Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Massive Rootkit infection .....


  • Please log in to reply
19 replies to this topic

#1 Gmer99

Gmer99

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe
  • Local time:01:59 AM

Posted 27 April 2013 - 03:17 PM

:warrior: Good evening i am newbie here ..... and i created an account for this persistent issue of those rootkits or malware i keep find from time to time in my pc despite of my antivirus and Comodo firewall ..... last time i found this malware pack was in February 2013........ tonight i downloaded a fresh Combofix and runned a scan in Safe mode on my W 7 and i was sadly surprised to found this malware pack again in my pc along with other rogue and spyware ...... i saved the scan log and i will post it to understand where this malware pack comes from .....  :bounce: Thanks ..... i need to stay calm and think positive :)Attached File  combofix log.txt   19.53KB   3 downloads



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:59 PM

Posted 27 April 2013 - 03:22 PM


Hello Gmer99

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Gmer99

Gmer99
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe
  • Local time:01:59 AM

Posted 27 April 2013 - 03:28 PM

I went to Gmer site and i am running a scan of my pc if i found malware i will post the log here thanks Gringo for you fast reply  :clapping:



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:59 PM

Posted 27 April 2013 - 04:21 PM

I would like to see the three reports that I asked for



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Gmer99

Gmer99
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe
  • Local time:01:59 AM

Posted 28 April 2013 - 05:13 AM

Ok Gringo  did what you told me in the previous mail .... i will copy&paste the 3 logs u asked for  :smash: .....

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Home [Admin rights]
Mode : Scan -- Date : 04/25/2013 23:30:53
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{F4655560-AF02-4578-82A9-5C6AF847541C} : NameServer (8.26.56.26 156.154.70.22) -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[66] : NtCreateFile @ 0x82C98470 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F29E9D8)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x82C4A9C6 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F29EDB6)
SSDT[87] : NtCreateThread @ 0x82D24FE2 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F29F0FE)
SSDT[103] : NtDeleteKey @ 0x82C34A4A -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F29F472)
SSDT[106] : NtDeleteValueKey @ 0x82C26453 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F29F540)
SSDT[107] : NtDeviceIoControlFile @ 0x82CBC73A -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F29F68C)
SSDT[155] : NtLoadDriver @ 0x82C0EC32 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A1062)
SSDT[168] : NtMapViewOfSection @ 0x82C8F5F1 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A1480)
SSDT[179] : NtOpenFile @ 0x82C7AD81 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A1798)
SSDT[190] : NtOpenProcess @ 0x82C5AB93 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A1974)
SSDT[198] : NtOpenThread @ 0x82CA70EE -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A203E)
SSDT[215] : NtProtectVirtualMemory @ 0x82C8B651 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A20D2)
SSDT[269] : NtQueueApcThread @ 0x82C44E42 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A20E4)
SSDT[312] : NtSecureConnectPort @ 0x82CA7123 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A23E6)
SSDT[316] : NtSetContextThread @ 0x82D26851 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A2452)
SSDT[350] : NtSetSystemInformation @ 0x82C9737A -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A278A)
SSDT[358] : NtSetValueKey @ 0x82C535F8 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A27F4)
SSDT[370] : NtTerminateProcess @ 0x82CA3D86 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A2BC6)
SSDT[399] : NtWriteVirtualMemory @ 0x82CA8A83 -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A4CBA)
S_SSDT[7] : NtGdiAlphaBlend -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F29F9B6)
S_SSDT[14] : NtGdiBitBlt -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F29FCCE)
S_SSDT[125] : NtGdiDeleteObjectApp -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F29FFE0)
S_SSDT[200] : NtGdiGetPixel -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F29FFFA)
S_SSDT[237] : NtGdiMaskBlt -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A0320)
S_SSDT[243] : NtGdiOpenDCW -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A0638)
S_SSDT[247] : NtGdiPlgBlt -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A0712)
S_SSDT[302] : NtGdiStretchBlt -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A0A34)
S_SSDT[308] : NtGdiTransparentBlt -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A0D4E)
S_SSDT[318] : NtUserAttachThreadInput -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A2C36)
S_SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A2FA8)
S_SSDT[406] : NtUserGetClassInfoEx -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A32C4)
S_SSDT[436] : NtUserGetKeyState -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A3740)
S_SSDT[490] : NtUserMessageCall -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A3A54)
S_SSDT[508] : NtUserPostMessage -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A3D68)
S_SSDT[509] : NtUserPostThreadMessage -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A3DDE)
S_SSDT[524] : NtUserRegisterRawInputDevices -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A3DF0)
S_SSDT[536] : NtUserSendInput -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A41F4)
S_SSDT[544] : NtUserSetClipboardViewer -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A4538)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A4B2E)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A480E)
S_SSDT[607] : NtUserUnhookWindowsHookEx -> HOOKED (\??\C:\Windows\system32\drivers\AntiLog32.sys @ 0x8F2A4C98)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 4b3535ac05268d4adc6f1562c14b6834
[BSP] f48df6e531cce2c8d6b22319895da4e4 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 14900 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30722048 | Size: 137624 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] ea2a3214d7e855c541445418f9f4fa2d
[BSP] 9ab224430cae5d4642efe916dd8f39b0 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 11640 | Size: 7782 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_04252013_02d2330.txt >>
RKreport[1]_S_04252013_02d2330.txt


 

Second log is this : 

# AdwCleaner v2.202 - Logfile created 04/28/2013 at 12:59:31
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Home - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\Home\AppData\Local\Opera\Opera\temporary_downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Opera v12.15.1748.0

File : C:\Users\Home\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [664 octets] - [28/04/2013 12:59:31]

########## EOF - C:\AdwCleaner[R2].txt - [723 octets] ##########

 And SecurityCheck log >>>> 

Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
ESET Smart Security 6.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Zemana Antimalware
Malwarebytes Anti-Malware versiunea 1.75.0.1300
CCleaner
Adobe Flash Player 11.6.602.180
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

:thumbup2: 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:59 PM

Posted 28 April 2013 - 05:27 AM


Hello Gmer99

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Gmer99

Gmer99
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe
  • Local time:01:59 AM

Posted 30 April 2013 - 10:39 AM

 i was suspicious of some lft over of viruses and i scanned with eScan MWAV toolkit after i update it yesterday i will post the log here i saw something suspicious few EXE files ..... 

29 Apr 2013 22:40:36 - **********************************************************
29 Apr 2013 22:40:36 - MWAV - eScanAV AntiVirus Toolkit.
29 Apr 2013 22:40:36 - Copyright © MicroWorld Technologies
29 Apr 2013 22:40:36 - **********************************************************
29 Apr 2013 22:40:36 - Source: C:\Users\Home\Desktop\mwav.exe
29 Apr 2013 22:40:36 - Version 14.0.56 (C:\USERS\HOME\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
29 Apr 2013 22:40:36 - Log File: C:\Users\Home\AppData\Local\temp\MWAV.LOG
29 Apr 2013 22:40:36 - Last Scan Date and Time: 27.04.2013 19:27:17
29 Apr 2013 22:40:36 - MWAV Registered: TRUE
29 Apr 2013 22:40:36 - User Account: Home (Administrator Mode)
29 Apr 2013 22:40:36 - OS Type: Windows Workstation
29 Apr 2013 22:40:36 - OS: Windows 7 [OS Install Date: 24 Aug 2007 01:08:13]
29 Apr 2013 22:40:36 - Ver: Professional Service Pack 1 (Build 7601)
29 Apr 2013 22:40:36 - System Up Time: 3 Hours, 8 Minutes, 51 Seconds


29 Apr 2013 22:40:36 - Parent Process Name : C:\Users\Home\AppData\Local\Temp\mexe.com
29 Apr 2013 22:40:36 - Windows Root Folder: C:\Windows
29 Apr 2013 22:40:36 - Windows Sys32 Folder: C:\Windows\system32
29 Apr 2013 22:40:36 - Interface0 NameServer: 8.26.56.26 156.154.70.22
29 Apr 2013 22:40:36 - Local Fixed Drives: c:\,d:\
29 Apr 2013 22:40:36 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)
29 Apr 2013 22:40:36 - [CREATED ZIP FILE: C:\Users\Home\AppData\Local\Temp\pinfect.zip]

29 Apr 2013 22:40:36 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ******
29 Apr 2013 22:40:39 - C:\Windows\RAVTC.TMP (70), 29-Apr-2013 [Added C:\Windows\RAVTC.TMP to ZIP FILE]
29 Apr 2013 22:40:39 - C:\Windows\system32\cmdcsr.dll (35488), 15-Apr-2013 [Added C:\Windows\system32\cmdcsr.dll to ZIP FILE]
29 Apr 2013 22:40:39 - C:\Windows\system32\cmdkbd32.dll (40656), 15-Apr-2013 [Added C:\Windows\system32\cmdkbd32.dll to ZIP FILE]
29 Apr 2013 22:40:40 - C:\Windows\system32\cmdvrt32.dll (276688), 15-Apr-2013 [Added C:\Windows\system32\cmdvrt32.dll to ZIP FILE]
29 Apr 2013 22:40:40 - C:\Windows\system32\guard32.dll (348048), 23-Apr-2013 [Added C:\Windows\system32\guard32.dll to ZIP FILE]
29 Apr 2013 22:40:40 - C:\Windows\system32\MRT.exe (70490256), 15-Apr-2013
29 Apr 2013 22:40:40 - C:\Windows\system32\drivers\cmderd.sys (20072), 15-Apr-2013 [Added C:\Windows\system32\drivers\cmderd.sys to ZIP FILE]
29 Apr 2013 22:40:40 - C:\Windows\system32\drivers\cmdguard.sys (581912), 15-Apr-2013 [Added C:\Windows\system32\drivers\cmdguard.sys to ZIP FILE]
29 Apr 2013 22:40:40 - C:\Windows\system32\drivers\cmdhlp.sys (43728), 15-Apr-2013 [Added C:\Windows\system32\drivers\cmdhlp.sys to ZIP FILE]
29 Apr 2013 22:40:40 - C:\Windows\system32\drivers\inspect.sys (84928), 25-Apr-2013 [Added C:\Windows\system32\drivers\inspect.sys to ZIP FILE]
29 Apr 2013 22:40:40 - C:\Windows\system32\drivers\ntfs.sys (1211752), 27-Apr-2013
29 Apr 2013 22:40:40 - C:\Users\Home\AppData\Local\Temp\avcuf32.dll (495776), 22-Apr-2013 [Added C:\Users\Home\AppData\Local\Temp\avcuf32.dll to ZIP FILE]
29 Apr 2013 22:40:40 - C:\Users\Home\AppData\Local\Temp\avcuf64.dll (548288), 22-Apr-2013 [Added C:\Users\Home\AppData\Local\Temp\avcuf64.dll to ZIP FILE]
29 Apr 2013 22:40:40 - C:\Users\Home\AppData\Local\Temp\BACKUP.20596711.mexe.com (777512), 29-Apr-2013
29 Apr 2013 22:40:40 - C:\Users\Home\AppData\Local\Temp\bdc.exe (182792), 29-Apr-2013
29 Apr 2013 22:40:40 - C:\Users\Home\AppData\Local\Temp\bdfltlib2k.dll (231944), 29-Apr-2013
29 Apr 2013 22:40:40 - C:\Users\Home\AppData\Local\Temp\bdnimbus32.dll (85288), 29-Apr-2013
29 Apr 2013 22:40:40 - C:\Users\Home\AppData\Local\Temp\bdnimbus64.dll (91944), 29-Apr-2013
29 Apr 2013 22:40:40 - C:\Users\Home\AppData\Local\Temp\encdec.dll (256232), 29-Apr-2013
29 Apr 2013 22:40:40 - C:\Users\Home\AppData\Local\Temp\erootdrv.sys (22920), 29-Apr-2013
29 Apr 2013 22:40:41 - C:\Users\Home\AppData\Local\Temp\mexe.com (779560), 29-Apr-2013 [Added C:\Users\Home\AppData\Local\Temp\mexe.com to ZIP FILE]
29 Apr 2013 22:40:41 - C:\Users\Home\AppData\Local\Temp\msvclnt.dll (201448), 29-Apr-2013
29 Apr 2013 22:40:41 - C:\Users\Home\AppData\Local\Temp\mwavdwnl.exe (990952), 29-Apr-2013
29 Apr 2013 22:40:41 - C:\Users\Home\AppData\Local\Temp\red32.dll (11496), 29-Apr-2013
29 Apr 2013 22:40:41 - C:\Users\Home\AppData\Local\Temp\Reload.exe (153832), 29-Apr-2013
29 Apr 2013 22:40:41 - C:\Users\Home\AppData\Local\Temp\setpriv.exe (82152), 29-Apr-2013
29 Apr 2013 22:40:41 - C:\Users\Home\AppData\Local\Temp\unregx.exe (83176), 29-Apr-2013
29 Apr 2013 22:40:41 - C:\Users\Home\AppData\Local\Temp\UPDLL10.DLL (1125096), 29-Apr-2013
29 Apr 2013 22:40:41 - C:\Users\Home\AppData\Local\Temp\viewtcp.exe (576744), 29-Apr-2013

29 Apr 2013 22:40:41 - C:\Windows\BitLockerDiscoveryVolumeContents, 14-Jul-2009 [HS] [Folder]
29 Apr 2013 22:40:41 - C:\Windows\Fonts, 14-Jul-2009 [SR] [Folder]
29 Apr 2013 22:40:41 - C:\Windows\Media, 14-Jul-2009 [SR] [Folder]
29 Apr 2013 22:40:41 - C:\Windows\pss, 23-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\Windows\system32\Microsoft, 14-Jul-2009 [S] [Folder]
29 Apr 2013 22:40:41 - C:\Config.Msi, 29-Apr-2013 [HS] [Folder]
29 Apr 2013 22:40:41 - C:\Documents and Settings, 14-Jul-2009 [HS] [Folder]
29 Apr 2013 22:40:41 - C:\Michael Bolton - The Essential 2002 [FLAC] [h33t] - Kitlope, 20-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\Michael Bolton - Timeless Volume 2 [mp3][h33t][LoC. Blazer], 20-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\Stinger_Quarantine, 18-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\Users\Home\AppData\Local\Temp\2DC4, 29-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\Users\Home\AppData\Local\Temp\Low, 29-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\Users\Home\AppData\Local\Temp\plugins, 29-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\Users\Home\AppData\Local\Temp\PSLogs, 29-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\Users\Home\AppData\Roaming\Microsoft, 23-Aug-2007 [S] [Folder]
29 Apr 2013 22:40:41 - C:\Users\Home\AppData\Roaming\Panda Security, 28-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\Application Data, 14-Jul-2009 [HS] [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\Comodo, 23-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\Comodo Downloader, 23-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\Desktop, 14-Jul-2009 [HS] [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\Documents, 14-Jul-2009 [HS] [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\Kaspersky Lab, 23-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\Microsoft, 14-Jul-2009 [S] [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\Microsoft Help, 22-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\Panda Security, 28-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\Shared Space, 23-Apr-2013 [S] [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\Sophos, 27-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\Spybot - Search & Destroy, 16-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\Start Menu, 14-Jul-2009 [HS] [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\Templates, 14-Jul-2009 [HS] [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\{BB35AF0B-CAE6-4475-8DA3-E4C7591DD962}, 04-Apr-2013 [H] [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\..\Config.Msi, 29-Apr-2013 [HS] [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\..\Documents and Settings, 14-Jul-2009 [HS] [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\..\Michael Bolton - The Essential 2002 [FLAC] [h33t] - Kitlope, 20-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\..\Michael Bolton - Timeless Volume 2 [mp3][h33t][LoC. Blazer], 20-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\ProgramData\..\Stinger_Quarantine, 18-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\Program Files\COMODO, 23-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\Program Files\NoVirusThanks, 22-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\Program Files\Panda Security, 28-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\Program Files\Sophos, 27-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\Program Files\Common Files\Microsoft Shared\Filters, 22-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform, 22-Apr-2013 [Folder]
29 Apr 2013 22:40:41 - C:\Program Files\Common Files\Microsoft Shared\VSTA, 22-Apr-2013 [Folder]

29 Apr 2013 22:40:41 - *********************************************************************************************

29 Apr 2013 22:40:41 - Command Line Options Given: /xsign
29 Apr 2013 22:40:41 - Latest Date of files inside MWAV: Sat Apr 27 14:29:47 2013.
29 Apr 2013 22:40:41 - Sign Version: 7.46881
29 Apr 2013 22:40:43 - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Users\Home\AppData\Local\temp\ESCANDB.LOG]
29 Apr 2013 22:40:44 - Loaded/Created FileScan Cache Database...
29 Apr 2013 22:40:44 - Loading AV Library [DB]...
29 Apr 2013 22:41:25 - ArchiveScan: ENABLED
29 Apr 2013 22:41:33 - AV Library Loaded [DB-DIRECT].
29 Apr 2013 22:41:33 - MWAV doing self scanning...
29 Apr 2013 22:41:33 - MWAV files are clean.
29 Apr 2013 22:41:36 - ArchiveScan: ENABLED
29 Apr 2013 22:41:36 - Virus Database Date: 27 Apr 2013
29 Apr 2013 22:41:36 - Virus Database Count: 9674689
29 Apr 2013 22:41:42 - Downloading AntiVirus and Anti-Spyware Databases...
29 Apr 2013 22:43:23 - Update Successful...
29 Apr 2013 22:43:26 - Old Sign Version: 7.46881 New Sign Version: 7.46930
29 Apr 2013 22:43:55 - Reload of AntiVirus Signatures successfully done.
29 Apr 2013 22:43:55 - Virus Database Date: 29 Apr 2013
29 Apr 2013 22:43:55 - Virus Database Count: 9697096

29 Apr 2013 22:43:59 - **********************************************************
29 Apr 2013 22:43:59 - MWAV - eScanAV AntiVirus Toolkit.
29 Apr 2013 22:43:59 - Copyright © MicroWorld Technologies
29 Apr 2013 22:43:59 -
29 Apr 2013 22:43:59 - Support: support@escanav.com
29 Apr 2013 22:43:59 - Web: http://www.escanav.com
29 Apr 2013 22:43:59 - **********************************************************
29 Apr 2013 22:43:59 - Version 14.0.56[DB] (C:\USERS\HOME\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
29 Apr 2013 22:43:59 - Log File: C:\Users\Home\AppData\Local\temp\MWAV.LOG
29 Apr 2013 22:43:59 - User Account: Home (Administrator Mode)
29 Apr 2013 22:43:59 - Parent Process Name : C:\Users\Home\AppData\Local\Temp\mexe.com
29 Apr 2013 22:43:59 - Windows Root Folder: C:\Windows
29 Apr 2013 22:43:59 - Windows Sys32 Folder: C:\Windows\system32
29 Apr 2013 22:43:59 - OS: Windows 7 [OS Install Date: 24 Aug 2007 01:08:13]
29 Apr 2013 22:43:59 - Ver: Professional Service Pack 1 (Build 7601)
29 Apr 2013 22:43:59 - Latest Date of files inside MWAV: Sat Apr 27 14:29:47 2013.
29 Apr 2013 22:43:59 - Sign Version: 7.46930

29 Apr 2013 22:43:59 - Options Selected by User:
29 Apr 2013 22:43:59 - Memory Check: Enabled
29 Apr 2013 22:43:59 - Registry Check: Enabled
29 Apr 2013 22:43:59 - StartUp Folder Check: Enabled
29 Apr 2013 22:43:59 - System Folder Check: Enabled
29 Apr 2013 22:43:59 - Services Check: Enabled
29 Apr 2013 22:43:59 - Scan Spyware: Enabled
29 Apr 2013 22:43:59 - Scan Archives: Enabled
29 Apr 2013 22:43:59 - Drive Check: Enabled
29 Apr 2013 22:43:59 - All Drive Check :Disabled
29 Apr 2013 22:43:59 - Drive Selected = C:\
29 Apr 2013 22:43:59 - Folder Check: Enabled
29 Apr 2013 22:43:59 - Folder Selected = C:\Windows
29 Apr 2013 22:43:59 - SCAN: All_Files
29 Apr 2013 22:43:59 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)

29 Apr 2013 22:43:59 - Scanning DNS Records...
29 Apr 2013 22:44:00 - Scanning Master Boot Record (Kernel)...
29 Apr 2013 22:44:03 - Scanning Logical Boot Records...
29 Apr 2013 22:45:06 - ScanFile (:BOOT:D) took 61969 ms
29 Apr 2013 22:45:06 - Scanning of :BOOT:D Timed out!!!
29 Apr 2013 22:45:06 - ***** Scanning For Hidden Rootkit Processes *****
29 Apr 2013 22:45:09 - ***** Scanning For Hidden Rootkit Services *****

29 Apr 2013 22:45:12 - ***** Scanning Memory Files *****

29 Apr 2013 22:45:52 - ***** Scanning Registry Files *****

29 Apr 2013 22:45:57 - ***** Scanning StartUp Folders *****
29 Apr 2013 22:46:08 - ScanFile (C:\Users\Home\Desktop\ComboFix.exe) took 8906 ms
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Adobe FlashPlayer Cookies-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Adobe FlashPlayer Cookies-0000.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Adobe FlashPlayer Cookies-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Adobe FlashPlayer Cookies-0001.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths1.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths1.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths2.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths2.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths3.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths3.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0001.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0002.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0003.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0003.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0004.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0004.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0005.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0005.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0001.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0002.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0003.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0003.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0004.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0004.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0005.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0005.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0001.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0002.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0003.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0003.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0001.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0002.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0000.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0000.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0001.zip
29 Apr 2013 22:47:54 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:54 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0002.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MissingHelpFiles.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\MissingHelpFiles.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MissingHelpFiles1.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\MissingHelpFiles1.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0001.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0002.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0003.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0003.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0001.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0002.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0003.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0003.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0001.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0002.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0003.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0003.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0004.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0004.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0005.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0005.zip
29 Apr 2013 22:47:55 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 22:47:55 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip
29 Apr 2013 22:48:08 - ScanFile (C:\ProgramData\{BB35AF0B-CAE6-4475-8DA3-E4C7591DD962}\Setup.res) took 8438 ms

29 Apr 2013 22:48:09 - ***** Scanning Service Files *****
29 Apr 2013 22:48:23 - ERROR(2)!!! Invalid Entry \??\C:\Users\Home\AppData\Local\Temp\catchme.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\catchme.
29 Apr 2013 22:50:21 - ERROR(2)!!! Invalid Entry \??\C:\Windows\system32\drivers\rootrepeal.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\rootrepeal.

29 Apr 2013 22:51:42 - ***** Scanning Registry and File system for Adware/Spyware *****
29 Apr 2013 22:51:44 - Loading Spyware Signatures from new External Database [Name: C:\Users\Home\AppData\Local\temp\spydb.avs, Size: 463771]...
29 Apr 2013 22:51:44 - Indexed Spyware Databases Successfully Created...

29 Apr 2013 22:51:47 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
29 Apr 2013 22:51:47 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Entries Removed.
29 Apr 2013 22:51:47 - Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.

29 Apr 2013 22:51:48 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
29 Apr 2013 22:51:48 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Entries Removed.
29 Apr 2013 22:51:48 - Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.


29 Apr 2013 22:51:49 - ***** Scanning Registry Files *****
29 Apr 2013 22:51:50 - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
29 Apr 2013 22:51:50 - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.msn.com/
29 Apr 2013 22:51:50 - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

29 Apr 2013 22:51:50 - ***** Scanning System32 Folders *****


29 Apr 2013 22:54:08 - ***** Scanning Drive C:\ *****
29 Apr 2013 22:57:20 - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{751B9725-1B3F-4797-AFCC-632908B922A4}\NvCplSetupEng.exe) took 14406 ms
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Adobe FlashPlayer Cookies-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Adobe FlashPlayer Cookies-0000.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Adobe FlashPlayer Cookies-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Adobe FlashPlayer Cookies-0001.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths1.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths1.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths2.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths2.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths3.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\BrokenApplicationPaths3.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0001.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0002.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0003.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0003.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0004.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0004.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0005.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0005.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0001.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0002.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0003.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0003.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0004.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0004.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0005.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0005.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0001.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0002.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0003.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0003.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0001.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0002.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0000.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0000.zip
29 Apr 2013 23:00:21 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:21 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0001.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0002.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MissingHelpFiles.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\MissingHelpFiles.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MissingHelpFiles1.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\MissingHelpFiles1.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0001.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0002.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0003.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0003.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0001.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0002.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0003.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0003.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0001.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0001.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0002.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0002.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0003.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0003.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0004.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0004.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0005.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0005.zip
29 Apr 2013 23:00:22 - C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip not Scanned. Possibly password protected...
29 Apr 2013 23:00:22 - ERROR(3)!!! ScanFile fails for C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip
29 Apr 2013 23:00:32 - INVALID ATTRIBUTES FOR FOLDER [C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1N4K2EK]. IGNORING.
29 Apr 2013 23:37:05 - Please Wait Exiting Application...

29 Apr 2013 23:37:05 - ***** Scanning complete. *****

29 Apr 2013 23:37:05 - Total Objects Scanned: 142316
29 Apr 2013 23:37:05 - Total Critical Objects: 2
29 Apr 2013 23:37:05 - Total Disinfected Objects: 0
29 Apr 2013 23:37:05 - Total Objects Renamed: 0
29 Apr 2013 23:37:05 - Total Deleted Objects: 2
29 Apr 2013 23:37:05 - Total Errors: 2
29 Apr 2013 23:37:05 - Time Elapsed: 00:53:02
29 Apr 2013 23:37:05 - Virus Database Date: 29 Apr 2013
29 Apr 2013 23:37:05 - Virus Database Count: 9697096

29 Apr 2013 23:37:05 - Scan Completed



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:59 PM

Posted 30 April 2013 - 11:34 AM

did you run combofix and get a report?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Gmer99

Gmer99
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe
  • Local time:01:59 AM

Posted 01 May 2013 - 02:42 PM

This is the second Combofix log 

 

ComboFix 13-04-27.04 - Home 04/30/2013 21:58:01.15.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2559.2245 [GMT 3:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 )))))))))))))))))))))))))))))))
.
.
2013-04-30 19:03 . 2013-04-30 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-30 14:05 . 2013-04-30 15:52 -------- d-----w- c:\program files\stinger
2013-04-30 11:00 . 2013-04-30 19:03 -------- d-----w- c:\users\Home\AppData\Local\temp
2013-04-30 09:27 . 2013-04-30 09:28 -------- d-----w- c:\program files\Google
2013-04-30 09:27 . 2013-04-30 09:29 -------- d-----w- c:\users\Home\AppData\Local\Google
2013-04-30 09:10 . 2013-04-30 09:10 241992 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-04-30 09:05 . 2012-10-10 11:00 622616 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-04-30 09:05 . 2012-02-17 12:45 447208 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-04-30 09:04 . 2013-04-30 09:04 -------- d-----w- c:\users\Home\AppData\Roaming\QuickScan
2013-04-30 09:04 . 2013-04-30 09:22 -------- d-----w- c:\program files\Bitdefender
2013-04-30 09:04 . 2012-10-04 10:30 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-04-28 17:44 . 2013-04-28 17:44 -------- d-----w- c:\users\Home\AppData\Roaming\Panda Security
2013-04-28 17:39 . 2013-04-30 08:10 -------- d-----w- c:\program files\Panda Security
2013-04-28 17:39 . 2013-04-28 17:39 -------- d-----w- c:\programdata\Panda Security
2013-04-27 21:26 . 2013-04-27 21:26 -------- d-----w- c:\programdata\Sophos
2013-04-27 21:26 . 2013-04-27 21:26 73728 ----a-r- c:\users\Home\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-27 21:26 . 2013-04-27 21:26 73728 ----a-r- c:\users\Home\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-27 21:26 . 2013-04-27 21:26 73728 ----a-r- c:\users\Home\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-04-27 21:26 . 2013-04-27 21:26 -------- d-----w- c:\program files\Sophos
2013-04-27 20:54 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 19:47 . 2013-04-23 19:51 -------- d-s---w- c:\programdata\Shared Space
2013-04-23 19:45 . 2013-04-23 19:45 -------- d-----w- c:\program files\COMODO
2013-04-23 19:45 . 2013-04-23 19:51 -------- d-----w- c:\programdata\Comodo
2013-04-23 19:45 . 2013-04-23 19:45 -------- d-----w- c:\programdata\Comodo Downloader
2013-04-23 15:20 . 2013-04-23 15:20 -------- d-----w- c:\programdata\Kaspersky Lab
2013-04-22 13:27 . 2013-04-22 13:27 -------- d-----w- c:\users\Home\AppData\Local\Microsoft Help
2013-04-22 13:27 . 2013-04-22 13:54 -------- d-----w- c:\programdata\Microsoft Help
2013-04-22 12:00 . 2013-04-22 12:00 -------- d-----w- c:\program files\NoVirusThanks
2013-04-21 21:40 . 2013-04-21 21:43 -------- d-----w- c:\users\Home\AppData\Local\Browser Guard
2013-04-20 17:12 . 2013-04-27 12:29 -------- d-----w- C:\Michael Bolton - Timeless Volume 2 [mp3][h33t][LoC. Blazer]
2013-04-20 15:37 . 2013-04-20 15:37 -------- d-----w- C:\Michael Bolton - The Essential 2002 [FLAC] [h33t] - Kitlope
2013-04-18 15:02 . 2013-04-25 10:05 84928 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-04-18 09:34 . 2013-04-20 08:21 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-04-16 21:30 . 2013-04-16 21:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-15 15:38 . 2013-04-15 15:38 43728 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-04-15 15:38 . 2013-04-15 15:38 581912 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-04-15 15:38 . 2013-04-15 15:38 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-04-15 15:38 . 2013-04-23 14:04 348048 ----a-w- c:\windows\system32\guard32.dll
2013-04-15 15:38 . 2013-04-15 15:38 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-04-15 15:38 . 2013-04-15 15:38 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-04-15 15:38 . 2013-04-15 15:38 276688 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-04-13 19:17 . 2013-04-13 19:26 -------- d-----w- C:\My Disc
2013-04-10 23:22 . 2013-04-10 23:22 -------- d-----w- c:\users\UpdatusUser
2013-04-10 23:22 . 2013-04-10 23:22 -------- d-----w- c:\programdata\NVIDIA
2013-04-10 23:22 . 2013-01-31 09:01 2859296 ----a-w- c:\windows\system32\nvsvc.dll
2013-04-10 23:22 . 2013-01-31 09:01 3970848 ----a-w- c:\windows\system32\nvcpl.dll
2013-04-10 23:22 . 2013-01-31 09:00 634656 ----a-w- c:\windows\system32\nvvsvc.exe
2013-04-10 23:22 . 2013-01-31 09:00 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-04-10 23:22 . 2013-01-31 09:00 2557728 ----a-w- c:\windows\system32\nvsvcr.dll
2013-04-10 23:22 . 2013-01-31 09:00 108832 ----a-w- c:\windows\system32\nvmctray.dll
2013-04-10 23:21 . 2013-02-19 18:33 53024 ----a-w- c:\windows\system32\OpenCL.dll
2013-04-10 23:21 . 2013-04-10 23:21 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-04-10 23:21 . 2013-04-10 23:22 -------- d-----w- c:\program files\NVIDIA Corporation
2013-04-10 16:22 . 2013-04-10 16:22 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2013-04-09 20:40 . 2013-02-19 12:01 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-09 20:40 . 2013-02-21 10:30 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-04-09 20:40 . 2013-02-21 10:29 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-04-09 20:40 . 2013-02-21 10:29 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-04-09 20:40 . 2013-02-21 10:29 257536 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-04-09 20:40 . 2013-02-21 10:29 235520 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-04-09 20:38 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-09 20:38 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-09 20:38 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-09 09:26 . 2013-04-09 09:33 -------- d-----w- c:\users\Home\AppData\Roaming\Comodo
2013-04-08 20:19 . 2013-04-08 20:23 -------- d-----w- c:\programdata\HitmanPro
2013-04-07 20:35 . 2013-04-07 20:36 -------- d-----w- c:\users\AsafAvidan
2013-04-07 19:25 . 2013-04-07 19:25 -------- d-----w- c:\users\Home\AppData\Local\Diagnostics
2013-04-07 10:26 . 2013-04-07 10:26 -------- d---a-w- c:\windows\system32\runouce.exe
2013-04-07 10:16 . 2013-04-07 10:16 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-04-07 10:16 . 2013-04-07 10:16 632064 ----a-w- c:\windows\system32\msvcr80.dll
2013-04-07 10:16 . 2013-04-07 10:16 554240 ----a-w- c:\windows\system32\msvcp80.dll
2013-04-07 10:16 . 2013-04-07 10:16 572928 ----a-w- c:\windows\system32\msvcp90.dll
2013-04-07 10:16 . 2013-04-07 10:16 655872 ----a-w- c:\windows\system32\msvcr90.dll
2013-04-07 10:16 . 2013-04-07 10:16 34048 ----a-w- c:\windows\system32\eEmpty.exe
2013-04-07 10:16 . 2013-04-07 10:16 -------- d-----w- c:\program files\Common Files\MicroWorld
2013-04-07 10:15 . 2013-04-07 10:16 -------- d-----w- c:\programdata\MicroWorld
2013-04-07 09:02 . 2013-04-07 09:02 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-04-06 12:38 . 2013-04-06 12:38 -------- d-----w- c:\windows\system32\SPReview
2013-04-06 12:38 . 2013-04-06 12:38 -------- d-----w- c:\windows\system32\EventProviders
2013-04-06 12:34 . 2010-11-20 12:21 84480 ----a-w- c:\windows\system32\wkssvc.dll
2013-04-06 11:23 . 2013-04-30 14:53 -------- d-----w- c:\users\Home\AppData\Roaming\vlc
2013-04-06 11:22 . 2013-04-06 11:22 -------- d-----w- c:\program files\VideoLAN
2013-04-06 10:55 . 2013-04-07 16:51 -------- d-----w- C:\Olympus Has Fallen (2013) CAM 304p [Zend]
2013-04-06 09:57 . 2013-04-06 09:57 -------- d-----w- c:\users\Home\AppData\Local\ESET
2013-04-06 09:54 . 2013-04-06 09:54 -------- d-----w- c:\program files\ESET
2013-04-06 09:48 . 2013-04-29 18:00 -------- d-----w- c:\users\Home\AppData\Local\ElevatedDiagnostics
2013-04-05 19:49 . 2013-04-07 13:48 -------- d-----w- c:\users\Home\Doctor Web
2013-04-05 14:35 . 2013-04-05 14:35 -------- d-----w- c:\users\Home\AppData\Local\Adobe
2013-04-05 14:33 . 2013-04-05 14:33 -------- d-----w- c:\program files\Common Files\Adobe
2013-04-05 13:51 . 2013-04-05 13:51 -------- d-----w- c:\users\Home\AppData\Local\Screamer Radio
2013-04-05 11:25 . 2009-02-20 13:55 326656 ----a-w- c:\windows\tsnpstd3.exe
2013-04-05 11:25 . 2006-09-19 06:07 827392 ----a-w- c:\windows\vsnpstd3.exe
2013-04-05 11:25 . 2009-02-19 07:28 61440 ----a-w- c:\windows\system32\vsnpstd3.dll
2013-04-05 11:25 . 2007-03-26 11:46 10252544 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2013-04-05 11:25 . 2007-02-09 11:13 172032 ----a-w- c:\windows\system32\rsnpstd3.dll
2013-04-05 11:25 . 2005-11-23 10:55 53248 ----a-w- c:\windows\system32\csnpstd3.dll
2013-04-05 11:25 . 2005-11-23 10:55 53248 ----a-w- c:\windows\csnpstd3.dll
2013-04-05 11:25 . 2013-04-05 11:25 -------- d-----w- c:\program files\Common Files\snpstd3
2013-04-05 11:25 . 2013-04-05 11:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2013-04-05 11:24 . 2013-04-05 11:24 -------- d-----w- c:\users\Home\AppData\Roaming\InstallShield
2013-04-05 11:20 . 2013-04-05 12:20 -------- d-----w- c:\program files\Zemana AntiMalware
2013-04-05 11:20 . 2013-04-18 17:50 -------- d-----w- c:\programdata\Zemana AntiMalware
2013-04-05 10:54 . 2013-04-05 10:54 -------- d-----w- c:\windows\system32\Wat
2013-04-04 18:57 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-04-04 18:57 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-04-04 18:57 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-04-04 18:14 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-04-04 18:14 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-04-04 18:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2013-04-04 18:12 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2013-04-04 16:57 . 2013-04-04 16:58 -------- d-----w- c:\users\Home\AppData\Roaming\Yahoo!
2013-04-04 16:57 . 2013-04-04 16:57 -------- d-----w- c:\programdata\Yahoo! Companion
2013-04-04 16:57 . 2013-04-04 16:57 -------- d-----w- c:\programdata\Yahoo!
2013-04-04 16:56 . 2013-04-04 16:57 -------- d-----w- c:\program files\Yahoo!
2013-04-04 16:47 . 2013-04-28 10:43 -------- d-----w- c:\program files\CCleaner
2013-04-04 16:47 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-04-04 16:47 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2013-04-04 16:47 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-04-04 16:47 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-04-04 16:47 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-04 16:47 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2013-04-04 16:47 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-04-04 16:46 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-04-04 16:46 . 2010-11-20 11:57 2560 ----a-w- c:\windows\system32\dpnaddr.dll
2013-04-04 16:46 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-22 16:12 . 2013-04-22 16:10 7742985 ----a-w- c:\windows\REGBK00.ZIP
2013-04-06 12:47 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-02-20 08:07 . 2013-02-20 08:07 47568 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2013-02-20 08:07 . 2013-02-20 08:07 171680 ----a-w- c:\windows\system32\drivers\eamonm.sys
2013-02-19 18:32 . 2013-02-19 18:32 6162704 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-19 18:32 . 2013-02-19 18:32 10919200 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-19 18:32 . 2013-02-19 18:32 2446416 ----a-w- c:\windows\system32\nvapi.dll
2013-02-19 18:32 . 2013-02-19 18:32 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-19 18:32 . 2013-02-19 18:32 2577184 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-19 18:32 . 2013-02-19 18:32 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-19 18:32 . 2009-06-10 21:19 15413704 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-19 18:32 . 2013-02-19 18:32 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-19 18:32 . 2013-02-19 18:32 1010464 ----a-w- c:\windows\system32\nvdispco32.dll
2013-02-19 18:32 . 2013-02-19 18:32 7754560 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-19 18:32 . 2013-02-19 18:32 19915552 ----a-w- c:\windows\system32\nvoglv32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2013-04-23 3545880]
"pdiface"="c:\program files\Bitdefender\60-Second Virus Scanner\pdiface.exe" [2013-02-22 243408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2013-03-13 16023976]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 5078504]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3012816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
R0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [x]
R1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [x]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
R1 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
R2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 pdserv;Bitdefender 60-Second Virus Scanner Service;c:\program files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc [x]
R2 ZemanaAntiMalwareScheduler;Zemana AntiMalware Scheduler;c:\program files\Zemana AntiMalware\zemsched.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 10056052
*NewlyCreated* - 519C0A845A423CD8
*Deregistered* - 10056052
*Deregistered* - 519C0A845A423CD8
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-30 09:28 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-04 15:47]
.
2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-30 09:27]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
TCP: Interfaces\{F4655560-AF02-4578-82A9-5C6AF847541C}: NameServer = 213.154.124.1 193.231.252.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-Z1 - c:\users\Home\AppData\Local\temp\Rar$EXa0.813\mbar\mbar.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-30 22:05:57
ComboFix-quarantined-files.txt 2013-04-30 19:05
ComboFix2.txt 2013-04-27 19:17
ComboFix3.txt 2013-04-22 06:22
ComboFix4.txt 2013-04-20 11:21
.
Pre-Run: 117,604,233,216 bytes free
Post-Run: 117,691,355,136 bytes free
.
- - End Of File - - 32C75663F15F82A078B462221F0ADC17

No infection found :) thanks for reminding me to post it i forgot  :grinner: 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:59 PM

Posted 01 May 2013 - 04:45 PM



Hello Gmer99


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:59 PM

Posted 04 May 2013 - 12:15 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Gmer99

Gmer99
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe
  • Local time:01:59 AM

Posted 05 May 2013 - 04:42 PM

Dear Gringo I was away from pc because We celebrate Orthodox Easter here and many billions of us worldwide ..... so i had a very good reason to be offline , I got ur mail and i will post those logs : >>>00:17:11.0692 50012  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

00:17:12.0173 50012  ============================================================
00:17:12.0173 50012  Current date / time: 2013/05/06 00:17:12.0173
00:17:12.0173 50012  SystemInfo:
00:17:12.0173 50012  
00:17:12.0173 50012  OS Version: 6.1.7601 ServicePack: 1.0
00:17:12.0173 50012  Product type: Workstation
00:17:12.0174 50012  ComputerName: HOME-PC
00:17:12.0174 50012  UserName: Home
00:17:12.0174 50012  Windows directory: C:\Windows
00:17:12.0174 50012  System windows directory: C:\Windows
00:17:12.0174 50012  Processor architecture: Intel x86
00:17:12.0174 50012  Number of processors: 2
00:17:12.0174 50012  Page size: 0x1000
00:17:12.0174 50012  Boot type: Normal boot
00:17:12.0174 50012  ============================================================
00:17:13.0728 50012  Drive \Device\Harddisk0\DR0 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x635DCC, SectorsPerTrack: 0x4, TracksPerCylinder: 0xC, Type 'K0', Flags 0x00000050
00:17:13.0748 50012  Drive \Device\Harddisk1\DR1 - Size: 0x1E6C60000 (7.61 Gb), SectorSize: 0x200, Cylinders: 0x3E0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:17:13.0750 50012  ============================================================
00:17:13.0750 50012  \Device\Harddisk0\DR0:
00:17:13.0750 50012  MBR partitions:
00:17:13.0750 50012  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D1A000
00:17:13.0750 50012  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D4C800, BlocksNum 0x10CCC000
00:17:13.0750 50012  \Device\Harddisk1\DR1:
00:17:13.0751 50012  MBR partitions:
00:17:13.0751 50012  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2D78, BlocksNum 0xF33588
00:17:13.0751 50012  ============================================================
00:17:13.0779 50012  C: <-> \Device\Harddisk0\DR0\Partition2
00:17:13.0804 50012  D: <-> \Device\Harddisk0\DR0\Partition1
00:17:13.0804 50012  ============================================================
00:17:13.0804 50012  Initialize success
00:17:13.0804 50012  ============================================================
00:17:19.0619 50180  ============================================================
00:17:19.0619 50180  Scan started
00:17:19.0619 50180  Mode: Manual; SigCheck; TDLFS; 
00:17:19.0619 50180  ============================================================
00:17:20.0596 50180  ================ Scan system memory ========================
00:17:20.0596 50180  System memory - ok
00:17:20.0598 50180  ================ Scan services =============================
00:17:20.0732 50180  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
00:17:20.0926 50180  1394ohci - ok
00:17:20.0955 50180  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:17:20.0985 50180  ACPI - ok
00:17:21.0020 50180  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:17:21.0105 50180  AcpiPmi - ok
00:17:21.0182 50180  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:17:21.0213 50180  AdobeARMservice - ok
00:17:21.0262 50180  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:17:21.0288 50180  AdobeFlashPlayerUpdateSvc - ok
00:17:21.0334 50180  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
00:17:21.0378 50180  adp94xx - ok
00:17:21.0405 50180  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
00:17:21.0436 50180  adpahci - ok
00:17:21.0449 50180  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
00:17:21.0478 50180  adpu320 - ok
00:17:21.0508 50180  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:17:21.0561 50180  AeLookupSvc - ok
00:17:21.0604 50180  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
00:17:21.0686 50180  AFD - ok
00:17:21.0726 50180  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
00:17:21.0753 50180  agp440 - ok
00:17:21.0778 50180  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
00:17:21.0804 50180  aic78xx - ok
00:17:21.0842 50180  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
00:17:21.0917 50180  ALG - ok
00:17:21.0933 50180  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:17:21.0959 50180  aliide - ok
00:17:21.0969 50180  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
00:17:21.0999 50180  amdagp - ok
00:17:22.0009 50180  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
00:17:22.0038 50180  amdide - ok
00:17:22.0079 50180  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
00:17:22.0145 50180  AmdK8 - ok
00:17:22.0166 50180  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
00:17:22.0205 50180  AmdPPM - ok
00:17:22.0240 50180  [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:17:22.0265 50180  amdsata - ok
00:17:22.0295 50180  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
00:17:22.0322 50180  amdsbs - ok
00:17:22.0342 50180  [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:17:22.0368 50180  amdxata - ok
00:17:22.0398 50180  [ AB7A967E9ED30394AEC2A72417362563 ] AntiLog32       C:\Windows\system32\drivers\AntiLog32.sys
00:17:22.0454 50180  AntiLog32 - ok
00:17:22.0490 50180  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
00:17:22.0541 50180  AppID - ok
00:17:22.0565 50180  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:17:22.0645 50180  AppIDSvc - ok
00:17:22.0686 50180  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
00:17:22.0782 50180  Appinfo - ok
00:17:22.0872 50180  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
00:17:22.0929 50180  AppMgmt - ok
00:17:22.0969 50180  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
00:17:22.0997 50180  arc - ok
00:17:23.0008 50180  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
00:17:23.0037 50180  arcsas - ok
00:17:23.0057 50180  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:17:23.0194 50180  AsyncMac - ok
00:17:23.0225 50180  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
00:17:23.0255 50180  atapi - ok
00:17:23.0302 50180  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:17:23.0401 50180  AudioEndpointBuilder - ok
00:17:23.0425 50180  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
00:17:23.0491 50180  Audiosrv - ok
00:17:23.0533 50180  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:17:23.0630 50180  AxInstSV - ok
00:17:23.0668 50180  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
00:17:23.0721 50180  b06bdrv - ok
00:17:23.0749 50180  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
00:17:23.0789 50180  b57nd60x - ok
00:17:23.0840 50180  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:17:23.0920 50180  BDESVC - ok
00:17:23.0934 50180  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:17:23.0986 50180  Beep - ok
00:17:24.0068 50180  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
00:17:24.0161 50180  BFE - ok
00:17:24.0212 50180  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
00:17:24.0272 50180  BITS - ok
00:17:24.0306 50180  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:17:24.0344 50180  blbdrive - ok
00:17:24.0364 50180  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:17:24.0409 50180  bowser - ok
00:17:24.0427 50180  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:17:24.0501 50180  BrFiltLo - ok
00:17:24.0521 50180  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:17:24.0562 50180  BrFiltUp - ok
00:17:24.0592 50180  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
00:17:24.0655 50180  BridgeMP - ok
00:17:24.0684 50180  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
00:17:24.0736 50180  Browser - ok
00:17:24.0770 50180  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:17:24.0821 50180  Brserid - ok
00:17:24.0841 50180  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:17:24.0887 50180  BrSerWdm - ok
00:17:24.0906 50180  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:17:24.0943 50180  BrUsbMdm - ok
00:17:24.0952 50180  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:17:25.0018 50180  BrUsbSer - ok
00:17:25.0044 50180  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
00:17:25.0094 50180  BTHMODEM - ok
00:17:25.0139 50180  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
00:17:25.0209 50180  bthserv - ok
00:17:25.0243 50180  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:17:25.0298 50180  cdfs - ok
00:17:25.0342 50180  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
00:17:25.0396 50180  cdrom - ok
00:17:25.0435 50180  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
00:17:25.0486 50180  CertPropSvc - ok
00:17:25.0512 50180  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
00:17:25.0546 50180  circlass - ok
00:17:25.0573 50180  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
00:17:25.0604 50180  CLFS - ok
00:17:25.0678 50180  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:17:25.0709 50180  clr_optimization_v2.0.50727_32 - ok
00:17:25.0727 50180  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
00:17:25.0762 50180  CmBatt - ok
00:17:25.0921 50180  [ D21DD5C3C4BF89D2722D25B7D11336D5 ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
00:17:26.0115 50180  cmdAgent - ok
00:17:26.0164 50180  [ 11EEFA7EB58D2C33FDE5930E2FC490DC ] cmderd          C:\Windows\system32\DRIVERS\cmderd.sys
00:17:26.0185 50180  cmderd - ok
00:17:26.0218 50180  [ 395EB1D5A2BEB44EACC5B13854D11D5E ] cmdGuard        C:\Windows\system32\DRIVERS\cmdguard.sys
00:17:26.0250 50180  cmdGuard - ok
00:17:26.0261 50180  [ 0FCFB70E0505156BA90218DA19372BA4 ] cmdHlp          C:\Windows\system32\DRIVERS\cmdhlp.sys
00:17:26.0299 50180  cmdHlp - ok
00:17:26.0317 50180  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:17:26.0357 50180  cmdide - ok
00:17:26.0377 50180  [ C2C420573A006CDFB956443735C78A1B ] cmdvirth        C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
00:17:26.0407 50180  cmdvirth - ok
00:17:26.0445 50180  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
00:17:26.0493 50180  CNG - ok
00:17:26.0524 50180  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
00:17:26.0551 50180  Compbatt - ok
00:17:26.0592 50180  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
00:17:26.0634 50180  CompositeBus - ok
00:17:26.0654 50180  COMSysApp - ok
00:17:26.0678 50180  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
00:17:26.0705 50180  crcdisk - ok
00:17:26.0751 50180  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:17:26.0788 50180  CryptSvc - ok
00:17:26.0823 50180  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
00:17:26.0877 50180  CSC - ok
00:17:26.0919 50180  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
00:17:26.0966 50180  CscService - ok
00:17:26.0993 50180  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:17:27.0056 50180  DcomLaunch - ok
00:17:27.0098 50180  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
00:17:27.0180 50180  defragsvc - ok
00:17:27.0209 50180  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:17:27.0269 50180  DfsC - ok
00:17:27.0307 50180  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:17:27.0363 50180  Dhcp - ok
00:17:27.0384 50180  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
00:17:27.0447 50180  discache - ok
00:17:27.0487 50180  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
00:17:27.0514 50180  Disk - ok
00:17:27.0539 50180  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:17:27.0597 50180  Dnscache - ok
00:17:27.0631 50180  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:17:27.0712 50180  dot3svc - ok
00:17:27.0739 50180  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
00:17:27.0798 50180  DPS - ok
00:17:27.0823 50180  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:17:27.0864 50180  drmkaud - ok
00:17:27.0912 50180  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:17:27.0956 50180  DXGKrnl - ok
00:17:28.0009 50180  [ 16FF05BE2BD95824B487B1476862A84B ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
00:17:28.0032 50180  eamonm - ok
00:17:28.0057 50180  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
00:17:28.0110 50180  EapHost - ok
00:17:28.0219 50180  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
00:17:28.0301 50180  ebdrv - ok
00:17:28.0336 50180  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
00:17:28.0390 50180  EFS - ok
00:17:28.0434 50180  [ 366369746D1818FDD8589D1F2C8A6D03 ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
00:17:28.0457 50180  ehdrv - ok
00:17:28.0512 50180  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:17:28.0586 50180  ehRecvr - ok
00:17:28.0610 50180  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
00:17:28.0652 50180  ehSched - ok
00:17:28.0732 50180  [ 7FE34FD5652C54BDA8D2DF8AC92E833A ] ekrn            C:\Program Files\ESET\ESET Smart Security\ekrn.exe
00:17:28.0813 50180  ekrn - ok
00:17:28.0862 50180  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
00:17:28.0894 50180  elxstor - ok
00:17:28.0935 50180  [ 5F08103444A1B5B2A38EAB729DE0A1A3 ] epfw            C:\Windows\system32\DRIVERS\epfw.sys
00:17:28.0976 50180  epfw - ok
00:17:29.0011 50180  [ CCA5BF8C921CDCAE262924F406A1D93C ] EpfwLWF         C:\Windows\system32\DRIVERS\EpfwLWF.sys
00:17:29.0033 50180  EpfwLWF - ok
00:17:29.0065 50180  [ 9DFF2C0E4420A22CA37B655E314CAC69 ] epfwwfp         C:\Windows\system32\DRIVERS\epfwwfp.sys
00:17:29.0098 50180  epfwwfp - ok
00:17:29.0120 50180  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:17:29.0159 50180  ErrDev - ok
00:17:29.0211 50180  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
00:17:29.0274 50180  EventSystem - ok
00:17:29.0302 50180  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
00:17:29.0346 50180  exfat - ok
00:17:29.0371 50180  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:17:29.0430 50180  fastfat - ok
00:17:29.0477 50180  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
00:17:29.0561 50180  Fax - ok
00:17:29.0579 50180  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
00:17:29.0616 50180  fdc - ok
00:17:29.0641 50180  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
00:17:29.0702 50180  fdPHost - ok
00:17:29.0724 50180  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
00:17:29.0779 50180  FDResPub - ok
00:17:29.0808 50180  [ F5CB6CB6D12F495516BE27CFFCCDE4BF ] FETNDIS         C:\Windows\system32\DRIVERS\fetnd6.sys
00:17:29.0863 50180  FETNDIS - ok
00:17:29.0882 50180  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:17:29.0907 50180  FileInfo - ok
00:17:29.0920 50180  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:17:29.0973 50180  Filetrace - ok
00:17:29.0988 50180  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
00:17:30.0037 50180  flpydisk - ok
00:17:30.0058 50180  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:17:30.0095 50180  FltMgr - ok
00:17:30.0156 50180  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
00:17:30.0289 50180  FontCache - ok
00:17:30.0337 50180  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:17:30.0359 50180  FontCache3.0.0.0 - ok
00:17:30.0392 50180  [ 18DA737DD5122A475DA4948ED4643675 ] fsbts           C:\Windows\system32\Drivers\fsbts.sys
00:17:30.0416 50180  fsbts - ok
00:17:30.0444 50180  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:17:30.0471 50180  FsDepends - ok
00:17:30.0496 50180  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:17:30.0535 50180  Fs_Rec - ok
00:17:30.0574 50180  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:17:30.0604 50180  fvevol - ok
00:17:30.0627 50180  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
00:17:30.0664 50180  gagp30kx - ok
00:17:30.0704 50180  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
00:17:30.0774 50180  gpsvc - ok
00:17:30.0834 50180  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         c:\program files\google\update\googleupdate.exe
00:17:30.0856 50180  gupdate - ok
00:17:30.0868 50180  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        c:\program files\google\update\googleupdate.exe
00:17:30.0891 50180  gupdatem - ok
00:17:30.0921 50180  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:17:31.0002 50180  hcw85cir - ok
00:17:31.0042 50180  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:17:31.0089 50180  HdAudAddService - ok
00:17:31.0112 50180  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
00:17:31.0164 50180  HDAudBus - ok
00:17:31.0182 50180  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
00:17:31.0233 50180  HidBatt - ok
00:17:31.0254 50180  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
00:17:31.0294 50180  HidBth - ok
00:17:31.0320 50180  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
00:17:31.0366 50180  HidIr - ok
00:17:31.0395 50180  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
00:17:31.0458 50180  hidserv - ok
00:17:31.0483 50180  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
00:17:31.0520 50180  HidUsb - ok
00:17:31.0548 50180  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:17:31.0605 50180  hkmsvc - ok
00:17:31.0630 50180  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:17:31.0706 50180  HomeGroupListener - ok
00:17:31.0735 50180  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:17:31.0785 50180  HomeGroupProvider - ok
00:17:31.0820 50180  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:17:31.0858 50180  HpSAMD - ok
00:17:31.0902 50180  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:17:31.0951 50180  HTTP - ok
00:17:31.0982 50180  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:17:32.0007 50180  hwpolicy - ok
00:17:32.0041 50180  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
00:17:32.0081 50180  i8042prt - ok
00:17:32.0115 50180  [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:17:32.0165 50180  iaStorV - ok
00:17:32.0219 50180  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:17:32.0293 50180  idsvc - ok
00:17:32.0330 50180  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
00:17:32.0354 50180  iirsp - ok
00:17:32.0403 50180  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
00:17:32.0500 50180  IKEEXT - ok
00:17:32.0539 50180  [ B31F5A92102F7C06415F46E472D056E2 ] inspect         C:\Windows\system32\DRIVERS\inspect.sys
00:17:32.0568 50180  inspect - ok
00:17:32.0585 50180  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
00:17:32.0614 50180  intelide - ok
00:17:32.0633 50180  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:17:32.0694 50180  intelppm - ok
00:17:32.0733 50180  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:17:32.0820 50180  IPBusEnum - ok
00:17:32.0852 50180  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:17:32.0919 50180  IpFilterDriver - ok
00:17:32.0970 50180  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:17:33.0046 50180  iphlpsvc - ok
00:17:33.0081 50180  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:17:33.0121 50180  IPMIDRV - ok
00:17:33.0148 50180  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:17:33.0222 50180  IPNAT - ok
00:17:33.0256 50180  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:17:33.0330 50180  IRENUM - ok
00:17:33.0350 50180  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:17:33.0380 50180  isapnp - ok
00:17:33.0414 50180  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:17:33.0460 50180  iScsiPrt - ok
00:17:33.0486 50180  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
00:17:33.0531 50180  kbdclass - ok
00:17:33.0552 50180  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
00:17:33.0628 50180  kbdhid - ok
00:17:33.0644 50180  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
00:17:33.0677 50180  KeyIso - ok
00:17:33.0694 50180  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:17:33.0721 50180  KSecDD - ok
00:17:33.0744 50180  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:17:33.0771 50180  KSecPkg - ok
00:17:33.0806 50180  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:17:33.0881 50180  KtmRm - ok
00:17:33.0913 50180  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
00:17:33.0982 50180  LanmanServer - ok
00:17:34.0013 50180  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:17:34.0076 50180  LanmanWorkstation - ok
00:17:34.0134 50180  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:17:34.0215 50180  lltdio - ok
00:17:34.0251 50180  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:17:34.0313 50180  lltdsvc - ok
00:17:34.0340 50180  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:17:34.0389 50180  lmhosts - ok
00:17:34.0428 50180  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
00:17:34.0458 50180  LSI_FC - ok
00:17:34.0471 50180  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
00:17:34.0509 50180  LSI_SAS - ok
00:17:34.0522 50180  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:17:34.0552 50180  LSI_SAS2 - ok
00:17:34.0568 50180  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:17:34.0602 50180  LSI_SCSI - ok
00:17:34.0614 50180  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
00:17:34.0679 50180  luafv - ok
00:17:34.0713 50180  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
00:17:34.0750 50180  MBAMProtector - ok
00:17:34.0824 50180  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:17:34.0863 50180  MBAMScheduler - ok
00:17:34.0901 50180  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:17:34.0953 50180  MBAMService - ok
00:17:34.0979 50180  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:17:35.0020 50180  Mcx2Svc - ok
00:17:35.0045 50180  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
00:17:35.0074 50180  megasas - ok
00:17:35.0093 50180  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
00:17:35.0137 50180  MegaSR - ok
00:17:35.0179 50180  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
00:17:35.0240 50180  MMCSS - ok
00:17:35.0263 50180  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
00:17:35.0321 50180  Modem - ok
00:17:35.0333 50180  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:17:35.0392 50180  monitor - ok
00:17:35.0426 50180  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
00:17:35.0455 50180  mouclass - ok
00:17:35.0480 50180  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:17:35.0526 50180  mouhid - ok
00:17:35.0552 50180  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:17:35.0579 50180  mountmgr - ok
00:17:35.0603 50180  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:17:35.0631 50180  mpio - ok
00:17:35.0654 50180  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:17:35.0710 50180  mpsdrv - ok
00:17:35.0759 50180  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:17:35.0860 50180  MpsSvc - ok
00:17:35.0893 50180  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:17:35.0928 50180  MRxDAV - ok
00:17:35.0956 50180  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:17:36.0013 50180  mrxsmb - ok
00:17:36.0040 50180  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:17:36.0081 50180  mrxsmb10 - ok
00:17:36.0101 50180  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:17:36.0225 50180  mrxsmb20 - ok
00:17:36.0333 50180  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
00:17:36.0396 50180  msahci - ok
00:17:36.0468 50180  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:17:36.0513 50180  msdsm - ok
00:17:36.0547 50180  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
00:17:36.0602 50180  MSDTC - ok
00:17:36.0637 50180  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:17:36.0693 50180  Msfs - ok
00:17:36.0714 50180  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:17:36.0806 50180  mshidkmdf - ok
00:17:36.0826 50180  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:17:36.0853 50180  msisadrv - ok
00:17:36.0888 50180  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:17:36.0978 50180  MSiSCSI - ok
00:17:36.0994 50180  msiserver - ok
00:17:37.0023 50180  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:17:37.0089 50180  MSKSSRV - ok
00:17:37.0099 50180  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:17:37.0171 50180  MSPCLOCK - ok
00:17:37.0185 50180  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:17:37.0250 50180  MSPQM - ok
00:17:37.0277 50180  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:17:37.0315 50180  MsRPC - ok
00:17:37.0342 50180  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
00:17:37.0366 50180  mssmbios - ok
00:17:37.0376 50180  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:17:37.0424 50180  MSTEE - ok
00:17:37.0434 50180  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
00:17:37.0476 50180  MTConfig - ok
00:17:37.0497 50180  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
00:17:37.0522 50180  Mup - ok
00:17:37.0558 50180  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
00:17:37.0607 50180  napagent - ok
00:17:37.0641 50180  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:17:37.0683 50180  NativeWifiP - ok
00:17:37.0736 50180  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:17:37.0774 50180  NDIS - ok
00:17:37.0787 50180  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:17:37.0853 50180  NdisCap - ok
00:17:37.0877 50180  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:17:37.0936 50180  NdisTapi - ok
00:17:37.0966 50180  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:17:38.0022 50180  Ndisuio - ok
00:17:38.0045 50180  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:17:38.0116 50180  NdisWan - ok
00:17:38.0143 50180  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:17:38.0188 50180  NDProxy - ok
00:17:38.0206 50180  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:17:38.0266 50180  NetBIOS - ok
00:17:38.0300 50180  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:17:38.0352 50180  NetBT - ok
00:17:38.0377 50180  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
00:17:38.0422 50180  Netlogon - ok
00:17:38.0465 50180  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
00:17:38.0525 50180  Netman - ok
00:17:38.0562 50180  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
00:17:38.0618 50180  netprofm - ok
00:17:38.0659 50180  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:17:38.0683 50180  NetTcpPortSharing - ok
00:17:38.0719 50180  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
00:17:38.0745 50180  nfrd960 - ok
00:17:38.0779 50180  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:17:38.0846 50180  NlaSvc - ok
00:17:38.0858 50180  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:17:38.0919 50180  Npfs - ok
00:17:38.0941 50180  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
00:17:39.0006 50180  nsi - ok
00:17:39.0016 50180  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:17:39.0084 50180  nsiproxy - ok
00:17:39.0143 50180  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:17:39.0194 50180  Ntfs - ok
00:17:39.0219 50180  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
00:17:39.0262 50180  Null - ok
00:17:39.0560 50180  [ 9A77B1C13BCCEDDF78DFD7AFC25B4F5E ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:17:39.0796 50180  nvlddmkm - ok
00:17:39.0850 50180  [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:17:39.0878 50180  nvraid - ok
00:17:39.0900 50180  [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:17:39.0938 50180  nvstor - ok
00:17:39.0988 50180  [ 31B8835B003CAA6D31BEAD83DDBF98E5 ] nvsvc           C:\Windows\system32\nvvsvc.exe
00:17:40.0023 50180  nvsvc - ok
00:17:40.0100 50180  [ F935E817409F78FA50C5921DB39124B3 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
00:17:40.0182 50180  nvUpdatusService - ok
00:17:40.0211 50180  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:17:40.0236 50180  nv_agp - ok
00:17:40.0262 50180  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:17:40.0313 50180  ohci1394 - ok
00:17:40.0350 50180  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:17:40.0405 50180  p2pimsvc - ok
00:17:40.0429 50180  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:17:40.0477 50180  p2psvc - ok
00:17:40.0508 50180  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
00:17:40.0541 50180  Parport - ok
00:17:40.0571 50180  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:17:40.0598 50180  partmgr - ok
00:17:40.0615 50180  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
00:17:40.0661 50180  Parvdm - ok
00:17:40.0687 50180  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:17:40.0723 50180  PcaSvc - ok
00:17:40.0757 50180  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
00:17:40.0784 50180  pci - ok
00:17:40.0802 50180  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
00:17:40.0829 50180  pciide - ok
00:17:40.0847 50180  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
00:17:40.0877 50180  pcmcia - ok
00:17:40.0899 50180  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
00:17:40.0925 50180  pcw - ok
00:17:40.0949 50180  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:17:41.0014 50180  PEAUTH - ok
00:17:41.0081 50180  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
00:17:41.0177 50180  PeerDistSvc - ok
00:17:41.0426 50180  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
00:17:41.0506 50180  pla - ok
00:17:41.0546 50180  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:17:41.0609 50180  PlugPlay - ok
00:17:41.0633 50180  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:17:41.0678 50180  PNRPAutoReg - ok
00:17:41.0710 50180  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:17:41.0753 50180  PNRPsvc - ok
00:17:41.0796 50180  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:17:41.0849 50180  PolicyAgent - ok
00:17:41.0888 50180  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
00:17:41.0934 50180  Power - ok
00:17:41.0969 50180  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:17:42.0023 50180  PptpMiniport - ok
00:17:42.0052 50180  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
00:17:42.0096 50180  Processor - ok
00:17:42.0135 50180  [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:17:42.0197 50180  ProfSvc - ok
00:17:42.0235 50180  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:17:42.0266 50180  ProtectedStorage - ok
00:17:42.0290 50180  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:17:42.0362 50180  Psched - ok
00:17:42.0414 50180  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
00:17:42.0474 50180  ql2300 - ok
00:17:42.0509 50180  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
00:17:42.0535 50180  ql40xx - ok
00:17:42.0571 50180  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
00:17:42.0630 50180  QWAVE - ok
00:17:42.0643 50180  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:17:42.0695 50180  QWAVEdrv - ok
00:17:42.0718 50180  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:17:42.0802 50180  RasAcd - ok
00:17:42.0846 50180  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:17:42.0899 50180  RasAgileVpn - ok
00:17:42.0925 50180  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
00:17:43.0001 50180  RasAuto - ok
00:17:43.0017 50180  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:17:43.0104 50180  Rasl2tp - ok
00:17:43.0160 50180  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
00:17:43.0234 50180  RasMan - ok
00:17:43.0253 50180  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:17:43.0306 50180  RasPppoe - ok
00:17:43.0325 50180  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:17:43.0392 50180  RasSstp - ok
00:17:43.0423 50180  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:17:43.0476 50180  rdbss - ok
00:17:43.0498 50180  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:17:43.0528 50180  rdpbus - ok
00:17:43.0555 50180  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:17:43.0601 50180  RDPCDD - ok
00:17:43.0627 50180  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
00:17:43.0685 50180  RDPDR - ok
00:17:43.0713 50180  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:17:43.0769 50180  RDPENCDD - ok
00:17:43.0795 50180  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:17:43.0848 50180  RDPREFMP - ok
00:17:43.0886 50180  [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:17:43.0969 50180  RdpVideoMiniport - ok
00:17:43.0997 50180  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:17:44.0043 50180  RDPWD - ok
00:17:44.0086 50180  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:17:44.0112 50180  rdyboost - ok
00:17:44.0147 50180  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:17:44.0240 50180  RemoteAccess - ok
00:17:44.0271 50180  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:17:44.0327 50180  RemoteRegistry - ok
00:17:44.0344 50180  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:17:44.0402 50180  RpcEptMapper - ok
00:17:44.0433 50180  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
00:17:44.0476 50180  RpcLocator - ok
00:17:44.0501 50180  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
00:17:44.0555 50180  RpcSs - ok
00:17:44.0595 50180  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:17:44.0640 50180  rspndr - ok
00:17:44.0694 50180  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
00:17:44.0747 50180  s3cap - ok
00:17:44.0768 50180  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
00:17:44.0800 50180  SamSs - ok
00:17:44.0842 50180  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:17:44.0868 50180  sbp2port - ok
00:17:44.0920 50180  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:17:44.0978 50180  SCardSvr - ok
00:17:45.0014 50180  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:17:45.0061 50180  scfilter - ok
00:17:45.0114 50180  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
00:17:45.0219 50180  Schedule - ok
00:17:45.0251 50180  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:17:45.0310 50180  SCPolicySvc - ok
00:17:45.0354 50180  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:17:45.0437 50180  SDRSVC - ok
00:17:45.0470 50180  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:17:45.0532 50180  secdrv - ok
00:17:45.0563 50180  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
00:17:45.0627 50180  seclogon - ok
00:17:45.0653 50180  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
00:17:45.0701 50180  SENS - ok
00:17:45.0733 50180  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:17:45.0799 50180  SensrSvc - ok
00:17:45.0819 50180  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:17:45.0873 50180  Serenum - ok
00:17:45.0906 50180  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:17:45.0942 50180  Serial - ok
00:17:45.0973 50180  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
00:17:46.0004 50180  sermouse - ok
00:17:46.0055 50180  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
00:17:46.0112 50180  SessionEnv - ok
00:17:46.0151 50180  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:17:46.0200 50180  sffdisk - ok
00:17:46.0220 50180  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:17:46.0262 50180  sffp_mmc - ok
00:17:46.0274 50180  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:17:46.0307 50180  sffp_sd - ok
00:17:46.0344 50180  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
00:17:46.0394 50180  sfloppy - ok
00:17:46.0443 50180  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:17:46.0507 50180  SharedAccess - ok
00:17:46.0538 50180  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:17:46.0604 50180  ShellHWDetection - ok
00:17:46.0636 50180  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
00:17:46.0660 50180  sisagp - ok
00:17:46.0690 50180  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:17:46.0716 50180  SiSRaid2 - ok
00:17:46.0729 50180  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
00:17:46.0758 50180  SiSRaid4 - ok
00:17:46.0786 50180  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:17:46.0844 50180  Smb - ok
00:17:46.0884 50180  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:17:46.0917 50180  SNMPTRAP - ok
00:17:47.0189 50180  [ A37E84EB12C39D36EDDEB7966429E75F ] SNPSTD3         C:\Windows\system32\DRIVERS\snpstd3.sys
00:17:47.0419 50180  SNPSTD3 - ok
00:17:47.0484 50180  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:17:47.0509 50180  spldr - ok
00:17:47.0543 50180  [ 866A43013535DC8587C258E43579C764 ] Spooler         C:\Windows\System32\spoolsv.exe
00:17:47.0597 50180  Spooler - ok
00:17:47.0700 50180  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
00:17:47.0809 50180  sppsvc - ok
00:17:47.0854 50180  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:17:47.0911 50180  sppuinotify - ok
00:17:47.0948 50180  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:17:48.0023 50180  srv - ok
00:17:48.0056 50180  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:17:48.0099 50180  srv2 - ok
00:17:48.0137 50180  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:17:48.0175 50180  srvnet - ok
00:17:48.0206 50180  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:17:48.0264 50180  SSDPSRV - ok
00:17:48.0279 50180  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:17:48.0343 50180  SstpSvc - ok
00:17:48.0376 50180  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
00:17:48.0407 50180  stexstor - ok
00:17:48.0447 50180  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
00:17:48.0505 50180  StiSvc - ok
00:17:48.0534 50180  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
00:17:48.0560 50180  storflt - ok
00:17:48.0583 50180  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
00:17:48.0608 50180  storvsc - ok
00:17:48.0625 50180  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
00:17:48.0649 50180  swenum - ok
00:17:48.0677 50180  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
00:17:48.0760 50180  swprv - ok
00:17:48.0820 50180  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
00:17:48.0877 50180  SysMain - ok
00:17:48.0911 50180  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:17:48.0965 50180  TabletInputService - ok
00:17:48.0999 50180  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:17:49.0082 50180  TapiSrv - ok
00:17:49.0116 50180  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
00:17:49.0172 50180  TBS - ok
00:17:49.0232 50180  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:17:49.0287 50180  Tcpip - ok
00:17:49.0350 50180  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:17:49.0398 50180  TCPIP6 - ok
00:17:49.0432 50180  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:17:49.0479 50180  tcpipreg - ok
00:17:49.0514 50180  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:17:49.0571 50180  TDPIPE - ok
00:17:49.0590 50180  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:17:49.0626 50180  TDTCP - ok
00:17:49.0658 50180  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:17:49.0724 50180  tdx - ok
00:17:49.0757 50180  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
00:17:49.0784 50180  TermDD - ok
00:17:49.0824 50180  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
00:17:49.0918 50180  TermService - ok
00:17:49.0960 50180  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
00:17:50.0008 50180  Themes - ok
00:17:50.0029 50180  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
00:17:50.0102 50180  THREADORDER - ok
00:17:50.0154 50180  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
00:17:50.0235 50180  TrkWks - ok
00:17:50.0351 50180  [ F2AEE22231046CAD8D2F94D2C0F9BEFB ] trufos          C:\Windows\system32\drivers\trufos.sys
00:17:50.0381 50180  trufos - ok
00:17:50.0426 50180  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:17:50.0494 50180  TrustedInstaller - ok
00:17:50.0530 50180  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:17:50.0573 50180  tssecsrv - ok
00:17:50.0618 50180  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:17:50.0660 50180  TsUsbFlt - ok
00:17:50.0710 50180  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:17:50.0775 50180  tunnel - ok
00:17:50.0806 50180  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
00:17:50.0832 50180  uagp35 - ok
00:17:50.0856 50180  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:17:50.0909 50180  udfs - ok
00:17:50.0957 50180  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:17:51.0003 50180  UI0Detect - ok
00:17:51.0049 50180  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:17:51.0075 50180  uliagpkx - ok
00:17:51.0107 50180  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
00:17:51.0147 50180  umbus - ok
00:17:51.0177 50180  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
00:17:51.0220 50180  UmPass - ok
00:17:51.0273 50180  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
00:17:51.0320 50180  UmRdpService - ok
00:17:51.0360 50180  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
00:17:51.0437 50180  upnphost - ok
00:17:51.0476 50180  [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
00:17:51.0528 50180  usbccgp - ok
00:17:51.0564 50180  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:17:51.0611 50180  usbcir - ok
00:17:51.0641 50180  [ CFBCE999C057D78979A181C9C60F208E ] usbehci         C:\Windows\system32\drivers\usbehci.sys
00:17:51.0691 50180  usbehci - ok
00:17:51.0730 50180  [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
00:17:51.0775 50180  usbhub - ok
00:17:51.0802 50180  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:17:51.0844 50180  usbohci - ok
00:17:51.0878 50180  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:17:51.0909 50180  usbprint - ok
00:17:51.0936 50180  [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
00:17:51.0971 50180  USBSTOR - ok
00:17:51.0991 50180  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
00:17:52.0019 50180  usbuhci - ok
00:17:52.0050 50180  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
00:17:52.0100 50180  UxSms - ok
00:17:52.0118 50180  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
00:17:52.0162 50180  VaultSvc - ok
00:17:52.0188 50180  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:17:52.0215 50180  vdrvroot - ok
00:17:52.0259 50180  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
00:17:52.0324 50180  vds - ok
00:17:52.0345 50180  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:17:52.0392 50180  vga - ok
00:17:52.0411 50180  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:17:52.0456 50180  VgaSave - ok
00:17:52.0483 50180  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:17:52.0511 50180  vhdmp - ok
00:17:52.0536 50180  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
00:17:52.0563 50180  viaagp - ok
00:17:52.0578 50180  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
00:17:52.0634 50180  ViaC7 - ok
00:17:52.0664 50180  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
00:17:52.0690 50180  viaide - ok
00:17:52.0716 50180  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
00:17:52.0746 50180  vmbus - ok
00:17:52.0768 50180  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
00:17:52.0797 50180  VMBusHID - ok
00:17:52.0820 50180  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:17:52.0845 50180  volmgr - ok
00:17:52.0878 50180  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:17:52.0907 50180  volmgrx - ok
00:17:52.0939 50180  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:17:52.0968 50180  volsnap - ok
00:17:53.0002 50180  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
00:17:53.0028 50180  vsmraid - ok
00:17:53.0080 50180  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
00:17:53.0176 50180  VSS - ok
00:17:53.0199 50180  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
00:17:53.0240 50180  vwifibus - ok
00:17:53.0286 50180  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
00:17:53.0347 50180  W32Time - ok
00:17:53.0381 50180  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
00:17:53.0422 50180  WacomPen - ok
00:17:53.0459 50180  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:17:53.0504 50180  WANARP - ok
00:17:53.0515 50180  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:17:53.0561 50180  Wanarpv6 - ok
00:17:53.0637 50180  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
00:17:53.0730 50180  WatAdminSvc - ok
00:17:53.0788 50180  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
00:17:53.0862 50180  wbengine - ok
00:17:53.0902 50180  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:17:53.0951 50180  WbioSrvc - ok
00:17:53.0986 50180  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:17:54.0039 50180  wcncsvc - ok
00:17:54.0068 50180  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:17:54.0129 50180  WcsPlugInService - ok
00:17:54.0169 50180  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
00:17:54.0208 50180  Wd - ok
00:17:54.0243 50180  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:17:54.0275 50180  Wdf01000 - ok
00:17:54.0298 50180  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:17:54.0359 50180  WdiServiceHost - ok
00:17:54.0371 50180  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:17:54.0414 50180  WdiSystemHost - ok
00:17:54.0440 50180  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
00:17:54.0504 50180  WebClient - ok
00:17:54.0538 50180  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:17:54.0588 50180  Wecsvc - ok
00:17:54.0610 50180  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:17:54.0663 50180  wercplsupport - ok
00:17:54.0681 50180  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:17:54.0742 50180  WerSvc - ok
00:17:54.0787 50180  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:17:54.0833 50180  WfpLwf - ok
00:17:54.0852 50180  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:17:54.0879 50180  WIMMount - ok
00:17:54.0928 50180  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
00:17:55.0001 50180  WinDefend - ok
00:17:55.0020 50180  WinHttpAutoProxySvc - ok
00:17:55.0076 50180  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:17:55.0121 50180  Winmgmt - ok
00:17:55.0187 50180  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
00:17:55.0251 50180  WinRM - ok
00:17:55.0321 50180  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:17:55.0386 50180  Wlansvc - ok
00:17:55.0417 50180  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:17:55.0450 50180  WmiAcpi - ok
00:17:55.0499 50180  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:17:55.0548 50180  wmiApSrv - ok
00:17:55.0608 50180  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
00:17:55.0687 50180  WMPNetworkSvc - ok
00:17:55.0723 50180  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:17:55.0761 50180  WPCSvc - ok
00:17:55.0794 50180  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:17:55.0852 50180  WPDBusEnum - ok
00:17:55.0881 50180  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:17:55.0941 50180  ws2ifsl - ok
00:17:55.0976 50180  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
00:17:56.0024 50180  wscsvc - ok
00:17:56.0037 50180  WSearch - ok
00:17:56.0128 50180  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
00:17:56.0202 50180  wuauserv - ok
00:17:56.0232 50180  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:17:56.0296 50180  WudfPf - ok
00:17:56.0341 50180  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:17:56.0395 50180  WUDFRd - ok
00:17:56.0436 50180  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:17:56.0496 50180  wudfsvc - ok
00:17:56.0535 50180  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:17:56.0585 50180  WwanSvc - ok
00:17:56.0649 50180  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:17:56.0700 50180  YahooAUService - ok
00:17:56.0737 50180  [ 8BBFBD1F94DB05ED1871C681F31565F2 ] ZemanaAntiMalwareScheduler C:\Program Files\Zemana AntiMalware\zemsched.exe
00:17:56.0771 50180  ZemanaAntiMalwareScheduler - ok
00:17:56.0785 50180  ================ Scan global ===============================
00:17:56.0812 50180  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
00:17:56.0842 50180  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
00:17:56.0858 50180  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
00:17:56.0893 50180  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
00:17:56.0922 50180  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
00:17:56.0929 50180  [Global] - ok
00:17:56.0929 50180  ================ Scan MBR ==================================
00:17:56.0943 50180  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:17:57.0515 50180  \Device\Harddisk0\DR0 - ok
00:17:57.0523 50180  [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk1\DR1
00:18:08.0201 50180  \Device\Harddisk1\DR1 - ok
00:18:08.0205 50180  ================ Scan VBR ==================================
00:18:08.0227 50180  [ 25641A591A120AD0B28D2B8177415DDE ] \Device\Harddisk0\DR0\Partition1
00:18:08.0229 50180  \Device\Harddisk0\DR0\Partition1 - ok
00:18:08.0238 50180  [ 923392053654CB54852CACF882936F1A ] \Device\Harddisk0\DR0\Partition2
00:18:08.0257 50180  \Device\Harddisk0\DR0\Partition2 - ok
00:18:08.0265 50180  [ B0E94C541BF6495790922B11248E8F06 ] \Device\Harddisk1\DR1\Partition1
00:18:08.0267 50180  \Device\Harddisk1\DR1\Partition1 - ok
00:18:08.0269 50180  ============================================================
00:18:08.0269 50180  Scan finished
00:18:08.0269 50180  ============================================================
00:18:08.0293 50172  Detected object count: 0
00:18:08.0293 50172  Actual detected object count: 0
 

Anti Rootkit MBAM log : >>>---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16540
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.992000 GHz
Memory total: 2683559936, free: 1132244992
 
------------ Kernel report ------------
     05/06/2013 00:22:58
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\epfwwfp.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\uagp35.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\Drivers\fsbts.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\system32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\EpfwLWF.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Windows\system32\drivers\AntiLog32.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\fetnd6.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\snpstd3.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\epfw.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff863b7698
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff863b7c00
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff859e2aa0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff84c34908
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.05.05.06
Downloaded database version: v2013.05.01.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff859e2aa0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff859e26d8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff859e2aa0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85915328, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff84c34908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffb1382818, 0xffffffff859e2aa0, 0xffffffff875b3ac8
Lower DeviceData: 0xffffffffaba05540, 0xffffffff84c34908, 0xffffffff86592c20
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7D90A
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 30515200
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 30722048  Numsec = 281853952
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 160040803840 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-206847-312559695-312579695)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff863b7698, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff863c8d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff863b7698, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff863b7c00, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffb7b2cfc8, 0xffffffff863b7698, 0xffffffff86bec048
Lower DeviceData: 0xffffffffa9fbe540, 0xffffffff863b7c00, 0xffffffff87303960
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
 
Partition information:
 
    Partition 0 type is Other (0xb)
    Partition is ACTIVE.
    Partition starts at LBA: 11640  Numsec = 15938952
    Partition file system is FAT32
    Partition is not bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 8166703104 bytes
Sector size: 512 bytes
 
Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\{BB35AF0B-CAE6-4475-8DA3-E4C7591DD962}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{BB35AF0B-CAE6-4475-8DA3-E4C7591DD962}\Setup.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{BB35AF0B-CAE6-4475-8DA3-E4C7591DD962}\Setup.lan" is compressed (flags = 1)
Read File: File "c:\ProgramData\{BB35AF0B-CAE6-4475-8DA3-E4C7591DD962}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{BB35AF0B-CAE6-4475-8DA3-E4C7591DD962}\Setup.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{BB35AF0B-CAE6-4475-8DA3-E4C7591DD962}\Setup.lan" is compressed (flags = 1)
Done!
Scan finished
=======================================
 
 
Could not remove DDA driver
 

I will try to stay away from infections :) :thumbup2:



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:59 PM

Posted 05 May 2013 - 07:50 PM


Hello Gmer99

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Gmer99

Gmer99
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe
  • Local time:01:59 AM

Posted 07 May 2013 - 10:41 AM

I am back with the log of Combofix : 

 

 

ComboFix 13-05-06.03 - Home 05/07/2013 17:24:54.23.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2559.1849 [GMT 3:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
Command switches used :: c:\users\Home\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-04-07 to 2013-05-07 )))))))))))))))))))))))))))))))
.
.
2013-05-07 14:30 . 2013-05-07 14:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-07 14:30 . 2013-05-07 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-07 12:25 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44F45646-751E-4E02-BCD7-C69132AD7636}\mpengine.dll
2013-05-06 21:35 . 2013-05-07 14:30 -------- d-----w- c:\users\Home\AppData\Local\temp
2013-05-06 20:24 . 2013-05-01 23:34 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-06 20:24 . 2013-05-01 23:34 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-06 20:24 . 2013-05-01 23:34 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-06 20:24 . 2013-05-01 23:34 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-06 20:24 . 2013-05-01 23:34 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-06 20:24 . 2013-05-02 14:52 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-06 20:24 . 2013-05-01 23:34 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-06 20:24 . 2013-05-01 23:34 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-06 20:24 . 2013-05-01 23:33 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-06 20:23 . 2013-05-01 23:33 41664 ----a-w- c:\windows\avastSS.scr
2013-05-06 20:22 . 2013-05-06 20:22 -------- d-----w- c:\program files\AVAST Software
2013-05-06 20:22 . 2013-05-06 20:22 -------- d-----w- c:\programdata\AVAST Software
2013-05-04 20:31 . 2013-05-04 20:36 -------- d-----w- C:\tmp
2013-05-03 11:51 . 2013-05-03 11:52 -------- d-----w- c:\program files\PrivaZer
2013-05-02 18:32 . 2013-05-02 18:32 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-04-30 09:27 . 2013-04-30 09:28 -------- d-----w- c:\program files\Google
2013-04-30 09:27 . 2013-04-30 09:29 -------- d-----w- c:\users\Home\AppData\Local\Google
2013-04-30 09:04 . 2013-04-30 09:04 -------- d-----w- c:\users\Home\AppData\Roaming\QuickScan
2013-04-28 17:44 . 2013-04-28 17:44 -------- d-----w- c:\users\Home\AppData\Roaming\Panda Security
2013-04-28 17:39 . 2013-04-28 17:39 -------- d-----w- c:\programdata\Panda Security
2013-04-27 21:26 . 2013-04-27 21:26 -------- d-----w- c:\programdata\Sophos
2013-04-27 21:26 . 2013-04-27 21:26 73728 ----a-r- c:\users\Home\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-27 21:26 . 2013-04-27 21:26 73728 ----a-r- c:\users\Home\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-27 21:26 . 2013-04-27 21:26 73728 ----a-r- c:\users\Home\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-04-27 21:26 . 2013-04-27 21:26 -------- d-----w- c:\program files\Sophos
2013-04-27 20:54 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 19:47 . 2013-04-23 19:51 -------- d-s---w- c:\programdata\Shared Space
2013-04-23 19:45 . 2013-04-23 19:45 -------- d-----w- c:\program files\COMODO
2013-04-23 19:45 . 2013-04-23 19:51 -------- d-----w- c:\programdata\Comodo
2013-04-23 19:45 . 2013-04-23 19:45 -------- d-----w- c:\programdata\Comodo Downloader
2013-04-23 15:20 . 2013-04-23 15:20 -------- d-----w- c:\programdata\Kaspersky Lab
2013-04-22 13:27 . 2013-04-22 13:27 -------- d-----w- c:\users\Home\AppData\Local\Microsoft Help
2013-04-22 13:27 . 2013-04-22 13:54 -------- d-----w- c:\programdata\Microsoft Help
2013-04-21 21:40 . 2013-04-21 21:43 -------- d-----w- c:\users\Home\AppData\Local\Browser Guard
2013-04-20 17:12 . 2013-04-27 12:29 -------- d-----w- C:\Michael Bolton - Timeless Volume 2 [mp3][h33t][LoC. Blazer]
2013-04-20 15:37 . 2013-04-20 15:37 -------- d-----w- C:\Michael Bolton - The Essential 2002 [FLAC] [h33t] - Kitlope
2013-04-18 15:02 . 2013-04-25 10:05 84928 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-04-18 09:34 . 2013-04-20 08:21 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-04-16 21:30 . 2013-04-16 21:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-15 15:38 . 2013-04-15 15:38 43728 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-04-15 15:38 . 2013-04-15 15:38 581912 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-04-15 15:38 . 2013-04-15 15:38 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-04-15 15:38 . 2013-04-23 14:04 348048 ----a-w- c:\windows\system32\guard32.dll
2013-04-15 15:38 . 2013-04-15 15:38 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-04-15 15:38 . 2013-04-15 15:38 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-04-15 15:38 . 2013-04-15 15:38 276688 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-04-13 19:17 . 2013-04-13 19:26 -------- d-----w- C:\My Disc
2013-04-10 23:22 . 2013-04-10 23:22 -------- d-----w- c:\users\UpdatusUser
2013-04-10 23:22 . 2013-04-10 23:22 -------- d-----w- c:\programdata\NVIDIA
2013-04-10 23:22 . 2013-01-31 09:01 2859296 ----a-w- c:\windows\system32\nvsvc.dll
2013-04-10 23:22 . 2013-01-31 09:01 3970848 ----a-w- c:\windows\system32\nvcpl.dll
2013-04-10 23:22 . 2013-01-31 09:00 634656 ----a-w- c:\windows\system32\nvvsvc.exe
2013-04-10 23:22 . 2013-01-31 09:00 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-04-10 23:22 . 2013-01-31 09:00 2557728 ----a-w- c:\windows\system32\nvsvcr.dll
2013-04-10 23:22 . 2013-01-31 09:00 108832 ----a-w- c:\windows\system32\nvmctray.dll
2013-04-10 23:21 . 2013-02-19 18:33 53024 ----a-w- c:\windows\system32\OpenCL.dll
2013-04-10 23:21 . 2013-04-10 23:21 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-04-10 23:21 . 2013-04-10 23:22 -------- d-----w- c:\program files\NVIDIA Corporation
2013-04-10 16:22 . 2013-04-10 16:22 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2013-04-09 20:40 . 2013-02-19 12:01 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-09 20:40 . 2013-02-21 10:30 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-04-09 20:40 . 2013-02-21 10:29 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-04-09 20:40 . 2013-02-21 10:29 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-04-09 20:40 . 2013-02-21 10:29 257536 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-04-09 20:40 . 2013-02-21 10:29 235520 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-04-09 20:38 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-09 20:38 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-09 20:38 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-09 09:26 . 2013-04-09 09:33 -------- d-----w- c:\users\Home\AppData\Roaming\Comodo
2013-04-08 20:19 . 2013-04-08 20:23 -------- d-----w- c:\programdata\HitmanPro
2013-04-07 20:35 . 2013-04-07 20:36 -------- d-----w- c:\users\AsafAvidan
2013-04-07 19:25 . 2013-04-07 19:25 -------- d-----w- c:\users\Home\AppData\Local\Diagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-06 20:34 . 2013-04-04 15:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-06 20:34 . 2013-04-04 15:15 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-01 23:06 . 2013-04-04 15:12 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-22 16:12 . 2013-04-22 16:10 7742985 ----a-w- c:\windows\REGBK00.ZIP
2013-04-07 10:16 . 2013-04-07 10:16 632064 ----a-w- c:\windows\system32\msvcr80.dll
2013-04-07 10:16 . 2013-04-07 10:16 554240 ----a-w- c:\windows\system32\msvcp80.dll
2013-04-07 10:16 . 2013-04-07 10:16 572928 ----a-w- c:\windows\system32\msvcp90.dll
2013-04-07 10:16 . 2013-04-07 10:16 655872 ----a-w- c:\windows\system32\msvcr90.dll
2013-04-07 10:16 . 2013-04-07 10:16 34048 ----a-w- c:\windows\system32\eEmpty.exe
2013-04-07 09:03 . 2013-04-07 09:03 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-07 09:03 . 2013-04-07 09:03 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-07 09:03 . 2013-04-07 09:03 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-07 09:03 . 2013-04-07 09:03 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-07 09:03 . 2013-04-07 09:03 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-07 09:03 . 2013-04-07 09:03 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-07 09:03 . 2013-04-07 09:03 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-07 09:03 . 2013-04-07 09:03 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-07 09:03 . 2013-04-07 09:03 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-07 09:03 . 2013-04-07 09:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-07 09:03 . 2013-04-07 09:03 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-07 09:03 . 2013-04-07 09:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-07 09:03 . 2013-04-07 09:03 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-07 09:03 . 2013-04-07 09:03 361984 ----a-w- c:\windows\system32\html.iec
2013-04-07 09:03 . 2013-04-07 09:03 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-07 09:03 . 2013-04-07 09:03 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-07 09:03 . 2013-04-07 09:03 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-07 09:02 . 2013-04-07 09:02 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-04-07 09:01 . 2013-04-07 09:01 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-07 09:01 . 2013-04-07 09:01 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-07 09:01 . 2013-04-07 09:01 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-07 09:01 . 2013-04-07 09:01 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-07 09:01 . 2013-04-07 09:01 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-07 09:01 . 2013-04-07 09:01 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-07 09:01 . 2013-04-07 09:01 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-07 09:01 . 2013-04-07 09:01 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-07 09:01 . 2013-04-07 09:01 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-07 09:01 . 2013-04-07 09:01 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-04-07 09:01 . 2013-04-07 09:01 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-07 09:01 . 2013-04-07 09:01 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-04-07 09:01 . 2013-04-07 09:01 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-07 09:01 . 2013-04-07 09:01 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-07 09:01 . 2013-04-07 09:01 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-04-07 09:01 . 2013-04-07 09:01 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-04-07 09:01 . 2013-04-07 09:01 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-07 09:01 . 2013-04-07 09:01 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-07 09:01 . 2013-04-07 09:01 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-07 09:01 . 2013-04-07 09:01 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-04-07 09:01 . 2013-04-07 09:01 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-04-07 09:01 . 2013-04-07 09:01 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-04-07 09:01 . 2013-04-07 09:01 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-04-07 09:01 . 2013-04-07 09:01 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-04-07 09:01 . 2013-04-07 09:01 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-04-07 09:01 . 2013-04-07 09:01 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-07 09:01 . 2013-04-07 09:01 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-04-06 12:47 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-04-04 16:40 . 2013-04-04 16:40 80104 ----a-w- c:\windows\system32\drivers\AntiLog32.sys
2013-04-04 11:50 . 2013-04-04 15:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-19 18:32 . 2013-02-19 18:32 6162704 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-19 18:32 . 2013-02-19 18:32 10919200 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-19 18:32 . 2013-02-19 18:32 2446416 ----a-w- c:\windows\system32\nvapi.dll
2013-02-19 18:32 . 2013-02-19 18:32 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-19 18:32 . 2013-02-19 18:32 2577184 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-19 18:32 . 2013-02-19 18:32 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-19 18:32 . 2009-06-10 21:19 15413704 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-19 18:32 . 2013-02-19 18:32 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-19 18:32 . 2013-02-19 18:32 1010464 ----a-w- c:\windows\system32\nvdispco32.dll
2013-02-19 18:32 . 2013-02-19 18:32 7754560 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-19 18:32 . 2013-02-19 18:32 19915552 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-12 03:32 . 2013-04-04 16:47 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-01 23:33 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2013-04-23 3545880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2013-03-13 16023976]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3012816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-01 4858456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Home\Desktop\mbar\mbar.exe" [2013-03-23 1398856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Z1]
2013-03-23 00:30 1398856 ----a-w- c:\users\Home\Desktop\mbar\mbar.exe
.
R0 aswRvrt;aswRvrt; [x]
R0 aswVmm;aswVmm; [x]
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 ZemanaAntiMalwareScheduler;Zemana AntiMalware Scheduler;c:\program files\Zemana AntiMalware\zemsched.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-04 20:04 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-04 20:34]
.
2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-30 09:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com
mStart Page = about:blank
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-07 17:32:26
ComboFix-quarantined-files.txt 2013-05-07 14:32
ComboFix2.txt 2013-05-06 21:35
ComboFix3.txt 2013-05-06 19:06
ComboFix4.txt 2013-05-06 19:01
ComboFix5.txt 2013-05-06 22:37
.
Pre-Run: 117,745,659,904 bytes free
Post-Run: 117,609,930,752 bytes free
.
- - End Of File - - 8300A76B165A991EE0392C7B682C6A0E



#15 Gmer99

Gmer99
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe
  • Local time:01:59 AM

Posted 07 May 2013 - 10:48 AM

Before i runned the Combofix with Cfscript.... i runned it in normal mode after i download the Combofix on my desktop and after few minutes a pop up was on the screen about rootkit infection and i had to run it in safe mode to remove the malware and clean with CCleaner leftovers .......i will post the previous infected Log here i did it last night !!!

 

 

ComboFix 13-05-06.03 - Home 05/07/2013 0:27.22.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2559.1817 [GMT 3:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1367659279.bdinstall.bin
c:\windows\host32.exe
c:\windows\localsys64.exe
c:\windows\system32\64dlls.exe
c:\windows\system32\intel64.exe
c:\windows\system32\lsjdfh.exe
c:\windows\system32\ntos.exe
c:\windows\system32\oembios.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\sdra73.exe
c:\windows\system32\swin32.exe
c:\windows\system32\twex.exe
c:\windows\system32\twext.exe
c:\windows\system32\win32avs.exe
c:\windows\system32\wsnpoema.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-06 to 2013-05-06 )))))))))))))))))))))))))))))))
.
.
2013-05-06 21:33 . 2013-05-06 21:33 -------- d-----w- c:\users\Home\AppData\Local\temp
2013-05-06 21:33 . 2013-05-06 21:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-06 21:33 . 2013-05-06 21:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-06 20:24 . 2013-05-01 23:34 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-06 20:24 . 2013-05-01 23:34 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-06 20:24 . 2013-05-01 23:34 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-06 20:24 . 2013-05-01 23:34 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-06 20:24 . 2013-05-01 23:34 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-06 20:24 . 2013-05-02 14:52 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-06 20:24 . 2013-05-01 23:34 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-06 20:24 . 2013-05-01 23:34 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-06 20:24 . 2013-05-01 23:33 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-06 20:23 . 2013-05-01 23:33 41664 ----a-w- c:\windows\avastSS.scr
2013-05-06 20:22 . 2013-05-06 20:22 -------- d-----w- c:\program files\AVAST Software
2013-05-06 20:22 . 2013-05-06 20:22 -------- d-----w- c:\programdata\AVAST Software
2013-05-04 20:31 . 2013-05-04 20:36 -------- d-----w- C:\tmp
2013-05-03 17:16 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B09BFB92-8526-4A7D-BF8F-05F6EAC5FF50}\mpengine.dll
2013-05-03 11:51 . 2013-05-03 11:52 -------- d-----w- c:\program files\PrivaZer
2013-05-02 18:32 . 2013-05-02 18:32 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-04-30 09:27 . 2013-04-30 09:28 -------- d-----w- c:\program files\Google
2013-04-30 09:27 . 2013-04-30 09:29 -------- d-----w- c:\users\Home\AppData\Local\Google
2013-04-30 09:04 . 2013-04-30 09:04 -------- d-----w- c:\users\Home\AppData\Roaming\QuickScan
2013-04-28 17:44 . 2013-04-28 17:44 -------- d-----w- c:\users\Home\AppData\Roaming\Panda Security
2013-04-28 17:39 . 2013-04-28 17:39 -------- d-----w- c:\programdata\Panda Security
2013-04-27 21:26 . 2013-04-27 21:26 -------- d-----w- c:\programdata\Sophos
2013-04-27 21:26 . 2013-04-27 21:26 73728 ----a-r- c:\users\Home\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-27 21:26 . 2013-04-27 21:26 73728 ----a-r- c:\users\Home\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-27 21:26 . 2013-04-27 21:26 73728 ----a-r- c:\users\Home\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-04-27 21:26 . 2013-04-27 21:26 -------- d-----w- c:\program files\Sophos
2013-04-27 20:54 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 19:47 . 2013-04-23 19:51 -------- d-s---w- c:\programdata\Shared Space
2013-04-23 19:45 . 2013-04-23 19:45 -------- d-----w- c:\program files\COMODO
2013-04-23 19:45 . 2013-04-23 19:51 -------- d-----w- c:\programdata\Comodo
2013-04-23 19:45 . 2013-04-23 19:45 -------- d-----w- c:\programdata\Comodo Downloader
2013-04-23 15:20 . 2013-04-23 15:20 -------- d-----w- c:\programdata\Kaspersky Lab
2013-04-22 13:27 . 2013-04-22 13:27 -------- d-----w- c:\users\Home\AppData\Local\Microsoft Help
2013-04-22 13:27 . 2013-04-22 13:54 -------- d-----w- c:\programdata\Microsoft Help
2013-04-21 21:40 . 2013-04-21 21:43 -------- d-----w- c:\users\Home\AppData\Local\Browser Guard
2013-04-20 17:12 . 2013-04-27 12:29 -------- d-----w- C:\Michael Bolton - Timeless Volume 2 [mp3][h33t][LoC. Blazer]
2013-04-20 15:37 . 2013-04-20 15:37 -------- d-----w- C:\Michael Bolton - The Essential 2002 [FLAC] [h33t] - Kitlope
2013-04-18 15:02 . 2013-04-25 10:05 84928 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-04-18 09:34 . 2013-04-20 08:21 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-04-16 21:30 . 2013-04-16 21:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-15 15:38 . 2013-04-15 15:38 43728 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-04-15 15:38 . 2013-04-15 15:38 581912 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-04-15 15:38 . 2013-04-15 15:38 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-04-15 15:38 . 2013-04-23 14:04 348048 ----a-w- c:\windows\system32\guard32.dll
2013-04-15 15:38 . 2013-04-15 15:38 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-04-15 15:38 . 2013-04-15 15:38 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-04-15 15:38 . 2013-04-15 15:38 276688 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-04-13 19:17 . 2013-04-13 19:26 -------- d-----w- C:\My Disc
2013-04-10 23:22 . 2013-04-10 23:22 -------- d-----w- c:\users\UpdatusUser
2013-04-10 23:22 . 2013-04-10 23:22 -------- d-----w- c:\programdata\NVIDIA
2013-04-10 23:22 . 2013-01-31 09:01 2859296 ----a-w- c:\windows\system32\nvsvc.dll
2013-04-10 23:22 . 2013-01-31 09:01 3970848 ----a-w- c:\windows\system32\nvcpl.dll
2013-04-10 23:22 . 2013-01-31 09:00 634656 ----a-w- c:\windows\system32\nvvsvc.exe
2013-04-10 23:22 . 2013-01-31 09:00 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-04-10 23:22 . 2013-01-31 09:00 2557728 ----a-w- c:\windows\system32\nvsvcr.dll
2013-04-10 23:22 . 2013-01-31 09:00 108832 ----a-w- c:\windows\system32\nvmctray.dll
2013-04-10 23:21 . 2013-02-19 18:33 53024 ----a-w- c:\windows\system32\OpenCL.dll
2013-04-10 23:21 . 2013-04-10 23:21 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-04-10 23:21 . 2013-04-10 23:22 -------- d-----w- c:\program files\NVIDIA Corporation
2013-04-10 16:22 . 2013-04-10 16:22 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2013-04-09 20:40 . 2013-02-19 12:01 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-09 20:40 . 2013-02-21 10:30 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-04-09 20:40 . 2013-02-21 10:29 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-04-09 20:40 . 2013-02-21 10:29 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-04-09 20:40 . 2013-02-21 10:29 257536 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-04-09 20:40 . 2013-02-21 10:29 235520 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-04-09 20:38 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-09 20:38 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-09 20:38 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-09 09:26 . 2013-04-09 09:33 -------- d-----w- c:\users\Home\AppData\Roaming\Comodo
2013-04-08 20:19 . 2013-04-08 20:23 -------- d-----w- c:\programdata\HitmanPro
2013-04-07 20:35 . 2013-04-07 20:36 -------- d-----w- c:\users\AsafAvidan
2013-04-07 19:25 . 2013-04-07 19:25 -------- d-----w- c:\users\Home\AppData\Local\Diagnostics
2013-04-07 10:26 . 2013-04-07 10:26 -------- d---a-w- c:\windows\system32\runouce.exe
2013-04-07 10:16 . 2013-04-07 10:16 632064 ----a-w- c:\windows\system32\msvcr80.dll
2013-04-07 10:16 . 2013-04-07 10:16 554240 ----a-w- c:\windows\system32\msvcp80.dll
2013-04-07 10:16 . 2013-04-07 10:16 572928 ----a-w- c:\windows\system32\msvcp90.dll
2013-04-07 10:16 . 2013-04-07 10:16 655872 ----a-w- c:\windows\system32\msvcr90.dll
2013-04-07 10:16 . 2013-04-07 10:16 34048 ----a-w- c:\windows\system32\eEmpty.exe
2013-04-07 10:16 . 2013-04-07 10:16 -------- d-----w- c:\program files\Common Files\MicroWorld
2013-04-07 10:15 . 2013-04-07 10:16 -------- d-----w- c:\programdata\MicroWorld
2013-04-07 09:02 . 2013-04-07 09:02 49152 ----a-w- c:\windows\system32\taskhost.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-06 20:34 . 2013-04-04 15:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-06 20:34 . 2013-04-04 15:15 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-01 23:06 . 2013-04-04 15:12 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-22 16:12 . 2013-04-22 16:10 7742985 ----a-w- c:\windows\REGBK00.ZIP
2013-04-06 12:47 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-04-04 16:40 . 2013-04-04 16:40 80104 ----a-w- c:\windows\system32\drivers\AntiLog32.sys
2013-04-04 11:50 . 2013-04-04 15:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-19 18:32 . 2013-02-19 18:32 6162704 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-19 18:32 . 2013-02-19 18:32 10919200 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-19 18:32 . 2013-02-19 18:32 2446416 ----a-w- c:\windows\system32\nvapi.dll
2013-02-19 18:32 . 2013-02-19 18:32 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-19 18:32 . 2013-02-19 18:32 2577184 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-19 18:32 . 2013-02-19 18:32 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-19 18:32 . 2009-06-10 21:19 15413704 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-19 18:32 . 2013-02-19 18:32 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-19 18:32 . 2013-02-19 18:32 1010464 ----a-w- c:\windows\system32\nvdispco32.dll
2013-02-19 18:32 . 2013-02-19 18:32 7754560 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-19 18:32 . 2013-02-19 18:32 19915552 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-12 03:32 . 2013-04-04 16:47 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-01 23:33 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2013-04-23 3545880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2013-03-13 16023976]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3012816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-01 4858456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Z1]
2013-03-23 00:30 1398856 ----a-w- c:\users\Home\Desktop\mbar\mbar.exe
.
R0 aswRvrt;aswRvrt; [x]
R0 aswVmm;aswVmm; [x]
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 ZemanaAntiMalwareScheduler;Zemana AntiMalware Scheduler;c:\program files\Zemana AntiMalware\zemsched.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-04 20:04 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-04 20:34]
.
2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-30 09:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com
mStart Page = about:blank
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-07 00:35:33
ComboFix-quarantined-files.txt 2013-05-06 21:35
ComboFix2.txt 2013-05-06 19:06
ComboFix3.txt 2013-05-06 19:01
ComboFix4.txt 2013-04-30 19:05
ComboFix5.txt 2013-05-06 20:07
.
Pre-Run: 118,098,771,968 bytes free
Post-Run: 117,977,153,536 bytes free
.
- - End Of File - - 4D6977D83ECE011A1CDD391C8F5212D0

 

So i decided to uninstall Eset Nod 32 IS  and install Avast 8.0. 1488 free version along with Comodo Firewall .






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users