Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Ransom


  • Please log in to reply
27 replies to this topic

#1 patty64cakes

patty64cakes

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 18 December 2012 - 07:33 PM

Followed instructions per this site (Emsisoft download)also ran a malwarebytes after completing. Also, noticed that my firewall was gone at this same time could not start it or fix, window 7 could not update. Download zone alarm security,then I get the FBI screen again, I follow the instructions again, finish and download secunia which says all my programs are up to date. then I just went ahead an downloaded the dds,computer still doesn't seem to be running correctly yet.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Patty at 5:59:30 on 2012-12-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6319 [GMT -5:00]
.
AV: System Shield *Enabled/Updated* {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: System Shield *Enabled/Updated* {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Secunia\PSI\PSI_TRAY.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
LSP: C:\Windows\System32\iavlsp.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3A3C4694-513E-490F-ADCF-B664F354A08F} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 pxscan;pxscan;C:\Windows\System32\drivers\pxscan.sys [2012-12-16 36384]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\Patty\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-12-18 23208]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-12-17 30752]
R1 pxrts;pxrts;C:\Windows\System32\drivers\pxrts.sys [2012-12-16 65736]
R2 AMP;Active Malware Protection Minifilter Driver;C:\Windows\System32\drivers\amp.sys [2012-5-25 173408]
R2 AMPSE;Active Malware Protection Support Driver;C:\Windows\System32\drivers\ampse.sys [2012-9-28 1496416]
R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2012-12-2 6724632]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-11-11 1028464]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-2 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-11-2 827560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-16 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-16 676936]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-9-28 82160]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 vseamps;vseamps;C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2012-5-25 121184]
R2 vsedsps;vsedsps;C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2012-5-25 119136]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-16 25928]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;C:\Windows\System32\drivers\OA002Afx.sys [2007-6-7 219544]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\System32\drivers\OA002Ufd.sys [2008-6-3 168864]
R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\System32\drivers\OA002Vid.sys [2008-7-31 306560]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-9-29 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 vseqrts;vseqrts;C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2012-5-25 180576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-29 1255736]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE "%1"
FileExt: .vbs: VBSFile=NOTEPAD.EXE "%1"
FileExt: .js: JSFile=NOTEPAD.EXE "%1"
FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"
FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1"
.
=============== Created Last 30 ================
.
2012-12-18 10:48:16 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-18 10:41:46 -------- d-----w- C:\Users\Patty\AppData\Local\Secunia PSI
2012-12-18 10:41:35 -------- d-----w- C:\Program Files (x86)\Secunia
2012-12-17 10:49:52 30752 ----a-w- C:\Windows\System32\drivers\ElRawDsk.sys
2012-12-17 03:17:21 36384 ----a-w- C:\Windows\System32\drivers\pxscan.sys
2012-12-17 03:17:20 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2012-12-17 02:53:26 -------- d-----w- C:\Users\Patty\AppData\Roaming\CheckPoint
2012-12-17 02:52:30 -------- d-----w- C:\Program Files\CheckPoint
2012-12-17 02:50:39 -------- d-----w- C:\Program Files (x86)\CheckPoint
2012-12-17 02:50:38 -------- d-----w- C:\ProgramData\CheckPoint
2012-12-17 00:08:01 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-17 00:08:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-16 08:02:04 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-16 08:02:04 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-16 08:02:04 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-16 08:02:04 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-16 08:00:56 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-12-16 08:00:56 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-12-16 08:00:55 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-12-16 08:00:55 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-12-16 08:00:54 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-12-16 08:00:53 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-12-16 08:00:53 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-12-15 16:47:01 -------- d-----w- C:\Users\Patty\AppData\Local\ElevatedDiagnostics
2012-12-15 05:16:28 -------- d-----w- C:\ProgramData\W3i
2012-12-15 01:41:21 -------- d-----w- C:\Users\Patty\AppData\Roaming\Xawuyv
2012-12-15 01:41:21 -------- d-----w- C:\Users\Patty\AppData\Roaming\Myema
2012-12-15 01:41:21 -------- d-----w- C:\Users\Patty\AppData\Roaming\Imze
2012-12-13 06:48:06 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-13 06:48:06 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-13 06:48:06 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-13 06:48:06 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-13 06:46:48 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-13 06:46:47 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-13 06:46:47 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-04 08:15:50 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B55D69E7-11D9-418C-8A44-E3CDC6612036}\mpengine.dll
2012-12-02 22:07:42 -------- d-----w- C:\Program Files\Prevx
2012-12-02 22:07:14 -------- d-----w- C:\ProgramData\PrevxCSI
2012-11-25 19:54:25 -------- d-----w- C:\Users\Patty\AppData\Roaming\Malwarebytes
2012-11-25 19:54:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-25 19:47:00 -------- d-----w- C:\Users\Patty\AppData\Local\Google
2012-11-25 19:46:58 -------- d-----w- C:\ProgramData\Tarma Installer
2012-11-25 19:46:52 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-11-25 15:36:31 -------- d-----w- C:\ProgramData\2AAFCB37743EA2E000002AAFA08BA6B3
.
==================== Find3M ====================
.
2012-12-18 10:48:05 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-18 10:48:05 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-11 23:28:45 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 23:28:45 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-11 23:28:11 15728568 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-11-29 16:12:24 57144 ----a-w- C:\Windows\System32\iolobtdfg.exe
2012-11-29 16:12:16 25744 ----a-w- C:\Windows\System32\smrgdf.exe
2012-11-29 15:53:20 2155248 ----a-w- C:\Windows\System32\Incinerator64.dll
2012-11-29 15:53:18 2097032 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-01 20:31:48 450136 ----a-w- C:\Windows\System32\drivers\vsdatant.sys
2012-10-21 19:58:05 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:20:41 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-10-08 11:20:41 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 17:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-09-28 23:43:45 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
.
============= FINISH: 6:00:07.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 20 December 2012 - 07:09 PM

Hello patty64cakes,

The logs show you have two antivirus programs installed, with both Zone Alarm and Authentium. This will cause each to corrupt the other, as well as the system, and both will need to be uninstalled in order to effect other repairs.

Right off see if you can access Safe Mode, where the malware is less active. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.


The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Go HERE and download Cédric GEORGEOT's CAT – Crisis Aversion Tool, then click that cat.exe to run the tool.

(For the download link, scroll down and click "ici" in: Bref, un must have à télécharger d’urgence ici. <------)


When CAT opens, click the left-side Adjustments tab. Place a check next to:

Enable Windows Installer in Safe Mode

Then click Apply Checked Fixes, and agree to start the installer service. When it completes it's changes, click the upper left X and agree to close CAT. It will also open a log file - just close that for now.

A Caution - Please refrain from the temptation to effect other changes with CAT.

----------

Uninstall Zone Alarm. Reboot, back to Safe Mode if needed. Then uninstall Authentium, and reboot again. Please refrain from installing any other antivirus programs until we complete our work here.

----------

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested.
When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.

-----------

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop. Click the RogueKiller icon next to:

(Download link) : Lien de téléchargement:).

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
When prompted, type 1, and press Enter.
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

Edited by Jintan, 20 December 2012 - 07:10 PM.

Ad eundum quo no duck ante iit

#3 patty64cakes

patty64cakes
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 20 December 2012 - 10:52 PM

22:46:23.0959 1232 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:46:24.0427 1232 ============================================================
22:46:24.0427 1232 Current date / time: 2012/12/20 22:46:24.0427
22:46:24.0427 1232 SystemInfo:
22:46:24.0427 1232
22:46:24.0427 1232 OS Version: 6.1.7601 ServicePack: 1.0
22:46:24.0427 1232 Product type: Workstation
22:46:24.0427 1232 ComputerName: USER-PC
22:46:24.0427 1232 UserName: Patty
22:46:24.0427 1232 Windows directory: C:\Windows
22:46:24.0427 1232 System windows directory: C:\Windows
22:46:24.0427 1232 Running under WOW64
22:46:24.0427 1232 Processor architecture: Intel x64
22:46:24.0427 1232 Number of processors: 8
22:46:24.0427 1232 Page size: 0x1000
22:46:24.0427 1232 Boot type: Safe boot with network
22:46:24.0427 1232 ============================================================
22:46:25.0644 1232 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:46:25.0644 1232 Drive \Device\Harddisk1\DR1 - Size: 0x7470C05800 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:46:25.0956 1232 ============================================================
22:46:25.0956 1232 \Device\Harddisk0\DR0:
22:46:25.0956 1232 MBR partitions:
22:46:25.0956 1232 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
22:46:25.0956 1232 \Device\Harddisk1\DR1:
22:46:26.0003 1232 MBR partitions:
22:46:26.0003 1232 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384C41
22:46:26.0003 1232 ============================================================
22:46:26.0003 1232 C: <-> \Device\Harddisk0\DR0\Partition1
22:46:26.0018 1232 I: <-> \Device\Harddisk1\DR1\Partition1
22:46:26.0018 1232 ============================================================
22:46:26.0018 1232 Initialize success
22:46:26.0018 1232 ============================================================
22:46:29.0388 0352 ============================================================
22:46:29.0388 0352 Scan started
22:46:29.0388 0352 Mode: Manual;
22:46:29.0388 0352 ============================================================
22:46:30.0355 0352 ================ Scan system memory ========================
22:46:30.0355 0352 System memory - ok
22:46:30.0355 0352 ================ Scan services =============================
22:46:30.0464 0352 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:46:30.0464 0352 1394ohci - ok
22:46:30.0574 0352 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA C:\Users\Patty\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys
22:46:30.0574 0352 A2DDA - ok
22:46:30.0589 0352 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:46:30.0589 0352 ACPI - ok
22:46:30.0605 0352 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:46:30.0605 0352 AcpiPmi - ok
22:46:30.0667 0352 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:46:30.0667 0352 AdobeARMservice - ok
22:46:30.0730 0352 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:46:30.0730 0352 AdobeFlashPlayerUpdateSvc - ok
22:46:30.0761 0352 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:46:30.0776 0352 adp94xx - ok
22:46:30.0792 0352 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:46:30.0792 0352 adpahci - ok
22:46:30.0792 0352 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:46:30.0808 0352 adpu320 - ok
22:46:30.0823 0352 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:46:30.0823 0352 AeLookupSvc - ok
22:46:30.0854 0352 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:46:30.0854 0352 AFD - ok
22:46:30.0870 0352 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:46:30.0870 0352 agp440 - ok
22:46:30.0870 0352 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:46:30.0886 0352 ALG - ok
22:46:30.0886 0352 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:46:30.0886 0352 aliide - ok
22:46:30.0917 0352 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:46:30.0917 0352 amdide - ok
22:46:30.0948 0352 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:46:30.0948 0352 AmdK8 - ok
22:46:30.0979 0352 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:46:30.0979 0352 AmdPPM - ok
22:46:30.0995 0352 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:46:30.0995 0352 amdsata - ok
22:46:31.0010 0352 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:46:31.0010 0352 amdsbs - ok
22:46:31.0026 0352 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:46:31.0026 0352 amdxata - ok
22:46:31.0057 0352 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:46:31.0057 0352 AppID - ok
22:46:31.0073 0352 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:46:31.0088 0352 AppIDSvc - ok
22:46:31.0104 0352 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:46:31.0104 0352 Appinfo - ok
22:46:31.0135 0352 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:46:31.0135 0352 Apple Mobile Device - ok
22:46:31.0166 0352 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:46:31.0166 0352 arc - ok
22:46:31.0166 0352 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:46:31.0166 0352 arcsas - ok
22:46:31.0166 0352 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:46:31.0166 0352 AsyncMac - ok
22:46:31.0182 0352 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:46:31.0182 0352 atapi - ok
22:46:31.0213 0352 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:46:31.0213 0352 AudioEndpointBuilder - ok
22:46:31.0229 0352 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:46:31.0229 0352 AudioSrv - ok
22:46:31.0260 0352 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:46:31.0260 0352 AxInstSV - ok
22:46:31.0276 0352 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:46:31.0276 0352 b06bdrv - ok
22:46:31.0291 0352 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:46:31.0291 0352 b57nd60a - ok
22:46:31.0307 0352 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:46:31.0307 0352 BDESVC - ok
22:46:31.0307 0352 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:46:31.0322 0352 Beep - ok
22:46:31.0354 0352 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:46:31.0354 0352 BFE - ok
22:46:31.0385 0352 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:46:31.0416 0352 BITS - ok
22:46:31.0416 0352 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:46:31.0416 0352 blbdrive - ok
22:46:31.0463 0352 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:46:31.0463 0352 Bonjour Service - ok
22:46:31.0494 0352 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:46:31.0494 0352 bowser - ok
22:46:31.0494 0352 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:46:31.0494 0352 BrFiltLo - ok
22:46:31.0510 0352 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:46:31.0510 0352 BrFiltUp - ok
22:46:31.0525 0352 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:46:31.0525 0352 Browser - ok
22:46:31.0541 0352 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:46:31.0541 0352 Brserid - ok
22:46:31.0556 0352 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:46:31.0556 0352 BrSerWdm - ok
22:46:31.0556 0352 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:46:31.0556 0352 BrUsbMdm - ok
22:46:31.0556 0352 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:46:31.0556 0352 BrUsbSer - ok
22:46:31.0556 0352 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:46:31.0556 0352 BTHMODEM - ok
22:46:31.0572 0352 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:46:31.0572 0352 bthserv - ok
22:46:31.0588 0352 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:46:31.0588 0352 cdfs - ok
22:46:31.0619 0352 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:46:31.0619 0352 cdrom - ok
22:46:31.0634 0352 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:46:31.0634 0352 CertPropSvc - ok
22:46:31.0634 0352 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:46:31.0634 0352 circlass - ok
22:46:31.0650 0352 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:46:31.0650 0352 CLFS - ok
22:46:31.0697 0352 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:46:31.0712 0352 clr_optimization_v2.0.50727_32 - ok
22:46:31.0759 0352 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:46:31.0759 0352 clr_optimization_v2.0.50727_64 - ok
22:46:31.0806 0352 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:46:31.0837 0352 clr_optimization_v4.0.30319_32 - ok
22:46:31.0853 0352 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:46:31.0868 0352 clr_optimization_v4.0.30319_64 - ok
22:46:31.0868 0352 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:46:31.0884 0352 CmBatt - ok
22:46:31.0884 0352 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:46:31.0884 0352 cmdide - ok
22:46:31.0915 0352 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:46:31.0915 0352 CNG - ok
22:46:31.0931 0352 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:46:31.0931 0352 Compbatt - ok
22:46:31.0946 0352 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:46:31.0946 0352 CompositeBus - ok
22:46:31.0946 0352 COMSysApp - ok
22:46:31.0962 0352 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:46:31.0962 0352 crcdisk - ok
22:46:31.0993 0352 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:46:31.0993 0352 CryptSvc - ok
22:46:32.0087 0352 [ E7550C3F686A1D5712C9BFD85FE3BC3A ] CSIScanner C:\Program Files\Prevx\prevx.exe
22:46:32.0180 0352 CSIScanner - ok
22:46:32.0212 0352 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:46:32.0212 0352 DcomLaunch - ok
22:46:32.0243 0352 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:46:32.0243 0352 defragsvc - ok
22:46:32.0258 0352 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:46:32.0258 0352 DfsC - ok
22:46:32.0290 0352 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:46:32.0290 0352 Dhcp - ok
22:46:32.0321 0352 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:46:32.0321 0352 discache - ok
22:46:32.0336 0352 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:46:32.0336 0352 Disk - ok
22:46:32.0352 0352 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:46:32.0352 0352 Dnscache - ok
22:46:32.0399 0352 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:46:32.0399 0352 dot3svc - ok
22:46:32.0430 0352 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:46:32.0430 0352 DPS - ok
22:46:32.0461 0352 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:46:32.0477 0352 drmkaud - ok
22:46:32.0492 0352 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:46:32.0508 0352 DXGKrnl - ok
22:46:32.0508 0352 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
22:46:32.0524 0352 e1yexpress - ok
22:46:32.0555 0352 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:46:32.0555 0352 EapHost - ok
22:46:32.0617 0352 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:46:32.0664 0352 ebdrv - ok
22:46:32.0680 0352 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:46:32.0680 0352 EFS - ok
22:46:32.0726 0352 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:46:32.0742 0352 ehRecvr - ok
22:46:32.0773 0352 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:46:32.0789 0352 ehSched - ok
22:46:32.0789 0352 [ CB89057CF9C7F7BB356BE2406BBAEE39 ] ElRawDisk C:\Windows\system32\drivers\ElRawDsk.sys
22:46:32.0804 0352 ElRawDisk - ok
22:46:32.0820 0352 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:46:32.0836 0352 elxstor - ok
22:46:32.0836 0352 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:46:32.0836 0352 ErrDev - ok
22:46:32.0867 0352 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:46:32.0867 0352 EventSystem - ok
22:46:32.0882 0352 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:46:32.0882 0352 exfat - ok
22:46:32.0882 0352 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:46:32.0882 0352 fastfat - ok
22:46:32.0898 0352 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:46:32.0914 0352 Fax - ok
22:46:32.0914 0352 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:46:32.0914 0352 fdc - ok
22:46:32.0929 0352 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:46:32.0929 0352 fdPHost - ok
22:46:32.0945 0352 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:46:32.0945 0352 FDResPub - ok
22:46:32.0960 0352 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:46:32.0960 0352 FileInfo - ok
22:46:32.0960 0352 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:46:32.0976 0352 Filetrace - ok
22:46:32.0976 0352 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:46:32.0976 0352 flpydisk - ok
22:46:32.0976 0352 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:46:32.0992 0352 FltMgr - ok
22:46:33.0038 0352 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
22:46:33.0054 0352 FontCache - ok
22:46:33.0101 0352 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:46:33.0101 0352 FontCache3.0.0.0 - ok
22:46:33.0101 0352 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:46:33.0116 0352 FsDepends - ok
22:46:33.0132 0352 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:46:33.0132 0352 Fs_Rec - ok
22:46:33.0163 0352 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:46:33.0163 0352 fvevol - ok
22:46:33.0163 0352 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:46:33.0179 0352 gagp30kx - ok
22:46:33.0210 0352 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:46:33.0210 0352 GEARAspiWDM - ok
22:46:33.0226 0352 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:46:33.0226 0352 gpsvc - ok
22:46:33.0272 0352 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:46:33.0272 0352 gupdate - ok
22:46:33.0272 0352 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:46:33.0288 0352 gupdatem - ok
22:46:33.0304 0352 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:46:33.0304 0352 gusvc - ok
22:46:33.0304 0352 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:46:33.0304 0352 hcw85cir - ok
22:46:33.0335 0352 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:46:33.0335 0352 HdAudAddService - ok
22:46:33.0350 0352 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:46:33.0366 0352 HDAudBus - ok
22:46:33.0366 0352 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:46:33.0366 0352 HidBatt - ok
22:46:33.0366 0352 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:46:33.0366 0352 HidBth - ok
22:46:33.0366 0352 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:46:33.0366 0352 HidIr - ok
22:46:33.0397 0352 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:46:33.0397 0352 hidserv - ok
22:46:33.0397 0352 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:46:33.0413 0352 HidUsb - ok
22:46:33.0428 0352 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:46:33.0428 0352 hkmsvc - ok
22:46:33.0444 0352 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:46:33.0460 0352 HomeGroupListener - ok
22:46:33.0460 0352 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:46:33.0475 0352 HomeGroupProvider - ok
22:46:33.0506 0352 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:46:33.0506 0352 HpSAMD - ok
22:46:33.0538 0352 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:46:33.0538 0352 HTTP - ok
22:46:33.0553 0352 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:46:33.0553 0352 hwpolicy - ok
22:46:33.0569 0352 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:46:33.0569 0352 i8042prt - ok
22:46:33.0584 0352 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:46:33.0600 0352 iaStorV - ok
22:46:33.0631 0352 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:46:33.0631 0352 idsvc - ok
22:46:33.0647 0352 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:46:33.0647 0352 iirsp - ok
22:46:33.0662 0352 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:46:33.0678 0352 IKEEXT - ok
22:46:33.0678 0352 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:46:33.0678 0352 intelide - ok
22:46:33.0709 0352 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:46:33.0709 0352 intelppm - ok
22:46:33.0725 0352 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:46:33.0725 0352 IPBusEnum - ok
22:46:33.0756 0352 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:46:33.0756 0352 IpFilterDriver - ok
22:46:33.0772 0352 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:46:33.0772 0352 IPMIDRV - ok
22:46:33.0787 0352 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:46:33.0787 0352 IPNAT - ok
22:46:33.0803 0352 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:46:33.0818 0352 iPod Service - ok
22:46:33.0834 0352 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:46:33.0834 0352 IRENUM - ok
22:46:33.0865 0352 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:46:33.0865 0352 isapnp - ok
22:46:33.0896 0352 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:46:33.0896 0352 iScsiPrt - ok
22:46:33.0896 0352 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:46:33.0896 0352 kbdclass - ok
22:46:33.0928 0352 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:46:33.0928 0352 kbdhid - ok
22:46:33.0928 0352 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:46:33.0928 0352 KeyIso - ok
22:46:33.0990 0352 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
22:46:33.0990 0352 KL1 - ok
22:46:34.0006 0352 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
22:46:34.0006 0352 kl2 - ok
22:46:34.0037 0352 [ 055790D38D7EC73AEF03E4AA7F67BA03 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
22:46:34.0037 0352 KLIF - ok
22:46:34.0068 0352 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:46:34.0068 0352 KSecDD - ok
22:46:34.0084 0352 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:46:34.0099 0352 KSecPkg - ok
22:46:34.0115 0352 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:46:34.0130 0352 ksthunk - ok
22:46:34.0162 0352 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:46:34.0177 0352 KtmRm - ok
22:46:34.0177 0352 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:46:34.0193 0352 LanmanServer - ok
22:46:34.0208 0352 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:46:34.0224 0352 LanmanWorkstation - ok
22:46:34.0240 0352 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:46:34.0240 0352 lltdio - ok
22:46:34.0255 0352 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:46:34.0255 0352 lltdsvc - ok
22:46:34.0271 0352 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:46:34.0286 0352 lmhosts - ok
22:46:34.0318 0352 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:46:34.0318 0352 LSI_FC - ok
22:46:34.0318 0352 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:46:34.0318 0352 LSI_SAS - ok
22:46:34.0333 0352 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:46:34.0333 0352 LSI_SAS2 - ok
22:46:34.0349 0352 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:46:34.0349 0352 LSI_SCSI - ok
22:46:34.0364 0352 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:46:34.0364 0352 luafv - ok
22:46:34.0396 0352 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:46:34.0396 0352 Mcx2Svc - ok
22:46:34.0411 0352 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:46:34.0411 0352 megasas - ok
22:46:34.0411 0352 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:46:34.0427 0352 MegaSR - ok
22:46:34.0442 0352 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:46:34.0442 0352 MMCSS - ok
22:46:34.0458 0352 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:46:34.0458 0352 Modem - ok
22:46:34.0458 0352 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:46:34.0458 0352 monitor - ok
22:46:34.0474 0352 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:46:34.0474 0352 mouclass - ok
22:46:34.0474 0352 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:46:34.0474 0352 mouhid - ok
22:46:34.0505 0352 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:46:34.0505 0352 mountmgr - ok
22:46:34.0520 0352 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:46:34.0520 0352 mpio - ok
22:46:34.0536 0352 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:46:34.0536 0352 mpsdrv - ok
22:46:34.0583 0352 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:46:34.0583 0352 MpsSvc - ok
22:46:34.0598 0352 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:46:34.0598 0352 MRxDAV - ok
22:46:34.0614 0352 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:46:34.0630 0352 mrxsmb - ok
22:46:34.0645 0352 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:46:34.0645 0352 mrxsmb10 - ok
22:46:34.0661 0352 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:46:34.0661 0352 mrxsmb20 - ok
22:46:34.0676 0352 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:46:34.0692 0352 msahci - ok
22:46:34.0708 0352 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:46:34.0708 0352 msdsm - ok
22:46:34.0723 0352 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:46:34.0739 0352 MSDTC - ok
22:46:34.0754 0352 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:46:34.0754 0352 Msfs - ok
22:46:34.0786 0352 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:46:34.0786 0352 mshidkmdf - ok
22:46:34.0786 0352 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:46:34.0786 0352 msisadrv - ok
22:46:34.0817 0352 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:46:34.0817 0352 MSiSCSI - ok
22:46:34.0832 0352 msiserver - ok
22:46:34.0848 0352 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:46:34.0848 0352 MSKSSRV - ok
22:46:34.0864 0352 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:46:34.0864 0352 MSPCLOCK - ok
22:46:34.0864 0352 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:46:34.0864 0352 MSPQM - ok
22:46:34.0879 0352 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:46:34.0879 0352 MsRPC - ok
22:46:34.0895 0352 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:46:34.0895 0352 mssmbios - ok
22:46:34.0910 0352 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:46:34.0910 0352 MSTEE - ok
22:46:34.0910 0352 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:46:34.0910 0352 MTConfig - ok
22:46:34.0926 0352 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:46:34.0926 0352 Mup - ok
22:46:34.0957 0352 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:46:34.0957 0352 napagent - ok
22:46:34.0973 0352 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:46:34.0973 0352 NativeWifiP - ok
22:46:35.0004 0352 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:46:35.0020 0352 NDIS - ok
22:46:35.0035 0352 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:46:35.0035 0352 NdisCap - ok
22:46:35.0035 0352 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:46:35.0035 0352 NdisTapi - ok
22:46:35.0051 0352 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:46:35.0051 0352 Ndisuio - ok
22:46:35.0082 0352 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:46:35.0082 0352 NdisWan - ok
22:46:35.0113 0352 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:46:35.0113 0352 NDProxy - ok
22:46:35.0129 0352 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:46:35.0129 0352 NetBIOS - ok
22:46:35.0144 0352 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:46:35.0144 0352 NetBT - ok
22:46:35.0160 0352 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:46:35.0160 0352 Netlogon - ok
22:46:35.0176 0352 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:46:35.0176 0352 Netman - ok
22:46:35.0191 0352 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:46:35.0207 0352 netprofm - ok
22:46:35.0238 0352 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:46:35.0238 0352 NetTcpPortSharing - ok
22:46:35.0238 0352 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:46:35.0238 0352 nfrd960 - ok
22:46:35.0269 0352 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:46:35.0269 0352 NlaSvc - ok
22:46:35.0285 0352 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:46:35.0285 0352 Npfs - ok
22:46:35.0332 0352 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:46:35.0332 0352 nsi - ok
22:46:35.0347 0352 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:46:35.0347 0352 nsiproxy - ok
22:46:35.0394 0352 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:46:35.0425 0352 Ntfs - ok
22:46:35.0441 0352 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:46:35.0441 0352 Null - ok
22:46:35.0456 0352 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:46:35.0472 0352 NVHDA - ok
22:46:35.0644 0352 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:46:35.0815 0352 nvlddmkm - ok
22:46:35.0831 0352 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:46:35.0831 0352 nvraid - ok
22:46:35.0846 0352 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:46:35.0846 0352 nvstor - ok
22:46:35.0878 0352 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
22:46:35.0893 0352 nvsvc - ok
22:46:35.0940 0352 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:46:35.0956 0352 nvUpdatusService - ok
22:46:35.0987 0352 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:46:35.0987 0352 nv_agp - ok
22:46:36.0018 0352 [ 226D2C0E1AA9040646D6B158FD344046 ] OA002Afx C:\Windows\system32\Drivers\OA002Afx.sys
22:46:36.0018 0352 OA002Afx - ok
22:46:36.0034 0352 [ 706F5504AF9F28C8641DAB5EDDFDE03B ] OA002Ufd C:\Windows\system32\DRIVERS\OA002Ufd.sys
22:46:36.0049 0352 OA002Ufd - ok
22:46:36.0049 0352 [ 2CE066ADCA145892715F1DF163D879DA ] OA002Vid C:\Windows\system32\DRIVERS\OA002Vid.sys
22:46:36.0049 0352 OA002Vid - ok
22:46:36.0065 0352 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:46:36.0065 0352 ohci1394 - ok
22:46:36.0096 0352 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:46:36.0096 0352 ose - ok
22:46:36.0236 0352 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:46:36.0299 0352 osppsvc - ok
22:46:36.0330 0352 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:46:36.0330 0352 p2pimsvc - ok
22:46:36.0377 0352 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:46:36.0377 0352 p2psvc - ok
22:46:36.0392 0352 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:46:36.0392 0352 Parport - ok
22:46:36.0424 0352 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:46:36.0424 0352 partmgr - ok
22:46:36.0439 0352 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:46:36.0439 0352 PcaSvc - ok
22:46:36.0455 0352 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:46:36.0455 0352 pci - ok
22:46:36.0470 0352 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:46:36.0470 0352 pciide - ok
22:46:36.0470 0352 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:46:36.0486 0352 pcmcia - ok
22:46:36.0486 0352 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:46:36.0486 0352 pcw - ok
22:46:36.0502 0352 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:46:36.0502 0352 PEAUTH - ok
22:46:36.0564 0352 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:46:36.0595 0352 PerfHost - ok
22:46:36.0673 0352 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:46:36.0689 0352 pla - ok
22:46:36.0720 0352 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:46:36.0720 0352 PlugPlay - ok
22:46:36.0736 0352 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:46:36.0736 0352 PNRPAutoReg - ok
22:46:36.0736 0352 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:46:36.0736 0352 PNRPsvc - ok
22:46:36.0767 0352 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:46:36.0767 0352 PolicyAgent - ok
22:46:36.0782 0352 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:46:36.0782 0352 Power - ok
22:46:36.0814 0352 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:46:36.0814 0352 PptpMiniport - ok
22:46:36.0829 0352 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:46:36.0829 0352 Processor - ok
22:46:36.0860 0352 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:46:36.0860 0352 ProfSvc - ok
22:46:36.0876 0352 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:46:36.0876 0352 ProtectedStorage - ok
22:46:36.0907 0352 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:46:36.0907 0352 Psched - ok
22:46:36.0938 0352 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
22:46:36.0938 0352 PSI - ok
22:46:36.0938 0352 pxkbf - ok
22:46:36.0970 0352 [ 34D83613EA60EFD5A13D0D6CF3062C12 ] pxrts C:\Windows\system32\drivers\pxrts.sys
22:46:36.0970 0352 pxrts - ok
22:46:37.0001 0352 [ B03DF5B0FF190A88D04A8469AA13A69C ] pxscan C:\Windows\system32\drivers\pxscan.sys
22:46:37.0001 0352 pxscan - ok
22:46:37.0032 0352 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:46:37.0063 0352 ql2300 - ok
22:46:37.0063 0352 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:46:37.0063 0352 ql40xx - ok
22:46:37.0094 0352 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:46:37.0094 0352 QWAVE - ok
22:46:37.0110 0352 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:46:37.0110 0352 QWAVEdrv - ok
22:46:37.0110 0352 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:46:37.0110 0352 RasAcd - ok
22:46:37.0126 0352 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:46:37.0126 0352 RasAgileVpn - ok
22:46:37.0126 0352 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:46:37.0126 0352 RasAuto - ok
22:46:37.0157 0352 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:46:37.0172 0352 Rasl2tp - ok
22:46:37.0172 0352 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:46:37.0188 0352 RasMan - ok
22:46:37.0188 0352 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:46:37.0188 0352 RasPppoe - ok
22:46:37.0204 0352 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:46:37.0204 0352 RasSstp - ok
22:46:37.0219 0352 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:46:37.0219 0352 rdbss - ok
22:46:37.0235 0352 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:46:37.0235 0352 rdpbus - ok
22:46:37.0235 0352 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:46:37.0235 0352 RDPCDD - ok
22:46:37.0250 0352 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:46:37.0250 0352 RDPENCDD - ok
22:46:37.0266 0352 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:46:37.0266 0352 RDPREFMP - ok
22:46:37.0282 0352 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:46:37.0282 0352 RDPWD - ok
22:46:37.0313 0352 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:46:37.0313 0352 rdyboost - ok
22:46:37.0328 0352 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:46:37.0328 0352 RemoteAccess - ok
22:46:37.0344 0352 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:46:37.0344 0352 RemoteRegistry - ok
22:46:37.0360 0352 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:46:37.0360 0352 RpcEptMapper - ok
22:46:37.0391 0352 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:46:37.0391 0352 RpcLocator - ok
22:46:37.0406 0352 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:46:37.0406 0352 RpcSs - ok
22:46:37.0422 0352 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:46:37.0422 0352 rspndr - ok
22:46:37.0438 0352 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:46:37.0438 0352 SamSs - ok
22:46:37.0453 0352 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:46:37.0453 0352 sbp2port - ok
22:46:37.0469 0352 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:46:37.0469 0352 SCardSvr - ok
22:46:37.0484 0352 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:46:37.0484 0352 scfilter - ok
22:46:37.0531 0352 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:46:37.0547 0352 Schedule - ok
22:46:37.0562 0352 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:46:37.0562 0352 SCPolicySvc - ok
22:46:37.0578 0352 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:46:37.0578 0352 SDRSVC - ok
22:46:37.0594 0352 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:46:37.0594 0352 secdrv - ok
22:46:37.0625 0352 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:46:37.0625 0352 seclogon - ok
22:46:37.0703 0352 [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
22:46:37.0734 0352 Secunia PSI Agent - ok
22:46:37.0734 0352 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:46:37.0750 0352 SENS - ok
22:46:37.0765 0352 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:46:37.0765 0352 SensrSvc - ok
22:46:37.0781 0352 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:46:37.0781 0352 Serenum - ok
22:46:37.0781 0352 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:46:37.0796 0352 Serial - ok
22:46:37.0796 0352 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:46:37.0796 0352 sermouse - ok
22:46:37.0812 0352 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:46:37.0812 0352 SessionEnv - ok
22:46:37.0843 0352 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:46:37.0843 0352 sffdisk - ok
22:46:37.0843 0352 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:46:37.0843 0352 sffp_mmc - ok
22:46:37.0859 0352 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:46:37.0859 0352 sffp_sd - ok
22:46:37.0859 0352 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:46:37.0859 0352 sfloppy - ok
22:46:37.0874 0352 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:46:37.0874 0352 ShellHWDetection - ok
22:46:37.0890 0352 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:46:37.0890 0352 SiSRaid2 - ok
22:46:37.0890 0352 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:46:37.0906 0352 SiSRaid4 - ok
22:46:37.0906 0352 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:46:37.0906 0352 Smb - ok
22:46:37.0937 0352 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:46:37.0937 0352 SNMPTRAP - ok
22:46:37.0952 0352 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:46:37.0952 0352 spldr - ok
22:46:37.0968 0352 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:46:37.0984 0352 Spooler - ok
22:46:38.0030 0352 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:46:38.0077 0352 sppsvc - ok
22:46:38.0093 0352 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:46:38.0093 0352 sppuinotify - ok
22:46:38.0124 0352 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:46:38.0124 0352 srv - ok
22:46:38.0155 0352 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:46:38.0155 0352 srv2 - ok
22:46:38.0171 0352 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:46:38.0171 0352 srvnet - ok
22:46:38.0171 0352 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:46:38.0171 0352 SSDPSRV - ok
22:46:38.0186 0352 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:46:38.0186 0352 SstpSvc - ok
22:46:38.0218 0352 Steam Client Service - ok
22:46:38.0249 0352 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:46:38.0249 0352 Stereo Service - ok
22:46:38.0264 0352 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:46:38.0280 0352 stexstor - ok
22:46:38.0311 0352 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:46:38.0311 0352 stisvc - ok
22:46:38.0327 0352 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:46:38.0327 0352 swenum - ok
22:46:38.0374 0352 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:46:38.0374 0352 swprv - ok
22:46:38.0436 0352 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:46:38.0452 0352 SysMain - ok
22:46:38.0467 0352 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:46:38.0467 0352 TabletInputService - ok
22:46:38.0483 0352 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:46:38.0483 0352 TapiSrv - ok
22:46:38.0498 0352 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:46:38.0498 0352 TBS - ok
22:46:38.0561 0352 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:46:38.0576 0352 Tcpip - ok
22:46:38.0608 0352 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:46:38.0623 0352 TCPIP6 - ok
22:46:38.0654 0352 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:46:38.0654 0352 tcpipreg - ok
22:46:38.0654 0352 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:46:38.0654 0352 TDPIPE - ok
22:46:38.0670 0352 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:46:38.0670 0352 TDTCP - ok
22:46:38.0686 0352 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:46:38.0686 0352 tdx - ok
22:46:38.0701 0352 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:46:38.0701 0352 TermDD - ok
22:46:38.0717 0352 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:46:38.0732 0352 TermService - ok
22:46:38.0732 0352 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:46:38.0732 0352 Themes - ok
22:46:38.0748 0352 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:46:38.0748 0352 THREADORDER - ok
22:46:38.0764 0352 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:46:38.0764 0352 TrkWks - ok
22:46:38.0795 0352 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:46:38.0810 0352 TrustedInstaller - ok
22:46:38.0842 0352 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:46:38.0842 0352 tssecsrv - ok
22:46:38.0857 0352 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:46:38.0857 0352 TsUsbFlt - ok
22:46:38.0873 0352 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:46:38.0888 0352 tunnel - ok
22:46:38.0888 0352 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:46:38.0888 0352 uagp35 - ok
22:46:38.0904 0352 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:46:38.0904 0352 udfs - ok
22:46:38.0920 0352 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:46:38.0920 0352 UI0Detect - ok
22:46:38.0935 0352 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:46:38.0935 0352 uliagpkx - ok
22:46:38.0966 0352 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:46:38.0966 0352 umbus - ok
22:46:38.0982 0352 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:46:38.0982 0352 UmPass - ok
22:46:38.0982 0352 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:46:38.0998 0352 upnphost - ok
22:46:39.0013 0352 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:46:39.0029 0352 USBAAPL64 - ok
22:46:39.0044 0352 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:46:39.0044 0352 usbaudio - ok
22:46:39.0044 0352 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:46:39.0044 0352 usbccgp - ok
22:46:39.0076 0352 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:46:39.0076 0352 usbcir - ok
22:46:39.0091 0352 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:46:39.0091 0352 usbehci - ok
22:46:39.0122 0352 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:46:39.0122 0352 usbhub - ok
22:46:39.0138 0352 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:46:39.0138 0352 usbohci - ok
22:46:39.0169 0352 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:46:39.0169 0352 usbprint - ok
22:46:39.0185 0352 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:46:39.0185 0352 usbscan - ok
22:46:39.0200 0352 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:46:39.0200 0352 USBSTOR - ok
22:46:39.0216 0352 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:46:39.0216 0352 usbuhci - ok
22:46:39.0232 0352 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:46:39.0232 0352 UxSms - ok
22:46:39.0232 0352 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:46:39.0232 0352 VaultSvc - ok
22:46:39.0263 0352 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:46:39.0263 0352 vdrvroot - ok
22:46:39.0310 0352 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:46:39.0310 0352 vds - ok
22:46:39.0325 0352 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:46:39.0325 0352 vga - ok
22:46:39.0341 0352 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:46:39.0341 0352 VgaSave - ok
22:46:39.0356 0352 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:46:39.0356 0352 vhdmp - ok
22:46:39.0356 0352 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:46:39.0372 0352 viaide - ok
22:46:39.0388 0352 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:46:39.0388 0352 volmgr - ok
22:46:39.0403 0352 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:46:39.0419 0352 volmgrx - ok
22:46:39.0434 0352 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:46:39.0434 0352 volsnap - ok
22:46:39.0450 0352 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:46:39.0450 0352 vsmraid - ok
22:46:39.0481 0352 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:46:39.0512 0352 VSS - ok
22:46:39.0512 0352 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:46:39.0512 0352 vwifibus - ok
22:46:39.0528 0352 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:46:39.0544 0352 W32Time - ok
22:46:39.0544 0352 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:46:39.0544 0352 WacomPen - ok
22:46:39.0559 0352 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:46:39.0559 0352 WANARP - ok
22:46:39.0575 0352 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:46:39.0575 0352 Wanarpv6 - ok
22:46:39.0606 0352 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:46:39.0637 0352 WatAdminSvc - ok
22:46:39.0668 0352 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:46:39.0700 0352 wbengine - ok
22:46:39.0700 0352 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:46:39.0700 0352 WbioSrvc - ok
22:46:39.0715 0352 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:46:39.0715 0352 wcncsvc - ok
22:46:39.0731 0352 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:46:39.0731 0352 WcsPlugInService - ok
22:46:39.0731 0352 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:46:39.0731 0352 Wd - ok
22:46:39.0762 0352 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:46:39.0778 0352 Wdf01000 - ok
22:46:39.0793 0352 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:46:39.0793 0352 WdiServiceHost - ok
22:46:39.0793 0352 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:46:39.0793 0352 WdiSystemHost - ok
22:46:39.0809 0352 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:46:39.0809 0352 WebClient - ok
22:46:39.0824 0352 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:46:39.0824 0352 Wecsvc - ok
22:46:39.0840 0352 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:46:39.0840 0352 wercplsupport - ok
22:46:39.0856 0352 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:46:39.0856 0352 WerSvc - ok
22:46:39.0856 0352 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:46:39.0856 0352 WfpLwf - ok
22:46:39.0887 0352 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:46:39.0887 0352 WIMMount - ok
22:46:39.0887 0352 WinHttpAutoProxySvc - ok
22:46:39.0934 0352 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:46:39.0949 0352 Winmgmt - ok
22:46:39.0996 0352 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:46:40.0027 0352 WinRM - ok
22:46:40.0058 0352 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:46:40.0058 0352 WinUsb - ok
22:46:40.0090 0352 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:46:40.0090 0352 Wlansvc - ok
22:46:40.0105 0352 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:46:40.0105 0352 WmiAcpi - ok
22:46:40.0121 0352 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:46:40.0121 0352 wmiApSrv - ok
22:46:40.0152 0352 WMPNetworkSvc - ok
22:46:40.0152 0352 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:46:40.0168 0352 WPCSvc - ok
22:46:40.0168 0352 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:46:40.0168 0352 WPDBusEnum - ok
22:46:40.0199 0352 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:46:40.0199 0352 ws2ifsl - ok
22:46:40.0199 0352 WSearch - ok
22:46:40.0261 0352 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:46:40.0292 0352 wuauserv - ok
22:46:40.0308 0352 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:46:40.0324 0352 WudfPf - ok
22:46:40.0339 0352 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:46:40.0339 0352 WUDFRd - ok
22:46:40.0370 0352 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:46:40.0370 0352 wudfsvc - ok
22:46:40.0370 0352 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:46:40.0417 0352 WwanSvc - ok
22:46:40.0433 0352 ================ Scan global ===============================
22:46:40.0480 0352 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:46:40.0511 0352 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
22:46:40.0526 0352 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
22:46:40.0526 0352 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:46:40.0542 0352 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:46:40.0542 0352 [Global] - ok
22:46:40.0542 0352 ================ Scan MBR ==================================
22:46:40.0558 0352 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:46:40.0714 0352 \Device\Harddisk0\DR0 - ok
22:46:41.0010 0352 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
22:46:41.0072 0352 \Device\Harddisk1\DR1 - ok
22:46:41.0072 0352 ================ Scan VBR ==================================
22:46:41.0072 0352 [ A126C588A9D5278AD4662A9609673BFE ] \Device\Harddisk0\DR0\Partition1
22:46:41.0072 0352 \Device\Harddisk0\DR0\Partition1 - ok
22:46:41.0088 0352 [ 08B257DF44DA25B4ADC0F4DC3A12D556 ] \Device\Harddisk1\DR1\Partition1
22:46:41.0088 0352 \Device\Harddisk1\DR1\Partition1 - ok
22:46:41.0104 0352 ============================================================
22:46:41.0104 0352 Scan finished
22:46:41.0104 0352 ============================================================
22:46:41.0104 1940 Detected object count: 0
22:46:41.0104 1940 Actual detected object count: 0

#4 patty64cakes

patty64cakes
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 20 December 2012 - 10:59 PM

RogueKiller V8.4.0 _x64_ [Dec 20 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Patty [Admin rights]
Mode : Scan -- Date : 12/20/2012 22:54:40

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] larry.com -- C:\Users\Patty\Desktop\larry.com -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SS Engine Update ("C:\ProgramData\iolo\IRestartStub.exe" /useini /v="SS Engine Update" /sse) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2183695264-2002157750-1304118457-1003[...]\RunOnce : SS Engine Update ("C:\ProgramData\iolo\IRestartStub.exe" /useini /v="SS Engine Update" /sse) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$af84dd2dfecd34dcfeacab1d09d800a4\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$af84dd2dfecd34dcfeacab1d09d800a4\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$af84dd2dfecd34dcfeacab1d09d800a4\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2183695264-2002157750-1304118457-1001\$af84dd2dfecd34dcfeacab1d09d800a4\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2183695264-2002157750-1304118457-1003\$af84dd2dfecd34dcfeacab1d09d800a4\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$af84dd2dfecd34dcfeacab1d09d800a4\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2183695264-2002157750-1304118457-1001\$af84dd2dfecd34dcfeacab1d09d800a4\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2183695264-2002157750-1304118457-1003\$af84dd2dfecd34dcfeacab1d09d800a4\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$af84dd2dfecd34dcfeacab1d09d800a4\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2183695264-2002157750-1304118457-1001\$af84dd2dfecd34dcfeacab1d09d800a4\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2183695264-2002157750-1304118457-1003\$af84dd2dfecd34dcfeacab1d09d800a4\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31500341AS ATA Device +++++
--- User ---
[MBR] a643444d22880dd759d26916b44872b3
[BSP] 49b95d5774ca1d14837ad05fc6df17ad : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Seagate Portable USB Device +++++
--- User ---
[MBR] 1c27f6333c67fd208ac0bf393978f59e
[BSP] 96c899abf1a939a395667dea4f9a60bb : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_12202012_02d2254.txt >>
RKreport[1]_S_12202012_02d2254.txt

#5 patty64cakes

patty64cakes
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 20 December 2012 - 11:17 PM

I would like to take this time to say thank you for your help! I will check tomorrow for additional posts on what to do next.

Edited by patty64cakes, 20 December 2012 - 11:18 PM.


#6 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 21 December 2012 - 06:18 PM

Glad to be of assistance.

Run RogueKiller again.

•Please quit all programs
•Run RogueKiller
•Wait until the Prescan finishes
•Press: Scan


•On the RogueKiller console, click the Registry tab.
•Uncheck these entries (sorta legit, though we'll deal with Iolo later):
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SS Engine Update ("C:\ProgramData\iolo\IRestartStub.exe" /useini /v="SS Engine Update" /sse) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2183695264-2002157750-1304118457-1003[...]\RunOnce : SS Engine Update ("C:\ProgramData\iolo\IRestartStub.exe" /useini /v="SS Engine Update" /sse) -> FOUND
•Make sure all other entries there are checked.
•Then, press the [Delete] button.

Please post the RKreport (Mode: Delete) created on the Desktop.

---------

Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.


A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Ad eundum quo no duck ante iit

#7 patty64cakes

patty64cakes
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 21 December 2012 - 08:03 PM

RogueKiller V8.4.0 _x64_ [Dec 20 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Patty [Admin rights]
Mode : Remove -- Date : 12/21/2012 20:00:18

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SS Engine Update ("C:\ProgramData\iolo\IRestartStub.exe" /useini /v="SS Engine Update" /sse) -> NOT SELECTED
[RUN][SUSP PATH] HKUS\S-1-5-21-2183695264-2002157750-1304118457-1003[...]\RunOnce : SS Engine Update ("C:\ProgramData\iolo\IRestartStub.exe" /useini /v="SS Engine Update" /sse) -> NOT SELECTED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$af84dd2dfecd34dcfeacab1d09d800a4\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$af84dd2dfecd34dcfeacab1d09d800a4\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2183695264-2002157750-1304118457-1001\$af84dd2dfecd34dcfeacab1d09d800a4\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2183695264-2002157750-1304118457-1003\$af84dd2dfecd34dcfeacab1d09d800a4\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$af84dd2dfecd34dcfeacab1d09d800a4\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2183695264-2002157750-1304118457-1001\$af84dd2dfecd34dcfeacab1d09d800a4\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2183695264-2002157750-1304118457-1003\$af84dd2dfecd34dcfeacab1d09d800a4\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$af84dd2dfecd34dcfeacab1d09d800a4\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2183695264-2002157750-1304118457-1001\$af84dd2dfecd34dcfeacab1d09d800a4\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2183695264-2002157750-1304118457-1003\$af84dd2dfecd34dcfeacab1d09d800a4\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31500341AS ATA Device +++++
--- User ---
[MBR] a643444d22880dd759d26916b44872b3
[BSP] 49b95d5774ca1d14837ad05fc6df17ad : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Seagate Portable USB Device +++++
--- User ---
[MBR] 1c27f6333c67fd208ac0bf393978f59e
[BSP] 96c899abf1a939a395667dea4f9a60bb : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3]_D_12212012_02d2000.txt >>
RKreport[1]_S_12202012_02d2254.txt ; RKreport[2]_S_12212012_02d1953.txt ; RKreport[3]_D_12212012_02d2000.txt

#8 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 21 December 2012 - 08:16 PM

Okay, let's see what ComboFix has to say now.
Ad eundum quo no duck ante iit

#9 patty64cakes

patty64cakes
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 21 December 2012 - 08:31 PM

ComboFix 12-12-20.02 - Patty 12/21/2012 20:23:01.1.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.7254 [GMT -5:00]
Running from: c:\users\Patty\Desktop\ComboFix.exe
AV: System Shield *Enabled/Updated* {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
SP: System Shield *Enabled/Updated* {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\267E.pad
c:\programdata\8E06.pad
c:\programdata\C13EBD80sm.pad
c:\users\Ian\9975a9b-5762.exe
c:\windows\isRS-000.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-22 to 2012-12-22 )))))))))))))))))))))))))))))))
.
.
2012-12-22 01:27 . 2012-12-22 01:27 -------- d-----w- c:\users\User\AppData\Local\temp
2012-12-21 03:21 . 2012-12-21 03:21 -------- d-----w- C:\CAT-Logs
2012-12-20 05:12 . 2012-01-09 23:59 11864 ----a-w- c:\windows\system32\drivers\kl2.sys
2012-12-20 05:11 . 2012-01-09 23:59 460888 ----a-w- c:\windows\system32\drivers\kl1.sys
2012-12-20 05:11 . 2012-01-09 23:59 485680 ----a-w- c:\windows\system32\drivers\klif.sys
2012-12-20 00:13 . 2012-12-20 00:13 125 ----a-w- C:\user.js
2012-12-20 00:13 . 2012-12-20 00:13 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
2012-12-18 10:48 . 2012-12-18 10:48 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-18 10:47 . 2012-12-18 10:47 -------- d-----w- c:\program files (x86)\Java
2012-12-18 10:41 . 2012-12-18 10:41 -------- d-----w- c:\users\Patty\AppData\Local\Secunia PSI
2012-12-18 10:41 . 2012-12-18 10:41 -------- d-----w- c:\program files (x86)\Secunia
2012-12-17 22:30 . 2012-12-17 22:30 -------- d-----w- c:\users\Ian\AppData\Roaming\CheckPoint
2012-12-17 10:59 . 2012-12-17 10:59 -------- d-----w- c:\users\User\AppData\Roaming\CheckPoint
2012-12-17 10:49 . 2012-08-02 15:21 30752 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2012-12-17 03:17 . 2012-12-17 03:17 36384 ----a-w- c:\windows\system32\drivers\pxscan.sys
2012-12-17 03:17 . 2012-12-17 03:17 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-12-17 02:53 . 2012-12-17 02:53 -------- d-----w- c:\users\Patty\AppData\Roaming\CheckPoint
2012-12-17 02:50 . 2012-12-17 02:50 -------- d-----w- c:\programdata\CheckPoint
2012-12-16 08:02 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-16 08:02 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-16 08:02 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-16 08:02 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-16 08:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-16 08:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-16 08:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-16 08:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-16 08:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-16 08:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-16 08:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-15 16:47 . 2012-12-17 10:47 -------- d-----w- c:\users\Patty\AppData\Local\ElevatedDiagnostics
2012-12-15 05:16 . 2012-12-15 05:16 -------- d-----w- c:\programdata\W3i
2012-12-15 04:58 . 2012-12-15 04:58 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-12-15 01:41 . 2012-12-17 02:42 -------- d-----w- c:\users\Patty\AppData\Roaming\Xawuyv
2012-12-15 01:41 . 2012-12-15 18:33 -------- d-----w- c:\users\Patty\AppData\Roaming\Myema
2012-12-15 01:41 . 2012-12-15 01:41 -------- d-----w- c:\users\Patty\AppData\Roaming\Imze
2012-12-13 06:48 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 06:48 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 06:48 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 06:48 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 06:46 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 06:46 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 06:46 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-04 08:15 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B55D69E7-11D9-418C-8A44-E3CDC6612036}\mpengine.dll
2012-12-03 01:01 . 2012-12-03 01:01 -------- d-----w- c:\users\Ian\AppData\Local\Apple
2012-12-02 22:07 . 2012-12-02 22:07 -------- d-----w- c:\program files\Prevx
2012-12-02 22:07 . 2012-12-15 00:00 -------- d-----w- c:\programdata\PrevxCSI
2012-12-01 20:53 . 2012-12-01 20:53 -------- d-----w- c:\users\Cody\AppData\Local\Apple
2012-11-30 22:07 . 2012-11-30 22:07 -------- d-----w- c:\users\Cody\AppData\Local\H&S
2012-11-25 19:54 . 2012-11-25 19:54 -------- d-----w- c:\users\Patty\AppData\Roaming\Malwarebytes
2012-11-25 19:54 . 2012-11-25 19:54 -------- d-----w- c:\programdata\Malwarebytes
2012-11-25 19:47 . 2012-11-25 19:47 -------- d-----w- c:\users\Patty\AppData\Local\Google
2012-11-25 19:46 . 2012-11-25 23:38 -------- d-----w- c:\programdata\Tarma Installer
2012-11-25 19:46 . 2012-12-15 18:53 -------- d-----w- c:\programdata\Yahoo!
2012-11-25 19:46 . 2012-12-15 18:53 -------- d-----w- c:\program files (x86)\Yahoo!
2012-11-25 15:36 . 2012-11-25 15:38 -------- d-----w- c:\programdata\2AAFCB37743EA2E000002AAFA08BA6B3
2012-11-24 02:38 . 2012-11-24 02:38 -------- d-----w- c:\users\Ian\AppData\Local\Diagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-18 10:48 . 2012-09-29 04:47 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-18 10:48 . 2012-09-29 04:47 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-11 23:28 . 2012-09-29 00:02 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 23:28 . 2012-09-29 00:02 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 23:28 . 2012-10-09 11:28 15728568 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-11-28 20:58 . 2012-10-08 11:12 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-21 19:58 . 2012-10-21 20:14 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-10-16 08:38 . 2012-12-15 18:49 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-15 18:49 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-15 18:49 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-08 11:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-10-08 11:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-10-04 16:40 . 2012-12-13 06:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-02 22:21 . 2012-10-27 15:02 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-02 22:21 . 2012-10-27 15:02 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-02 22:21 . 2012-10-27 14:59 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-02 22:21 . 2012-10-27 14:59 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-02 22:21 . 2012-10-27 14:59 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-02 22:21 . 2012-10-27 14:59 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-02 22:21 . 2012-10-27 14:59 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-02 22:21 . 2012-10-27 14:59 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-02 22:21 . 2012-10-27 14:59 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-02 22:21 . 2012-10-27 14:59 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-02 22:21 . 2012-10-27 14:59 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-02 22:21 . 2012-10-27 14:59 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-02 22:21 . 2012-10-27 14:59 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-02 22:21 . 2012-10-27 14:59 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-02 22:21 . 2012-10-27 14:59 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-02 22:21 . 2012-10-27 14:59 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-02 22:21 . 2012-10-27 14:59 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 22:21 . 2012-10-27 14:59 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-02 22:21 . 2012-10-27 14:59 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-02 22:21 . 2009-09-23 07:30 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-02 22:21 . 2009-09-23 07:30 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-02 22:21 . 2009-09-23 07:30 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-02 22:21 . 2009-09-23 07:30 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-02 19:51 . 2010-07-09 20:27 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2010-07-09 20:27 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2010-07-09 20:27 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2010-07-09 20:27 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2009-05-17 04:43 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 17:15 . 2012-10-02 17:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-28 22:47 . 2012-09-28 22:47 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-28 22:47 . 2012-09-28 22:47 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-28 22:47 . 2012-09-28 22:47 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-28 22:47 . 2012-09-28 22:47 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-28 22:47 . 2012-09-28 22:47 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-28 22:47 . 2012-09-28 22:47 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-28 22:47 . 2012-09-28 22:47 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-28 22:47 . 2012-09-28 22:47 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-28 22:47 . 2012-09-28 22:47 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-28 22:47 . 2012-09-28 22:47 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-28 22:47 . 2012-09-28 22:47 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-28 22:47 . 2012-09-28 22:47 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-28 22:47 . 2012-09-28 22:47 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-28 22:47 . 2012-09-28 22:47 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-28 22:47 . 2012-09-28 22:47 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-28 22:47 . 2012-09-28 22:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-28 22:47 . 2012-09-28 22:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-28 22:47 . 2012-09-28 22:47 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-28 22:47 . 2012-09-28 22:47 448512 ----a-w- c:\windows\system32\html.iec
2012-09-28 22:47 . 2012-09-28 22:47 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-28 22:47 . 2012-09-28 22:47 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-28 22:47 . 2012-09-28 22:47 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-28 22:47 . 2012-09-28 22:47 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-28 22:47 . 2012-09-28 22:47 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-28 22:47 . 2012-09-28 22:47 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-28 22:47 . 2012-09-28 22:47 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-28 22:47 . 2012-09-28 22:47 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-28 22:47 . 2012-09-28 22:47 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-28 22:47 . 2012-09-28 22:47 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-28 22:47 . 2012-09-28 22:47 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-28 22:47 . 2012-09-28 22:47 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-28 22:47 . 2012-09-28 22:47 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-28 22:47 . 2012-09-28 22:47 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-28 22:47 . 2012-09-28 22:47 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-28 22:47 . 2012-09-28 22:47 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-28 22:47 . 2012-09-28 22:47 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-28 22:47 . 2012-09-28 22:47 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-28 22:47 . 2012-09-28 22:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-28 22:47 . 2012-09-28 22:47 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-28 22:47 . 2012-09-28 22:47 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-28 22:47 . 2012-09-28 22:47 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-28 22:47 . 2012-09-28 22:47 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-28 22:47 . 2012-09-28 22:47 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-28 22:47 . 2012-09-28 22:47 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-28 22:47 . 2012-09-28 22:47 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-28 22:47 . 2012-09-28 22:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-28 22:47 . 2012-09-28 22:47 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-28 22:47 . 2012-09-28 22:47 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-28 22:47 . 2012-09-28 22:47 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-25 22:47 . 2012-11-15 00:51 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 00:51 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-03 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Karen's Replicator.lnk - c:\program files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe [2010-2-7 1189360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Patty\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-12-18 23208]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-08-02 30752]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2012-12-17 65736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2012-12-02 6724632]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-11-26 1225312]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-07 219544]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 168864]
R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-07-31 306560]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-29 1255736]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2012-12-17 36384]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2012-01-09 11864]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-29 23:28]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 00:12]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 00:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE "%1"
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-ZoneAlarm Installer - c:\program files (x86)\CheckPoint\Install\Launcher.exe
Wow6432Node-HKLM-RunOnce-iolo WebUpdate Reboot - (no file)
Wow6432Node-HKLM-RunOnce-iolo SR Reboot - (no file)
Wow6432Node-HKLM-RunOnce-iolo DriveScrubber Reboot - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-21 20:29:00
ComboFix-quarantined-files.txt 2012-12-22 01:29
.
Pre-Run: 1,209,502,253,056 bytes free
Post-Run: 1,209,746,378,752 bytes free
.
- - End Of File - - B3487D590D7BA58B31D3CD6D430DF48A

#10 patty64cakes

patty64cakes
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 21 December 2012 - 08:33 PM

my portable drive was not connected, that's not a problem is it?

#11 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 21 December 2012 - 08:51 PM

No. Now let's check installs, before we go further. I suspect we have been playing against too much security software there up until now.

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
Ad eundum quo no duck ante iit

#12 patty64cakes

patty64cakes
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 21 December 2012 - 09:05 PM

Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Software Update
Coupon Printer for Windows
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Empire: Total War
Google Chrome
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Java 7 Update 9
Karen's Replicator
Microsoft .NET Framework 1.1
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Secunia PSI (3.0.0.6001)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Steam
Stronghold 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
ZoneAlarm Antivirus
ZoneAlarm Security Toolbar

#13 patty64cakes

patty64cakes
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 23 December 2012 - 11:34 AM

Ok, what's next?

#14 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 23 December 2012 - 04:38 PM

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\
  00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
Open Notepad (Start Search, type Notepad then click the notepad file that shows in the display), and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.

-------

Go here and download and run the Prevx Removal Tool, being sure to reboot after.

-------

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.



Also post back on any problems we still need to resolve please.
Ad eundum quo no duck ante iit

#15 patty64cakes

patty64cakes
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 24 December 2012 - 07:58 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.24.10

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Patty :: USER-PC [administrator]

12/24/2012 7:53:26 PM
mbam-log-2012-12-24 (19-53-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 293063
Time elapsed: 2 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users