917 2008 Serial - ok
22:01:13.0920 2008 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:01:13.0921 2008 sermouse - ok
22:01:13.0927 2008 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:01:13.0929 2008 SessionEnv - ok
22:01:13.0932 2008 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:01:13.0933 2008 sffdisk - ok
22:01:13.0935 2008 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:01:13.0936 2008 sffp_mmc - ok
22:01:13.0938 2008 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:01:13.0939 2008 sffp_sd - ok
22:01:13.0941 2008 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:01:13.0942 2008 sfloppy - ok
22:01:13.0948 2008 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:01:13.0951 2008 SharedAccess - ok
22:01:13.0958 2008 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:01:13.0961 2008 ShellHWDetection - ok
22:01:13.0964 2008 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:01:13.0965 2008 SiSRaid2 - ok
22:01:13.0969 2008 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:01:13.0970 2008 SiSRaid4 - ok
22:01:13.0973 2008 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:01:13.0974 2008 Smb - ok
22:01:13.0979 2008 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:01:13.0980 2008 SNMPTRAP - ok
22:01:13.0983 2008 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:01:13.0983 2008 spldr - ok
22:01:13.0991 2008 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
22:01:13.0994 2008 Spooler - ok
22:01:14.0030 2008 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:01:14.0045 2008 sppsvc - ok
22:01:14.0049 2008 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:01:14.0051 2008 sppuinotify - ok
22:01:14.0058 2008 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:01:14.0062 2008 srv - ok
22:01:14.0068 2008 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:01:14.0071 2008 srv2 - ok
22:01:14.0076 2008 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:01:14.0077 2008 srvnet - ok
22:01:14.0082 2008 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:01:14.0084 2008 SSDPSRV - ok
22:01:14.0087 2008 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:01:14.0089 2008 SstpSvc - ok
22:01:14.0095 2008 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:01:14.0097 2008 Stereo Service - ok
22:01:14.0099 2008 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:01:14.0100 2008 stexstor - ok
22:01:14.0108 2008 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:01:14.0113 2008 stisvc - ok
22:01:14.0117 2008 [ AC95ECF2856B6C716AFF2FBC449845B9 ] STTub203 C:\Windows\system32\Drivers\STTub203.sys
22:01:14.0117 2008 STTub203 - ok
22:01:14.0119 2008 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:01:14.0120 2008 swenum - ok
22:01:14.0127 2008 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:01:14.0132 2008 swprv - ok
22:01:14.0150 2008 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:01:14.0166 2008 SysMain - ok
22:01:14.0170 2008 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:01:14.0172 2008 TabletInputService - ok
22:01:14.0178 2008 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:01:14.0182 2008 TapiSrv - ok
22:01:14.0185 2008 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:01:14.0186 2008 TBS - ok
22:01:14.0206 2008 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:01:14.0222 2008 Tcpip - ok
22:01:14.0244 2008 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:01:14.0251 2008 TCPIP6 - ok
22:01:14.0256 2008 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:01:14.0257 2008 tcpipreg - ok
22:01:14.0260 2008 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:01:14.0261 2008 TDPIPE - ok
22:01:14.0263 2008 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:01:14.0264 2008 TDTCP - ok
22:01:14.0267 2008 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:01:14.0269 2008 tdx - ok
22:01:14.0296 2008 [ 8A9828975A857E477EFEF5A61BA45AC0 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
22:01:14.0305 2008 TeamViewer6 - ok
22:01:14.0335 2008 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:01:14.0345 2008 TeamViewer7 - ok
22:01:14.0349 2008 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:01:14.0350 2008 TermDD - ok
22:01:14.0359 2008 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:01:14.0365 2008 TermService - ok
22:01:14.0368 2008 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:01:14.0369 2008 Themes - ok
22:01:14.0372 2008 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:01:14.0373 2008 THREADORDER - ok
22:01:14.0376 2008 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:01:14.0378 2008 TrkWks - ok
22:01:14.0382 2008 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:01:14.0384 2008 TrustedInstaller - ok
22:01:14.0387 2008 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:01:14.0388 2008 tssecsrv - ok
22:01:14.0391 2008 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:01:14.0392 2008 TsUsbFlt - ok
22:01:14.0396 2008 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:01:14.0398 2008 tunnel - ok
22:01:14.0401 2008 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:01:14.0402 2008 uagp35 - ok
22:01:14.0407 2008 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:01:14.0410 2008 udfs - ok
22:01:14.0415 2008 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:01:14.0416 2008 UI0Detect - ok
22:01:14.0419 2008 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:01:14.0420 2008 uliagpkx - ok
22:01:14.0423 2008 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:01:14.0424 2008 umbus - ok
22:01:14.0426 2008 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:01:14.0426 2008 UmPass - ok
22:01:14.0432 2008 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:01:14.0436 2008 upnphost - ok
22:01:14.0439 2008 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:01:14.0440 2008 usbccgp - ok
22:01:14.0444 2008 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:01:14.0445 2008 usbcir - ok
22:01:14.0448 2008 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:01:14.0448 2008 usbehci - ok
22:01:14.0454 2008 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:01:14.0457 2008 usbhub - ok
22:01:14.0460 2008 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:01:14.0461 2008 usbohci - ok
22:01:14.0463 2008 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:01:14.0464 2008 usbprint - ok
22:01:14.0467 2008 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:01:14.0468 2008 USBSTOR - ok
22:01:14.0470 2008 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:01:14.0471 2008 usbuhci - ok
22:01:14.0473 2008 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:01:14.0475 2008 UxSms - ok
22:01:14.0477 2008 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:01:14.0478 2008 VaultSvc - ok
22:01:14.0480 2008 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:01:14.0481 2008 vdrvroot - ok
22:01:14.0488 2008 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:01:14.0493 2008 vds - ok
22:01:14.0496 2008 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:01:14.0497 2008 vga - ok
22:01:14.0499 2008 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:01:14.0500 2008 VgaSave - ok
22:01:14.0504 2008 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:01:14.0506 2008 vhdmp - ok
22:01:14.0510 2008 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:01:14.0510 2008 viaide - ok
22:01:14.0513 2008 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:01:14.0514 2008 volmgr - ok
22:01:14.0520 2008 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:01:14.0522 2008 volmgrx - ok
22:01:14.0528 2008 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:01:14.0530 2008 volsnap - ok
22:01:14.0535 2008 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:01:14.0536 2008 vsmraid - ok
22:01:14.0553 2008 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:01:14.0568 2008 VSS - ok
22:01:14.0571 2008 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:01:14.0571 2008 vwifibus - ok
22:01:14.0578 2008 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:01:14.0582 2008 W32Time - ok
22:01:14.0586 2008 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:01:14.0586 2008 WacomPen - ok
22:01:14.0590 2008 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:01:14.0592 2008 WANARP - ok
22:01:14.0594 2008 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:01:14.0595 2008 Wanarpv6 - ok
22:01:14.0609 2008 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:01:14.0620 2008 WatAdminSvc - ok
22:01:14.0637 2008 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:01:14.0650 2008 wbengine - ok
22:01:14.0656 2008 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:01:14.0658 2008 WbioSrvc - ok
22:01:14.0664 2008 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:01:14.0669 2008 wcncsvc - ok
22:01:14.0671 2008 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:01:14.0673 2008 WcsPlugInService - ok
22:01:14.0675 2008 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:01:14.0676 2008 Wd - ok
22:01:14.0684 2008 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:01:14.0689 2008 Wdf01000 - ok
22:01:14.0693 2008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:01:14.0694 2008 WdiServiceHost - ok
22:01:14.0696 2008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:01:14.0698 2008 WdiSystemHost - ok
22:01:14.0702 2008 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:01:14.0705 2008 WebClient - ok
22:01:14.0710 2008 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:01:14.0713 2008 Wecsvc - ok
22:01:14.0716 2008 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:01:14.0718 2008 wercplsupport - ok
22:01:14.0721 2008 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:01:14.0723 2008 WerSvc - ok
22:01:14.0725 2008 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:01:14.0726 2008 WfpLwf - ok
22:01:14.0728 2008 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:01:14.0729 2008 WIMMount - ok
22:01:14.0737 2008 WinDefend - ok
22:01:14.0745 2008 [ 8258726D076C8FFF994F468712DDFBAB ] WindowBlinds C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
22:01:14.0747 2008 WindowBlinds - ok
22:01:14.0750 2008 WinHttpAutoProxySvc - ok
22:01:14.0757 2008 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:01:14.0759 2008 Winmgmt - ok
22:01:14.0765 2008 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
22:01:14.0766 2008 WinRing0_1_2_0 - ok
22:01:14.0786 2008 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:01:14.0804 2008 WinRM - ok
22:01:14.0811 2008 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:01:14.0811 2008 WinUsb - ok
22:01:14.0822 2008 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:01:14.0829 2008 Wlansvc - ok
22:01:14.0865 2008 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:01:14.0875 2008 wlidsvc - ok
22:01:14.0879 2008 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:01:14.0879 2008 WmiAcpi - ok
22:01:14.0884 2008 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:01:14.0886 2008 wmiApSrv - ok
22:01:14.0888 2008 WMPNetworkSvc - ok
22:01:14.0891 2008 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:01:14.0893 2008 WPCSvc - ok
22:01:14.0896 2008 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:01:14.0898 2008 WPDBusEnum - ok
22:01:14.0901 2008 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:01:14.0902 2008 ws2ifsl - ok
22:01:14.0905 2008 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:01:14.0907 2008 wscsvc - ok
22:01:14.0909 2008 WSearch - ok
22:01:14.0936 2008 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:01:14.0958 2008 wuauserv - ok
22:01:14.0962 2008 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:01:14.0964 2008 WudfPf - ok
22:01:14.0968 2008 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:01:14.0970 2008 WUDFRd - ok
22:01:14.0973 2008 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:01:14.0975 2008 wudfsvc - ok
22:01:14.0979 2008 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:01:14.0982 2008 WwanSvc - ok
22:01:14.0986 2008 ================ Scan global ===============================
22:01:14.0988 2008 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:01:14.0993 2008 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:01:14.0998 2008 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:01:15.0002 2008 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:01:15.0008 2008 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:01:15.0011 2008 [Global] - ok
22:01:15.0011 2008 ================ Scan MBR ==================================
22:01:15.0013 2008 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:01:15.0087 2008 \Device\Harddisk0\DR0 - ok
22:01:15.0087 2008 ================ Scan VBR ==================================
22:01:15.0089 2008 [ B4D219294B30D2CF96986EDB5CABD3A0 ] \Device\Harddisk0\DR0\Partition1
22:01:15.0091 2008 \Device\Harddisk0\DR0\Partition1 - ok
22:01:15.0093 2008 [ F22927C9C701A1623AEDE84A15C4ED24 ] \Device\Harddisk0\DR0\Partition2
22:01:15.0094 2008 \Device\Harddisk0\DR0\Partition2 - ok
22:01:15.0095 2008 ============================================================
22:01:15.0095 2008 Scan finished
22:01:15.0095 2008 ============================================================
22:01:15.0102 1912 Detected object count: 0
22:01:15.0102 1912 Actual detected object count: 0

And....

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-06 22:03:19
-----------------------------
22:03:19.659 OS Version: Windows x64 6.1.7601 Service Pack 1
22:03:19.659 Number of processors: 4 586 0x1E05
22:03:19.659 ComputerName: ALIENI5 UserName: owner
22:03:19.843 Initialize success
22:06:22.502 AVAST engine defs: 12120602
22:07:12.330 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
22:07:12.338 Disk 0 Vendor: SAMSUNG_MMCRE28G8MXP-0VBL1 VBM1EL1Q Size: 122104MB BusType: 11
22:07:12.344 Disk 0 MBR read successfully
22:07:12.349 Disk 0 MBR scan
22:07:12.355 Disk 0 Windows 7 default MBR code
22:07:12.360 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:07:12.365 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
22:07:12.376 Disk 0 scanning C:\Windows\system32\drivers
22:07:14.628 Service scanning
22:07:22.711 Modules scanning
22:07:22.724 Disk 0 trace - called modules:
22:07:22.735 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:07:22.741 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004dad060]
22:07:22.746 3 CLASSPNP.SYS[fffff880019b143f] -> nt!IofCallDriver -> [0xfffffa8004abb1e0]
22:07:22.750 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004a91060]
22:07:23.016 AVAST engine scan C:\Windows
22:07:23.666 AVAST engine scan C:\Windows\system32
22:08:18.182 AVAST engine scan C:\Windows\system32\drivers
22:08:20.958 AVAST engine scan C:\Users\owner
22:08:53.124 AVAST engine scan C:\ProgramData
22:08:57.754 Scan finished successfully
22:13:10.273 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
22:13:10.282 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"


Geezzzzz Gringo we must be getting close! :)

Menessis

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 PM

Posted 09 December 2012 - 02:35 PM

Hello


sorry for the delay you slipped by me somehow



I would like you to explain this to me a little more and what you did to fix it "The Default gateway numbers where gone"





These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8.1.0
Java™ 7 Update 5
JavaFX 2.1.1
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Menessis

Menessis
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 09 December 2012 - 07:58 PM

Hi Gringo.

Well last time out after following the instructions. Don't remember now. But after the reboot I didn't have an internet connection. A little digging and I went to "change adapter settings" - "properties" and found that the box forDefault gateway was empty. I just typed it back in.

I uninstalled using the software I already have. It's called Your Unin-staller. Seems to work good. Cleans the reg and all left over files.

I didn't put the new Adobe Reader in yet.

Re installed Java, and ran the scans.

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.09.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
owner :: ALIENI5 [administrator]

Protection: Disabled

12/9/2012 7:43:41 PM
mbam-log-2012-12-09 (19-43-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229496
Time elapsed: 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

and this one.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:46:26 PM, on 12/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PI Engineering\MacroWorks 3\MacroWorks 3.exe
C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
C:\Program Files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Users\owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HOTASMode] "C:\Program Files (x86)\HOTAS\HOTASConfig.exe" /MODE /FOXY /AU /DM /BU "/PC:\Program Files (x86)\HOTAS\Profiles\A_Great_Day.tmc"
O4 - HKUS\S-1-5-21-1889143696-757944529-1089859472-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1889143696-757944529-1089859472-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - S-1-5-21-1889143696-757944529-1089859472-1003 User Startup: IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (User 'UpdatusUser')
O4 - .DEFAULT User Startup: IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (User 'Default user')
O4 - Startup: MacroWorks 3.lnk = C:\Program Files (x86)\PI Engineering\MacroWorks 3\MacroWorks 3.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8199BD67-9E40-4DC5-9011-7B020B4DC614}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8199BD67-9E40-4DC5-9011-7B020B4DC614}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8199BD67-9E40-4DC5-9011-7B020B4DC614}: NameServer = 192.168.0.1
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9316 bytes


Closer and closer. LOL
Thanks Gringo

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:10 PM

Posted 09 December 2012 - 10:24 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKUS\S-1-5-21-1889143696-757944529-1089859472-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1889143696-757944529-1089859472-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - S-1-5-21-1889143696-757944529-1089859472-1003 User Startup: IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (User 'UpdatusUser')
      O4 - .DEFAULT User Startup: IconPackager.lnk = C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (User 'Default user')
      O4 - Startup: MacroWorks 3.lnk = C:\Program Files (x86)\PI Engineering\MacroWorks 3\MacroWorks 3.exe
      O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
      O4 - Startup: Office Startup.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
      O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Menessis

Menessis
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 10 December 2012 - 02:20 AM

Well OK Gringo! I removed a bunch of the start up programs. I ran the ESET Scan and it didn't find anything.

So can I go back and try to figure out why i can't get the xp machine and the win7 machine to network properly?

Menessis

Edited by Menessis, 10 December 2012 - 06:09 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users