Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspected Infection: Trojan Agent/Gen-Nullo and Others [Solved]

Started by majorlag , Oct 21 2012 05:14 PM

  • This topic is locked This topic is locked

#1
majorlag
Posted 21 October 2012 - 05:14 PM

majorlag

    Member

  • Member
  • PipPip
  • 70 posts
First of all, thank you for your help with my problem.

Symptoms began about one week ago when I returned home to find my computer locked up while trying to shut down (on its own), with an unclearable error message about a DCOM error of some sort (I forget the exact syntax). A review of the system Event Log after reboot shows hundreds of DCOM errors from UpdatusUser (nvidia driver updater?) just before the incident. Concerned, I ran a number of malware scans (Superantispyware, Malwarebytes, Trend Micro Housecall, and ESET). After several passes, SAS caught Trojan Agent/Gen-Nullo hiding in some system restore files. Alarmed, I disabled System Restore and proceeded to check packet traffic with SmartSniff 1.72. Noting a great deal of UDP outbound traffic to external IPs (more than one to the Netherlands), I made some adjustments to my firewall settings to squelch UDP traffic outside my home network. Several scans (SAS, MBAM, ESET, Trend Micro) afterwards are still coming up clean, but in general computer performance seems to be slower than normal and a couple of days ago I had an unexpected computer self-restart (no power outage or similar).

In short, I'm very suspicious of my computer's behavior, and some sort of trojan was onboard. Can you help me to determine if it's clean? Thank you so much for your time!!

OTL Log follows:

OTL logfile created on: 10/21/2012 6:42:25 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = F:\ACH\My Documents\My Download Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.67% Memory free
3.85 Gb Paging File | 2.51 Gb Available in Paging File | 65.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.97 Gb Total Space | 92.58 Gb Free Space | 31.60% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 294.60 Gb Free Space | 98.83% Space Free | Partition Type: NTFS
Drive E: | 298.08 Gb Total Space | 292.24 Gb Free Space | 98.04% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 275.64 Gb Free Space | 39.45% Space Free | Partition Type: NTFS
Drive I: | 172.78 Gb Total Space | 172.46 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Drive K: | 1.86 Gb Total Space | 1.36 Gb Free Space | 72.93% Space Free | Partition Type: FAT
Drive L: | 1.86 Gb Total Space | 1.83 Gb Free Space | 98.33% Space Free | Partition Type: FAT

Computer Name: HUTSELL1 | User Name: ahutsell2001 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/21 18:10:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\ACH\My Documents\My Download Files\OTL(1).exe
PRC - [2012/10/17 19:55:45 | 004,762,496 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/10/10 21:05:57 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 23:04:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/06 14:24:28 | 001,099,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\Launchpad.exe
PRC - [2012/06/17 03:51:58 | 000,466,704 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/06/17 03:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/03/22 15:45:10 | 011,057,008 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Picasa3\Picasa3.exe
PRC - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 17:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012/01/12 12:26:20 | 000,040,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
PRC - [2011/12/16 21:39:38 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2011/05/25 02:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/12 21:14:31 | 000,057,344 | ---- | M] (NirSoft) -- C:\Program Files\smsniff\smsniff.exe
PRC - [2011/03/02 15:46:44 | 000,027,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
PRC - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
PRC - [2011/03/02 13:54:44 | 000,162,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
PRC - [2009/12/24 10:31:28 | 000,928,496 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) -- C:\WINDOWS\system32\cypherixsrv.exe
PRC - [2009/02/03 10:32:28 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\system32\procexp.exe
PRC - [2009/01/08 14:54:39 | 010,965,504 | ---- | M] (QUALCOMM Incorporated) -- C:\Program Files\Eudora\eudora.exe
PRC - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/01 13:32:12 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/21 03:01:14 | 001,819,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12102100\algo.dll
MOD - [2012/10/18 16:31:38 | 001,819,136 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12101802\algo.dll
MOD - [2012/10/17 20:00:35 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/10/14 20:45:51 | 009,814,968 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/10/10 21:05:59 | 002,294,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/17 13:23:23 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\9d59cf7eb15733ca09736eaaa2acaef6\WindowsFormsIntegration.ni.dll
MOD - [2012/06/17 13:22:32 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/14 23:23:06 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/06/14 23:18:20 | 017,998,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5d585d5428ce69abc28238ffa9f4d3a2\PresentationFramework.ni.dll
MOD - [2012/06/14 23:18:06 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\fe068ba4be8f6cb7d6a58bccff05c75e\PresentationCore.ni.dll
MOD - [2012/06/14 23:17:56 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\62f103f9e662d263ec2ecacc49d4525b\WindowsBase.ni.dll
MOD - [2012/06/14 23:17:50 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/05/09 21:21:09 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\1409dc3832b37f850569c69a795f834b\System.Management.ni.dll
MOD - [2012/05/09 21:20:58 | 001,072,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a90d8ca6c54f70507704d788fd0d3ded\System.IdentityModel.ni.dll
MOD - [2012/05/09 21:20:56 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5be1370b1331393f73af710d0d71b02d\System.ServiceModel.ni.dll
MOD - [2012/05/09 21:18:37 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/05/09 21:18:37 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/09 21:18:35 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/05/09 21:18:34 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a40c42510e312339018486b1d7076e0a\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/05/09 21:18:33 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9115e9f656b00fc4e46da91537ef1358\SMDiagnostics.ni.dll
MOD - [2012/05/09 21:18:32 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll
MOD - [2012/05/09 21:18:29 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll
MOD - [2012/05/09 21:17:30 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\9b6f1bcb2cf4e6ad429cd721b942f30f\System.Xaml.ni.dll
MOD - [2012/05/09 19:10:36 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\45d2307fb0898a18dec5a04ff9f8b85c\PresentationFramework.Classic.ni.dll
MOD - [2012/05/09 19:00:05 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/05/09 19:00:05 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll
MOD - [2012/05/09 19:00:03 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/05/09 18:59:55 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/05/09 18:59:43 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/05/09 18:59:34 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/03/22 15:45:26 | 026,011,504 | ---- | M] () -- C:\Program Files\Google\Picasa3\Picasa3i18n.dll
MOD - [2012/03/22 15:08:28 | 000,425,984 | ---- | M] () -- C:\Program Files\Google\Picasa3\plugins\ytITivo.yti
MOD - [2012/03/22 15:01:34 | 000,401,408 | ---- | M] () -- C:\Program Files\Google\Picasa3\plugins\CDVDR\CDVDR.yti
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/12/16 21:39:39 | 000,048,640 | ---- | M] () -- C:\WINDOWS\mmfs.dll
MOD - [2011/12/16 21:39:38 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
MOD - [2011/05/05 00:02:44 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/06/06 10:20:02 | 000,065,344 | ---- | M] () -- C:\WINDOWS\system32\PDFreDirectMonNT.dll
MOD - [2009/11/19 11:20:44 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/11/19 11:20:42 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/11/19 11:20:42 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/01/08 14:54:40 | 000,155,648 | ---- | M] () -- C:\Program Files\Eudora\nsldap32v60.dll
MOD - [2009/01/08 14:54:40 | 000,014,848 | ---- | M] () -- C:\Program Files\Eudora\nsldappr32v60.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/11/12 13:00:50 | 000,236,032 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2005/05/03 19:38:42 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\P17.dll


========== Services (SafeList) ==========

SRV - [2012/10/12 13:07:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/07 23:04:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/17 03:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/01/12 12:26:20 | 000,040,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe -- (ServiceProviderRegistry)
SRV - [2011/12/16 21:39:38 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2011/05/25 02:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/02 15:46:44 | 000,027,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe -- (LANConfig)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (WSS_ComputerBackupProviderSvc)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (SqmProviderSvc)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (providers_system)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (NotificationsProviderSvc)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (initMonitor)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (HealthAlertsSvc)
SRV - [2011/03/02 13:54:44 | 000,162,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe -- (WSConnectorUpdate)
SRV - [2009/12/24 10:31:28 | 000,928,496 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cypherixsrv.exe -- (cypherixservice)
SRV - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\AHUTSE~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/10/21 18:43:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/10/14 22:08:07 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/06/17 03:51:54 | 000,137,488 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/03/11 17:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 17:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 17:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/02 13:33:12 | 000,053,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BackupReader.sys -- (BackupReader)
DRV - [2010/02/09 09:52:54 | 000,097,784 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cyphxdrv.sys -- (cyphxdrv)
DRV - [2009/10/20 23:22:32 | 001,425,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/28 04:55:00 | 000,143,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/15 10:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/01/10 18:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 18:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://myvaughnmelton.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.8
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Eudora 8.0.0b5\extensions\\Components: C:\Program Files\Eudora\components [2012/02/23 21:17:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Eudora 8.0.0b5\extensions\\Plugins: C:\Program Files\Eudora\plugins [2012/01/02 21:53:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/06 21:35:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/16 22:35:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/12 13:07:23 | 000,000,000 | ---D | M]

[2011/08/01 21:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ahutsell2001\Application Data\Mozilla\Extensions
[2011/08/01 21:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ahutsell2001\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/10/18 23:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ahutsell2001\Application Data\Mozilla\Firefox\Profiles\pz8ot46n.default\extensions
[2012/10/18 23:19:58 | 000,529,693 | ---- | M] () (No name found) -- C:\Documents and Settings\ahutsell2001\Application Data\Mozilla\Firefox\Profiles\pz8ot46n.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/10/16 22:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/12 13:07:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/12 13:07:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/10 21:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/05 13:16:20 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/10/10 21:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/10 21:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/21 16:16:22 | 000,000,080 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.176 OVERLORD #Windows Server Added Entry#
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Launchpad] C:\Program Files\Windows Server\Bin\Launchpad.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Corel TW Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Documents and Settings\ahutsell2001\Start Menu\Programs\Startup\Shortcut to procexp.lnk = C:\WINDOWS\system32\procexp.exe (Sysinternals - www.sysinternals.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Twonky Tray Control.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://myvaughnmelton.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1344404936000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09023F61-51CB-4D61-828F-B6CF496B9DB1}: DhcpNameServer = 192.168.0.2
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/01 01:29:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/09 09:39:20 | 000,000,016 | -H-- | M] () - K:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/21 18:43:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/21 16:40:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ahutsell2001\Recent
[2012/10/15 01:32:55 | 000,316,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\Tcpview.exe
[2012/10/15 01:32:55 | 000,199,544 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\Tcpvcon.exe
[2012/10/14 22:08:07 | 000,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2012/10/12 13:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/30 23:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2012/09/30 18:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ahutsell2001\Application Data\Amazon
[2012/09/30 18:32:13 | 000,000,000 | ---D | C] -- F:\ACH\My Documents\Amazon MP3
[2012/09/30 18:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
[2012/09/30 18:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/21 18:43:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/21 18:21:45 | 000,000,842 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2012/10/21 18:21:31 | 000,000,774 | ---- | M] () -- C:\WINDOWS\tasks\Alert Evaluations.job
[2012/10/21 18:21:03 | 000,000,788 | ---- | M] () -- C:\WINDOWS\tasks\InstallAddIns.job
[2012/10/21 18:21:01 | 000,000,794 | ---- | M] () -- C:\WINDOWS\tasks\RenewClientCertificate.job
[2012/10/21 18:02:04 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/10/21 16:44:01 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/21 16:21:56 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/21 16:21:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/21 16:16:22 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/21 16:14:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/21 15:41:30 | 000,000,858 | ---- | M] () -- C:\WINDOWS\tasks\UploadCEIPData.job
[2012/10/21 15:22:00 | 000,000,862 | ---- | M] () -- C:\WINDOWS\tasks\Health Definition Updates.job
[2012/10/21 02:00:00 | 000,000,524 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 762ceecc-56fb-4a5b-86fc-5278d51db2d7.job
[2012/10/21 02:00:00 | 000,000,524 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 3ff65753-3767-48ed-a63d-2c1855324e99.job
[2012/10/21 00:00:30 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\SaveCEIPData.job
[2012/10/19 16:36:32 | 000,001,393 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2012/10/19 16:36:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/19 01:38:54 | 000,444,629 | ---- | M] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\census.cache
[2012/10/19 01:38:51 | 000,220,087 | ---- | M] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\ars.cache
[2012/10/19 00:22:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/18 22:57:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/16 22:35:18 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\ahutsell2001\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/16 22:35:18 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/14 22:08:16 | 000,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2012/10/14 22:08:07 | 000,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2012/10/14 22:08:07 | 000,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2012/10/14 22:08:07 | 000,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2012/10/14 16:56:29 | 001,010,986 | ---- | M] () -- F:\ACH\My Documents\22 Conversion.pdf
[2012/10/12 23:53:21 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\housecall.guid.cache
[2012/10/10 20:27:55 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/09 23:44:14 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/30 23:56:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\ahutsell2001\Desktop\Audacity.lnk
[2012/09/30 18:31:50 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/09/30 16:39:37 | 000,005,165 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/24 19:26:39 | 000,000,996 | ---- | M] () -- C:\Documents and Settings\ahutsell2001\Application Data\Microsoft\Internet Explorer\Quick Launch\Combat Mission Beyond Overlord.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/16 22:35:18 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/15 01:32:55 | 000,041,074 | ---- | C] () -- C:\WINDOWS\System32\tcpview.chm
[2012/10/14 22:08:16 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2012/10/14 22:08:07 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2012/10/14 22:08:07 | 000,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2012/10/14 22:08:07 | 000,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2012/10/14 13:17:39 | 001,010,986 | ---- | C] () -- F:\ACH\My Documents\22 Conversion.pdf
[2012/10/13 18:48:34 | 000,444,629 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\census.cache
[2012/10/13 18:48:23 | 000,220,087 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\ars.cache
[2012/10/12 23:53:21 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\housecall.guid.cache
[2012/10/10 20:27:44 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/09/30 23:56:34 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
[2012/09/30 23:56:34 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Desktop\Audacity.lnk
[2012/09/30 18:31:50 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/09/24 19:26:39 | 000,000,996 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Application Data\Microsoft\Internet Explorer\Quick Launch\Combat Mission Beyond Overlord.lnk
[2012/05/04 21:44:28 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2012/02/16 03:07:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 21:23:21 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv6
[2011/12/16 21:39:44 | 000,001,393 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2011/12/16 21:39:39 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2011/12/16 21:39:38 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe
[2011/11/27 22:22:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/27 22:22:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/27 22:22:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/27 22:22:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/27 22:22:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/16 17:23:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/07 03:15:29 | 001,053,614 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-492894223-725345543-1003-0.dat
[2011/10/07 03:15:29 | 000,308,070 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/19 19:46:22 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\ahutsell2001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/19 19:29:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/23 22:09:45 | 000,115,326 | ---- | C] () -- C:\WINDOWS\hpgins21.dat.temp
[2011/08/23 22:09:45 | 000,000,282 | ---- | C] () -- C:\WINDOWS\hpgmdl21.dat.temp
[2011/08/23 21:59:06 | 000,001,758 | ---- | C] () -- C:\WINDOWS\hpwmdl24.dat.temp
[2011/08/23 21:50:14 | 000,115,318 | ---- | C] () -- C:\WINDOWS\hpgins21.dat
[2011/08/23 21:50:14 | 000,000,282 | ---- | C] () -- C:\WINDOWS\hpgmdl21.dat
[2011/08/16 22:56:33 | 000,186,134 | ---- | C] () -- C:\WINDOWS\hpwins24.dat
[2011/08/16 22:56:33 | 000,001,758 | ---- | C] () -- C:\WINDOWS\hpwmdl24.dat
[2011/08/14 11:58:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/08/07 15:49:48 | 000,023,268 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/05 13:35:54 | 000,005,165 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/08/05 13:32:56 | 000,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/08/05 13:32:56 | 000,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/08/05 13:32:56 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/08/05 13:32:56 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/08/05 13:32:56 | 000,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/08/05 13:32:56 | 000,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/08/05 13:21:54 | 001,271,296 | ---- | C] () -- C:\WINDOWS\System32\IESEngineering04.dll
[2011/08/05 13:21:54 | 001,218,560 | ---- | C] () -- C:\WINDOWS\System32\IESData04.dll
[2011/08/05 13:21:53 | 003,422,720 | ---- | C] () -- C:\WINDOWS\System32\coin2.dll
[2011/08/05 13:21:53 | 000,716,800 | ---- | C] () -- C:\WINDOWS\System32\IESCore04.dll
[2011/08/05 13:21:53 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\libF90MD.dll
[2011/08/05 13:21:53 | 000,328,192 | ---- | C] () -- C:\WINDOWS\System32\sowin1.dll
[2011/08/05 13:21:53 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\libIEPCF90MD.dll
[2011/08/05 13:21:53 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\simage1.dll
[2011/08/05 13:21:53 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\vc6-re200l.dll
[2011/08/05 13:21:53 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\Pgmr120.dll
[2011/08/05 13:21:53 | 000,061,515 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2011/08/05 13:12:25 | 000,137,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/08/05 13:12:20 | 000,268,952 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/08/05 13:12:11 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/08/03 23:54:57 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
[2011/08/03 23:54:57 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/08/02 01:07:37 | 000,001,598 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2011/08/01 21:23:09 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/01 21:23:09 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/08/01 21:23:09 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/01 21:22:52 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/08/01 21:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/08/01 01:39:51 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/08/01 01:34:52 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/08/01 01:34:48 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011/08/01 01:34:47 | 000,049,152 | R--- | C] () -- C:\WINDOWS\DAOD.exe
[2011/08/01 01:34:45 | 000,033,245 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/08/01 01:34:44 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/08/01 01:31:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/08/01 01:27:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/31 20:52:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/31 20:51:21 | 000,319,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2011/08/03 19:56:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7833B2E

< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 24 October 2012 - 05:02 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
majorlag
Posted 24 October 2012 - 06:44 PM

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Thank you! Here are my logs:

Security Check:

Results of screen317's Security Check version 0.99.53
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Gmer
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java™ 6 Update 37
Java version out of Date!
Adobe Flash Player 11.4.402.287
Mozilla Firefox (16.0.1)
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````


AdwCleaner:

# AdwCleaner v2.005 - Logfile created 10/24/2012 at 20:30:51
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : ahutsell2001 - HUTSELL1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\ahutsell2001\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\ahutsell2001\Application Data\Mozilla\Firefox\Profiles\pz8ot46n.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [966 octets] - [24/10/2012 20:30:51]

########## EOF - C:\AdwCleaner[S1].txt - [1025 octets] ##########

RogueKiller:

RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : ahutsell2001 [Admin rights]
Mode : Remove -- Date : 10/24/2012 20:42:32

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] Runservice.exe -- C:\WINDOWS\runservice.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
_INLINE_ : NtRequestPort -> HOOKED (Unknown @ 0xB8752CA0)
_INLINE_ : NtRequestWaitReplyPort -> HOOKED (Unknown @ 0xB8752D40)
_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0xB8752C00)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
192.168.0.176 OVERLORD #Windows Server Added Entry#


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAJS-00L7A0 +++++
--- User ---
[MBR] f8f967afb9fdb2738a4334793fb89531
[BSP] a7287da562a2f2f6da52eaa3246adb07 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3320620AS +++++
--- User ---
[MBR] d96ae13b78fd155a56c49f84f1368111
[BSP] c46debd3749a6b9b284dde75f8523484 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3500413AS +++++
--- User ---
[MBR] e527df61bbf9a7fa83dbc3e21b609c81
[BSP] b3c52ba9494449e462f6057fdf3c287d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 300002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 614405925 | Size: 176926 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD7500AADS-00L5B1 +++++
--- User ---
[MBR] 30891de48921e39ebd7d3af5d23236d8
[BSP] 3e6f493e2d41f64be6ed05bb3784d888 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715402 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#4
gringo_pr
Posted 24 October 2012 - 07:29 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
gringo_pr
Posted 24 October 2012 - 07:31 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
double post
  • 0

#6
majorlag
Posted 24 October 2012 - 08:51 PM

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
OK, here is the Combofix log.

Computer performance may be somewhat improved, but I can't tell a lot of difference. With netbios over TCP disabled, I'm of course not seeing any of the weird UDP connections to the outside world.

ComboFix 12-10-24.02 - ahutsell2001 10/24/2012 22:11:23.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1010 [GMT -4:00]
Running from: c:\documents and settings\ahutsell2001\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\Internet Explorer\SET390.tmp
c:\program files\Internet Explorer\SET391.tmp
c:\program files\Internet Explorer\SET3BF.tmp
c:\program files\Internet Explorer\SET3C0.tmp
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\SET106.tmp
c:\windows\system32\SET109.tmp
c:\windows\system32\SET37F.tmp
c:\windows\system32\SET380.tmp
c:\windows\system32\SET381.tmp
c:\windows\system32\SET385.tmp
c:\windows\system32\SET386.tmp
c:\windows\system32\SET387.tmp
c:\windows\system32\SET38B.tmp
c:\windows\system32\SET38C.tmp
c:\windows\system32\SET38D.tmp
c:\windows\system32\SET3C4.tmp
c:\windows\system32\SET3C5.tmp
c:\windows\system32\SET3C6.tmp
c:\windows\system32\SET3CA.tmp
c:\windows\system32\SET3CB.tmp
c:\windows\system32\SET3CC.tmp
c:\windows\system32\SET3D0.tmp
c:\windows\system32\SET3D1.tmp
c:\windows\system32\SET3D2.tmp
c:\windows\system32\SET9D.tmp
c:\windows\system32\SET9E.tmp
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETA16C.tmp
c:\windows\system32\SETA172.tmp
c:\windows\system32\SETA177.tmp
c:\windows\system32\SETA17A.tmp
c:\windows\system32\SETA181.tmp
c:\windows\system32\SETA184.tmp
c:\windows\system32\SETA1A0.tmp
c:\windows\system32\SETA1A9.tmp
c:\windows\system32\SETA3.tmp
c:\windows\system32\SETA4.tmp
c:\windows\system32\SETA5.tmp
c:\windows\system32\SETA9.tmp
c:\windows\system32\SETAB.tmp
c:\windows\system32\SETE2.tmp
c:\windows\system32\SETE4.tmp
c:\windows\system32\SETE8.tmp
c:\windows\system32\SETE9.tmp
c:\windows\system32\SETEA.tmp
c:\windows\system32\SETEE.tmp
c:\windows\system32\SETEF.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Service_NVSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
.
.
2012-10-22 23:39 . 2012-10-22 23:39 -------- d-----w- c:\program files\Common Files\Java
2012-10-15 05:32 . 2010-08-02 14:55 316280 ----a-w- c:\windows\system32\Tcpview.exe
2012-10-15 05:32 . 2010-07-28 19:47 199544 ----a-w- c:\windows\system32\Tcpvcon.exe
2012-10-01 03:56 . 2012-10-01 03:56 -------- d-----w- c:\program files\Audacity
2012-09-30 22:32 . 2012-09-30 22:32 -------- d-----w- c:\documents and settings\ahutsell2001\Application Data\Amazon
2012-09-30 22:31 . 2012-09-30 22:31 -------- d-----w- c:\program files\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-21 20:21 . 2012-09-07 01:36 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-21 20:21 . 2011-08-03 23:14 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 23:54 . 2011-09-26 05:24 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 19:32 . 2012-08-08 05:53 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 19:32 . 2012-02-25 05:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 17:51 . 2012-08-08 05:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-14 07:17 . 2011-08-05 17:12 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-14 07:17 . 2011-08-05 17:12 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-14 07:17 . 2011-08-05 17:12 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-14 05:31 . 2011-08-05 17:12 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-28 15:14 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2006-02-28 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 09:13 . 2011-08-03 04:06 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-08-01 05:41 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-08-01 05:41 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-08-01 05:41 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-08-01 05:41 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2011-08-01 05:41 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2011-08-01 05:41 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:13 . 2011-08-01 05:41 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-08-03 04:06 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-08-01 05:40 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-11 01:06 . 2012-10-12 17:07 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 466704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-17 4762496]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-11-20 2363392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-11-18 33697792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Launchpad"="c:\program files\Windows Server\Bin\Launchpad.exe" [2012-07-06 1099384]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\documents and settings\ahutsell2001\Start Menu\Programs\Startup\
Shortcut to procexp.lnk - c:\windows\system32\procexp.exe [2011-8-5 3550592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Twonky Tray Control.lnk - c:\program files\TwonkyMedia\twonkymediaserverconfig.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2008-11-07 17:50 54576 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupPersonalReminder]
2004-07-15 17:02 266240 ----a-w- c:\program files\Personal Reminder\PersonalReminder.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{53A8C41D-37A5-4B57-8F80-0D83F4F34271}\\setup\\hpznui01.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/3/2011 12:06 AM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/1/2011 1:41 AM 355632]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 31704]
R1 cyphxdrv;cyphxdrv;c:\windows\system32\drivers\cyphxdrv.sys [8/5/2011 1:19 PM 97784]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 7:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/1/2011 1:41 AM 21256]
R2 cypherixservice;Cypherix service;c:\windows\system32\cypherixsrv.exe [8/5/2011 1:19 PM 928496]
R2 HealthAlertsSvc;Windows Server Health Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [3/2/2011 3:46 PM 30592]
R2 LANConfig;Windows Server LAN Configuration;c:\program files\Windows Server\Bin\LANConfigSvc.exe [3/2/2011 3:46 PM 27520]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [12/16/2011 9:39 PM 2560]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/9/2012 9:08 PM 399432]
R2 NotificationsProviderSvc;Windows Server Notifications Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [3/2/2011 3:46 PM 30592]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/1/2011 9:23 PM 2214504]
R2 providers_system;Windows Server Download Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [3/2/2011 3:46 PM 30592]
R2 ServiceProviderRegistry;Windows Server Service Provider Registry;c:\program files\Windows Server\Bin\ProviderRegistryService.exe [1/12/2012 12:26 PM 40832]
R2 WSConnectorUpdate;Windows Server Connector Update;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe [3/2/2011 1:54 PM 162176]
R2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [3/2/2011 3:46 PM 30592]
R3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [3/2/2011 1:33 PM 53504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/26/2011 1:24 AM 22856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/1/2011 1:39 AM 1425280]
S2 initMonitor;Windows Server Initialization Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [3/2/2011 3:46 PM 30592]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/26/2011 1:24 AM 676936]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/21/2012 8:50 PM 115168]
S4 SqmProviderSvc;Windows Server SQM Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [3/2/2011 3:46 PM 30592]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 19:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-25 c:\windows\Tasks\Alert Evaluations.job
- c:\program files\Windows Server\Bin\runtask.exe [2012-01-12 16:26]
.
2012-10-25 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-14 09:12]
.
2012-10-24 c:\windows\Tasks\Backup.job
- c:\program files\Windows Server\Bin\runtask.exe [2012-01-12 16:26]
.
2012-10-25 c:\windows\Tasks\Health Definition Updates.job
- c:\program files\Windows Server\Bin\runtask.exe [2012-01-12 16:26]
.
2012-10-25 c:\windows\Tasks\InstallAddIns.job
- c:\program files\Windows Server\Bin\runtask.exe [2012-01-12 16:26]
.
2012-10-25 c:\windows\Tasks\RenewClientCertificate.job
- c:\program files\Windows Server\Bin\runtask.exe [2012-01-12 16:26]
.
2012-10-24 c:\windows\Tasks\SaveCEIPData.job
- c:\program files\Windows Server\Bin\runtask.exe [2012-01-12 16:26]
.
2012-10-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3ff65753-3767-48ed-a63d-2c1855324e99.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-10-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 762ceecc-56fb-4a5b-86fc-5278d51db2d7.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-10-24 c:\windows\Tasks\UploadCEIPData.job
- c:\program files\Windows Server\Bin\runtask.exe [2012-01-12 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://myvaughnmelton.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.2
FF - ProfilePath - c:\documents and settings\ahutsell2001\Application Data\Mozilla\Firefox\Profiles\pz8ot46n.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - ExtSQL: 2012-09-06 21:38; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-22 19:39; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-24 22:24
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\5090D0C6F0C41D66F1FC186653400623]
"1"=hex:bf,6a,73,4a,48,57,d9,26,5d,d7,11,8b,51,ce,1c,37,d5,35,55,01,4a,fa,87,
5b,05,b9,40,36,74,e8,ba,9b,68,bf,3f,9f,70,2a,e2,47
"2"=hex:b9,79,92,49,84,61,ca,64
"3"=hex:ed,25,d3,d0,21,00,27,b3,ee,5c,b5,b1,e1,61,fa,91,1d,1b,fe,f9,0d,11,09,
59,9a,77,68,25,e5,34,1e,a0,1b,d1,e7,20,dd,37,e4,3b,85,92,59,33,d9,f4,0b,31,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,6a,73,4a,48,57,d9,26,5d,d7,11,8b,51,ce,1c,37,d5,35,55,01,4a,fa,87,
5b,cb,fb,81,cd,c4,7c,14,7a,ec,b1,2c,0b,31,b7,01,87,bb,2f,ac,3d,2b,97,1a,1b,\
"7"=hex:6a,0b,56,13,c1,93,dc,9c,a0,00,aa,b4,e4,7b,e0,c8,74,2a,16,32,d3,b5,82,
f9,9f,42,18,f6,e4,ae,ab,8d,63,db,05,00,73,01,e2,83,29,05,70,f6,f1,7e,78,c9,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
64,ae,a5,e1,39,c0,fe,a7,12,fb,d4,fe,25,dc,00,56,48,96,3b,a2,3d,de,dc,19,d4,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:2a,34,42,58,5f,32,8f,0f,1f,55,b5,57,8d,60,3d,d7,f8,ed,7f,84,79,33,ec,
6c,d3,86,02,8d,c4,17,08,f0,7e,68,ec,b4,42,91,99,cb,f3,5f,6a,3c,ee,11,ab,d2,\
"13"=hex:2c,7d,07,5d,bc,25,f4,02,ed,43,66,10,e3,2a,55,f2,12,56,ce,20,b0,0b,fe,
ff,cc,a8,f9,c7,64,07,58,23,c4,5c,ea,82,28,c6,52,26
"14"=hex:1f,8a,67,97,71,05,61,4c,7f,43,3b,71,e0,a5,64,da
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:14,5b,b0,0d,f9,1b,74,1b,6f,0b,b2,ca,7d,96,11,f3
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:eb,25,51,66,6a,72,1d,2d,fc,53,09,22,0a,c4,b1,9a,3b,de,19,ca,6e,8b,7e,
40,33,1d,55,74,ee,e5,b9,cb,f4,80,0b,49,94,62,e6,a7,1b,b4,7e,eb,1d,48,d1,2f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(1584)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(632)
c:\windows\system32\cmdcsr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\Rundll32.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-10-24 22:29:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-25 02:29
ComboFix2.txt 2011-11-28 03:25
.
Pre-Run: 88,757,870,592 bytes free
Post-Run: 99,674,980,352 bytes free
.
- - End Of File - - B82376B29DBACCBFB025980A7A8CC23A
  • 0

#7
gringo_pr
Posted 24 October 2012 - 09:11 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#8
majorlag
Posted 24 October 2012 - 09:30 PM

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
TDSSKiller Log:

23:21:49.0171 3560 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
23:21:51.0171 3560 ============================================================
23:21:51.0171 3560 Current date / time: 2012/10/24 23:21:51.0171
23:21:51.0171 3560 SystemInfo:
23:21:51.0171 3560
23:21:51.0171 3560 OS Version: 5.1.2600 ServicePack: 3.0
23:21:51.0171 3560 Product type: Workstation
23:21:51.0171 3560 ComputerName: HUTSELL1
23:21:51.0171 3560 UserName: ahutsell2001
23:21:51.0171 3560 Windows directory: C:\WINDOWS
23:21:51.0171 3560 System windows directory: C:\WINDOWS
23:21:51.0171 3560 Processor architecture: Intel x86
23:21:51.0171 3560 Number of processors: 4
23:21:51.0171 3560 Page size: 0x1000
23:21:51.0171 3560 Boot type: Normal boot
23:21:51.0171 3560 ============================================================
23:21:52.0281 3560 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
23:21:52.0296 3560 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:21:52.0312 3560 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:21:52.0796 3560 Drive \Device\Harddisk3\DR3 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x162DD1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
23:21:52.0796 3560 Drive \Device\Harddisk4\DR9 - Size: 0x773FFE00 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:21:52.0812 3560 Drive \Device\Harddisk6\DR12 - Size: 0x772EFE00 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:21:52.0812 3560 Drive \Device\Harddisk7\DR13 - Size: 0x773FFE00 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:21:52.0812 3560 ============================================================
23:21:52.0812 3560 \Device\Harddisk0\DR0:
23:21:52.0812 3560 MBR partitions:
23:21:52.0812 3560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542DEA1
23:21:52.0812 3560 \Device\Harddisk1\DR1:
23:21:52.0812 3560 MBR partitions:
23:21:52.0812 3560 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
23:21:52.0812 3560 \Device\Harddisk2\DR2:
23:21:52.0812 3560 MBR partitions:
23:21:52.0812 3560 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x249F16E6
23:21:52.0843 3560 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x249F1764, BlocksNum 0x1598F61C
23:21:52.0843 3560 \Device\Harddisk3\DR3:
23:21:52.0843 3560 MBR partitions:
23:21:52.0843 3560 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575456F1
23:21:52.0843 3560 \Device\Harddisk4\DR9:
23:21:52.0843 3560 MBR partitions:
23:21:52.0843 3560 \Device\Harddisk4\DR9\Partition1: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3B9D3F
23:21:52.0843 3560 \Device\Harddisk6\DR12:
23:21:52.0843 3560 MBR partitions:
23:21:52.0843 3560 \Device\Harddisk6\DR12\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3B95A1
23:21:52.0843 3560 \Device\Harddisk7\DR13:
23:21:52.0843 3560 MBR partitions:
23:21:52.0843 3560 \Device\Harddisk7\DR13\Partition1: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3B9D3F
23:21:52.0843 3560 ============================================================
23:21:52.0859 3560 D: <-> \Device\Harddisk0\DR0\Partition1
23:21:52.0875 3560 E: <-> \Device\Harddisk1\DR1\Partition1
23:21:52.0906 3560 F: <-> \Device\Harddisk3\DR3\Partition1
23:21:52.0937 3560 C: <-> \Device\Harddisk2\DR2\Partition1
23:21:52.0968 3560 I: <-> \Device\Harddisk2\DR2\Partition2
23:21:52.0968 3560 ============================================================
23:21:52.0968 3560 Initialize success
23:21:52.0968 3560 ============================================================
23:22:02.0281 2828 ============================================================
23:22:02.0281 2828 Scan started
23:22:02.0281 2828 Mode: Manual;
23:22:02.0281 2828 ============================================================
23:22:03.0093 2828 ================ Scan system memory ========================
23:22:03.0093 2828 System memory - ok
23:22:03.0093 2828 ================ Scan services =============================
23:22:03.0171 2828 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
23:22:03.0171 2828 !SASCORE - ok
23:22:03.0312 2828 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
23:22:03.0312 2828 Aavmker4 - ok
23:22:03.0312 2828 Abiosdsk - ok
23:22:03.0312 2828 abp480n5 - ok
23:22:03.0343 2828 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:22:03.0359 2828 ACPI - ok
23:22:03.0390 2828 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:22:03.0390 2828 ACPIEC - ok
23:22:03.0390 2828 adpu160m - ok
23:22:03.0421 2828 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:22:03.0421 2828 aec - ok
23:22:03.0468 2828 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:22:03.0468 2828 AFD - ok
23:22:03.0468 2828 Aha154x - ok
23:22:03.0468 2828 aic78u2 - ok
23:22:03.0468 2828 aic78xx - ok
23:22:03.0500 2828 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:22:03.0500 2828 Alerter - ok
23:22:03.0515 2828 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:22:03.0515 2828 ALG - ok
23:22:03.0515 2828 AliIde - ok
23:22:03.0515 2828 amsint - ok
23:22:03.0546 2828 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:22:03.0546 2828 AppMgmt - ok
23:22:03.0546 2828 asc - ok
23:22:03.0546 2828 asc3350p - ok
23:22:03.0546 2828 asc3550 - ok
23:22:03.0656 2828 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:22:03.0656 2828 aspnet_state - ok
23:22:03.0703 2828 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:22:03.0703 2828 aswFsBlk - ok
23:22:03.0703 2828 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
23:22:03.0703 2828 aswMon2 - ok
23:22:03.0734 2828 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
23:22:03.0734 2828 aswRdr - ok
23:22:03.0765 2828 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
23:22:03.0781 2828 aswSnx - ok
23:22:03.0781 2828 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
23:22:03.0781 2828 aswSP - ok
23:22:03.0796 2828 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
23:22:03.0796 2828 aswTdi - ok
23:22:03.0859 2828 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:22:03.0859 2828 AsyncMac - ok
23:22:03.0859 2828 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:22:03.0859 2828 atapi - ok
23:22:03.0859 2828 Atdisk - ok
23:22:03.0875 2828 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:22:03.0875 2828 Atmarpc - ok
23:22:03.0906 2828 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:22:03.0906 2828 AudioSrv - ok
23:22:03.0937 2828 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:22:03.0937 2828 audstub - ok
23:22:04.0031 2828 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:22:04.0031 2828 avast! Antivirus - ok
23:22:04.0062 2828 [ FB2D375C8F90CB17AAF2F90FE37C7B91 ] BackupReader C:\WINDOWS\system32\DRIVERS\BackupReader.sys
23:22:04.0062 2828 BackupReader - ok
23:22:04.0093 2828 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:22:04.0093 2828 Beep - ok
23:22:04.0218 2828 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:22:04.0234 2828 BITS - ok
23:22:04.0281 2828 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:22:04.0281 2828 Browser - ok
23:22:04.0281 2828 catchme - ok
23:22:04.0343 2828 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:22:04.0343 2828 cbidf2k - ok
23:22:04.0343 2828 cd20xrnt - ok
23:22:04.0359 2828 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:22:04.0390 2828 Cdaudio - ok
23:22:04.0421 2828 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:22:04.0437 2828 Cdfs - ok
23:22:04.0437 2828 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:22:04.0453 2828 Cdrom - ok
23:22:04.0453 2828 Changer - ok
23:22:04.0515 2828 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:22:04.0531 2828 CiSvc - ok
23:22:04.0531 2828 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:22:04.0546 2828 ClipSrv - ok
23:22:04.0671 2828 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:22:04.0703 2828 clr_optimization_v2.0.50727_32 - ok
23:22:04.0765 2828 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:22:04.0765 2828 clr_optimization_v4.0.30319_32 - ok
23:22:04.0921 2828 [ 907324001AE25AC5959C91EAA34CABAE ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
23:22:04.0953 2828 cmdAgent - ok
23:22:05.0000 2828 [ BEE235831F8E3F0BAACA18B39D285CF5 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
23:22:05.0015 2828 cmdGuard - ok
23:22:05.0031 2828 [ DE548946F36CAB62FEC2E6AA0149A619 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
23:22:05.0031 2828 cmdHlp - ok
23:22:05.0031 2828 CmdIde - ok
23:22:05.0031 2828 COMSysApp - ok
23:22:05.0031 2828 Cpqarray - ok
23:22:05.0093 2828 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:22:05.0093 2828 CryptSvc - ok
23:22:05.0140 2828 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
23:22:05.0140 2828 ctsfm2k - ok
23:22:05.0203 2828 [ 5174F5DD7CD6329396E942C022243BB1 ] cypherixservice C:\WINDOWS\system32\cypherixsrv.exe
23:22:05.0218 2828 cypherixservice - ok
23:22:05.0218 2828 [ 46C1FF8CCD6E4196E2381EE73B569883 ] cyphxdrv C:\WINDOWS\system32\Drivers\cyphxdrv.sys
23:22:05.0234 2828 cyphxdrv - ok
23:22:05.0234 2828 dac2w2k - ok
23:22:05.0234 2828 dac960nt - ok
23:22:05.0281 2828 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:22:05.0281 2828 DcomLaunch - ok
23:22:05.0328 2828 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:22:05.0328 2828 Dhcp - ok
23:22:05.0328 2828 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:22:05.0328 2828 Disk - ok
23:22:05.0328 2828 dmadmin - ok
23:22:05.0359 2828 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:22:05.0359 2828 dmboot - ok
23:22:05.0375 2828 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:22:05.0375 2828 dmio - ok
23:22:05.0406 2828 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:22:05.0406 2828 dmload - ok
23:22:05.0437 2828 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:22:05.0437 2828 dmserver - ok
23:22:05.0453 2828 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:22:05.0453 2828 DMusic - ok
23:22:05.0484 2828 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:22:05.0484 2828 Dnscache - ok
23:22:05.0546 2828 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:22:05.0546 2828 Dot3svc - ok
23:22:05.0546 2828 dpti2o - ok
23:22:05.0546 2828 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:22:05.0546 2828 drmkaud - ok
23:22:05.0562 2828 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:22:05.0562 2828 EapHost - ok
23:22:05.0593 2828 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
23:22:05.0609 2828 EL90XBC - ok
23:22:05.0609 2828 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:22:05.0609 2828 ERSvc - ok
23:22:05.0656 2828 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:22:05.0656 2828 Eventlog - ok
23:22:05.0703 2828 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:22:05.0703 2828 EventSystem - ok
23:22:05.0718 2828 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:22:05.0718 2828 Fastfat - ok
23:22:05.0765 2828 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:22:05.0765 2828 FastUserSwitchingCompatibility - ok
23:22:05.0781 2828 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:22:05.0781 2828 Fdc - ok
23:22:05.0812 2828 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:22:05.0812 2828 Fips - ok
23:22:05.0828 2828 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:22:05.0828 2828 Flpydisk - ok
23:22:05.0859 2828 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:22:05.0859 2828 FltMgr - ok
23:22:05.0906 2828 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:22:05.0906 2828 FontCache3.0.0.0 - ok
23:22:05.0921 2828 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:22:05.0921 2828 Fs_Rec - ok
23:22:05.0921 2828 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:22:05.0921 2828 Ftdisk - ok
23:22:05.0953 2828 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:22:05.0953 2828 Gpc - ok
23:22:05.0984 2828 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:22:05.0984 2828 gusvc - ok
23:22:06.0000 2828 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:22:06.0015 2828 HDAudBus - ok
23:22:06.0062 2828 [ D319A833EC173AD83C67885B3ED6C71C ] HealthAlertsSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
23:22:06.0062 2828 HealthAlertsSvc - ok
23:22:06.0140 2828 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:22:06.0140 2828 helpsvc - ok
23:22:06.0156 2828 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:22:06.0156 2828 HidServ - ok
23:22:06.0171 2828 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:22:06.0171 2828 hidusb - ok
23:22:06.0234 2828 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:22:06.0234 2828 hkmsvc - ok
23:22:06.0234 2828 hpn - ok
23:22:06.0359 2828 [ 58D4765AB87347DB835D5693ADF652C1 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:22:06.0359 2828 hpqcxs08 - ok
23:22:06.0375 2828 [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
23:22:06.0375 2828 HPSLPSVC - ok
23:22:06.0421 2828 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:22:06.0421 2828 HTTP - ok
23:22:06.0437 2828 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:22:06.0453 2828 HTTPFilter - ok
23:22:06.0453 2828 i2omgmt - ok
23:22:06.0453 2828 i2omp - ok
23:22:06.0468 2828 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
23:22:06.0468 2828 i8042prt - ok
23:22:06.0531 2828 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:22:06.0531 2828 idsvc - ok
23:22:06.0546 2828 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:22:06.0546 2828 Imapi - ok
23:22:06.0593 2828 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:22:06.0593 2828 ImapiService - ok
23:22:06.0593 2828 ini910u - ok
23:22:06.0609 2828 [ D319A833EC173AD83C67885B3ED6C71C ] initMonitor C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
23:22:06.0609 2828 initMonitor - ok
23:22:06.0656 2828 [ F89849CF13805EF49DA64A8A63193AF7 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
23:22:06.0656 2828 Inspect - ok
23:22:06.0656 2828 IntelIde - ok
23:22:06.0703 2828 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:22:06.0703 2828 Ip6Fw - ok
23:22:06.0718 2828 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:22:06.0718 2828 IpFilterDriver - ok
23:22:06.0718 2828 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:22:06.0734 2828 IpInIp - ok
23:22:06.0750 2828 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:22:06.0750 2828 IpNat - ok
23:22:06.0765 2828 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:22:06.0765 2828 IPSec - ok
23:22:06.0781 2828 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:22:06.0781 2828 IRENUM - ok
23:22:06.0781 2828 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:22:06.0781 2828 isapnp - ok
23:22:06.0875 2828 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:22:06.0875 2828 JavaQuickStarterService - ok
23:22:06.0890 2828 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:22:06.0890 2828 Kbdclass - ok
23:22:06.0890 2828 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:22:06.0890 2828 kbdhid - ok
23:22:06.0906 2828 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:22:06.0906 2828 kmixer - ok
23:22:06.0921 2828 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:22:06.0921 2828 KSecDD - ok
23:22:06.0953 2828 [ F11FF47203538DD145FAF56A4DAF5D75 ] LANConfig C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
23:22:06.0953 2828 LANConfig - ok
23:22:07.0000 2828 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:22:07.0000 2828 lanmanserver - ok
23:22:07.0031 2828 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:22:07.0031 2828 lanmanworkstation - ok
23:22:07.0031 2828 lbrtfdc - ok
23:22:07.0062 2828 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\WINDOWS\runservice.exe
23:22:07.0078 2828 LicCtrlService - ok
23:22:07.0156 2828 [ C2E324014D54DAA2B5A4DE47CB696FD8 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:22:07.0171 2828 LightScribeService - ok
23:22:07.0203 2828 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:22:07.0203 2828 LmHosts - ok
23:22:07.0250 2828 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
23:22:07.0250 2828 MBAMProtector - ok
23:22:07.0296 2828 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:22:07.0296 2828 MBAMScheduler - ok
23:22:07.0312 2828 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:22:07.0328 2828 MBAMService - ok
23:22:07.0375 2828 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:22:07.0375 2828 MDM - ok
23:22:07.0390 2828 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:22:07.0390 2828 Messenger - ok
23:22:07.0437 2828 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:22:07.0437 2828 mnmdd - ok
23:22:07.0468 2828 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:22:07.0484 2828 mnmsrvc - ok
23:22:07.0500 2828 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:22:07.0500 2828 Modem - ok
23:22:07.0515 2828 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:22:07.0515 2828 Mouclass - ok
23:22:07.0515 2828 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:22:07.0515 2828 mouhid - ok
23:22:07.0531 2828 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:22:07.0531 2828 MountMgr - ok
23:22:07.0593 2828 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:22:07.0593 2828 MozillaMaintenance - ok
23:22:07.0593 2828 mraid35x - ok
23:22:07.0593 2828 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:22:07.0609 2828 MRxDAV - ok
23:22:07.0640 2828 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:22:07.0656 2828 MRxSmb - ok
23:22:07.0671 2828 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:22:07.0671 2828 MSDTC - ok
23:22:07.0671 2828 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:22:07.0671 2828 Msfs - ok
23:22:07.0671 2828 MSIServer - ok
23:22:07.0718 2828 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:22:07.0718 2828 MSKSSRV - ok
23:22:07.0718 2828 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:22:07.0734 2828 MSPCLOCK - ok
23:22:07.0734 2828 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:22:07.0734 2828 MSPQM - ok
23:22:07.0734 2828 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:22:07.0734 2828 mssmbios - ok
23:22:07.0765 2828 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
23:22:07.0765 2828 MTsensor - ok
23:22:07.0796 2828 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:22:07.0796 2828 Mup - ok
23:22:07.0828 2828 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:22:07.0828 2828 napagent - ok
23:22:07.0843 2828 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:22:07.0843 2828 NDIS - ok
23:22:07.0890 2828 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:22:07.0890 2828 NdisTapi - ok
23:22:07.0890 2828 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:22:07.0890 2828 Ndisuio - ok
23:22:07.0906 2828 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:22:07.0906 2828 NdisWan - ok
23:22:07.0906 2828 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:22:07.0906 2828 NDProxy - ok
23:22:07.0953 2828 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
23:22:07.0953 2828 Net Driver HPZ12 - ok
23:22:07.0953 2828 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:22:07.0953 2828 NetBIOS - ok
23:22:07.0984 2828 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:22:07.0984 2828 NetBT - ok
23:22:08.0031 2828 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:22:08.0031 2828 NetDDE - ok
23:22:08.0046 2828 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:22:08.0046 2828 NetDDEdsdm - ok
23:22:08.0078 2828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:22:08.0093 2828 Netlogon - ok
23:22:08.0125 2828 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:22:08.0140 2828 Netman - ok
23:22:08.0156 2828 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:22:08.0156 2828 NetTcpPortSharing - ok
23:22:08.0171 2828 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:22:08.0171 2828 Nla - ok
23:22:08.0187 2828 [ D319A833EC173AD83C67885B3ED6C71C ] NotificationsProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
23:22:08.0187 2828 NotificationsProviderSvc - ok
23:22:08.0218 2828 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:22:08.0218 2828 Npfs - ok
23:22:08.0218 2828 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:22:08.0218 2828 Ntfs - ok
23:22:08.0218 2828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:22:08.0234 2828 NtLmSsp - ok
23:22:08.0250 2828 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:22:08.0250 2828 NtmsSvc - ok
23:22:08.0265 2828 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:22:08.0265 2828 Null - ok
23:22:08.0484 2828 [ 8B2C874897EA498DA012284E12F9DB2B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:22:08.0656 2828 nv - ok
23:22:08.0718 2828 [ 2CC4E45B0EB4C48392CEC9C83B5B8E3B ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
23:22:08.0765 2828 nvUpdatusService - ok
23:22:08.0796 2828 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:22:08.0796 2828 NwlnkFlt - ok
23:22:08.0796 2828 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:22:08.0796 2828 NwlnkFwd - ok
23:22:08.0843 2828 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:22:08.0843 2828 ose - ok
23:22:08.0875 2828 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
23:22:08.0875 2828 ossrv - ok
23:22:08.0921 2828 [ DF886FFED69AEAD0CF608B89B18C3F6F ] P17 C:\WINDOWS\system32\drivers\P17.sys
23:22:08.0953 2828 P17 - ok
23:22:08.0984 2828 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:22:08.0984 2828 Parport - ok
23:22:08.0984 2828 Partizan - ok
23:22:09.0000 2828 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:22:09.0000 2828 PartMgr - ok
23:22:09.0046 2828 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:22:09.0046 2828 ParVdm - ok
23:22:09.0062 2828 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:22:09.0078 2828 PCI - ok
23:22:09.0078 2828 PCIDump - ok
23:22:09.0078 2828 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:22:09.0078 2828 PCIIde - ok
23:22:09.0093 2828 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:22:09.0109 2828 Pcmcia - ok
23:22:09.0109 2828 PDCOMP - ok
23:22:09.0109 2828 PDFRAME - ok
23:22:09.0109 2828 PDRELI - ok
23:22:09.0109 2828 PDRFRAME - ok
23:22:09.0109 2828 perc2 - ok
23:22:09.0109 2828 perc2hib - ok
23:22:09.0125 2828 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:22:09.0140 2828 PlugPlay - ok
23:22:09.0140 2828 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
23:22:09.0140 2828 Pml Driver HPZ12 - ok
23:22:09.0187 2828 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
23:22:09.0187 2828 PnkBstrA - ok
23:22:09.0218 2828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:22:09.0218 2828 PolicyAgent - ok
23:22:09.0234 2828 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:22:09.0234 2828 PptpMiniport - ok
23:22:09.0234 2828 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
23:22:09.0234 2828 Processor - ok
23:22:09.0250 2828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:22:09.0250 2828 ProtectedStorage - ok
23:22:09.0250 2828 [ D319A833EC173AD83C67885B3ED6C71C ] providers_system C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
23:22:09.0250 2828 providers_system - ok
23:22:09.0265 2828 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:22:09.0265 2828 PSched - ok
23:22:09.0265 2828 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:22:09.0265 2828 Ptilink - ok
23:22:09.0281 2828 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:22:09.0281 2828 PxHelp20 - ok
23:22:09.0281 2828 ql1080 - ok
23:22:09.0296 2828 Ql10wnt - ok
23:22:09.0296 2828 ql12160 - ok
23:22:09.0296 2828 ql1240 - ok
23:22:09.0296 2828 ql1280 - ok
23:22:09.0328 2828 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:22:09.0328 2828 RasAcd - ok
23:22:09.0343 2828 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:22:09.0343 2828 RasAuto - ok
23:22:09.0359 2828 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:22:09.0359 2828 Rasl2tp - ok
23:22:09.0375 2828 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:22:09.0375 2828 RasMan - ok
23:22:09.0375 2828 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:22:09.0375 2828 RasPppoe - ok
23:22:09.0375 2828 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:22:09.0375 2828 Raspti - ok
23:22:09.0406 2828 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:22:09.0406 2828 Rdbss - ok
23:22:09.0421 2828 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:22:09.0421 2828 RDPCDD - ok
23:22:09.0421 2828 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:22:09.0421 2828 rdpdr - ok
23:22:09.0468 2828 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:22:09.0468 2828 RDPWD - ok
23:22:09.0484 2828 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:22:09.0484 2828 RDSessMgr - ok
23:22:09.0500 2828 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:22:09.0515 2828 redbook - ok
23:22:09.0515 2828 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:22:09.0515 2828 RemoteAccess - ok
23:22:09.0546 2828 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:22:09.0562 2828 RemoteRegistry - ok
23:22:09.0562 2828 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:22:09.0562 2828 RpcLocator - ok
23:22:09.0609 2828 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:22:09.0609 2828 RpcSs - ok
23:22:09.0625 2828 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:22:09.0640 2828 RSVP - ok
23:22:09.0656 2828 [ CB9310A5A910648D359C99A857E22A54 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:22:09.0656 2828 RTLE8023xp - ok
23:22:09.0671 2828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:22:09.0671 2828 SamSs - ok
23:22:09.0718 2828 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:22:09.0718 2828 SASDIFSV - ok
23:22:09.0718 2828 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:22:09.0718 2828 SASKUTIL - ok
23:22:09.0781 2828 [ 1FBD21895B768CD40E83B86C18E6454F ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
23:22:09.0781 2828 SbieDrv - ok
23:22:09.0796 2828 [ D5D875D6662F30C7FBF5F6879452B12B ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
23:22:09.0796 2828 SbieSvc - ok
23:22:09.0828 2828 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:22:09.0828 2828 SCardSvr - ok
23:22:09.0859 2828 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:22:09.0859 2828 Schedule - ok
23:22:09.0859 2828 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:22:09.0875 2828 Secdrv - ok
23:22:09.0875 2828 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:22:09.0875 2828 seclogon - ok
23:22:09.0875 2828 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:22:09.0875 2828 SENS - ok
23:22:09.0906 2828 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:22:09.0906 2828 serenum - ok
23:22:09.0906 2828 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:22:09.0906 2828 Serial - ok
23:22:09.0968 2828 [ 2AF4866050E7C07132473AA5E57630EB ] ServiceProviderRegistry C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
23:22:09.0968 2828 ServiceProviderRegistry - ok
23:22:09.0984 2828 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:22:09.0984 2828 Sfloppy - ok
23:22:10.0000 2828 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:22:10.0015 2828 SharedAccess - ok
23:22:10.0031 2828 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:22:10.0031 2828 ShellHWDetection - ok
23:22:10.0031 2828 Simbad - ok
23:22:10.0031 2828 Sparrow - ok
23:22:10.0062 2828 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:22:10.0062 2828 splitter - ok
23:22:10.0093 2828 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:22:10.0109 2828 Spooler - ok
23:22:10.0109 2828 [ D319A833EC173AD83C67885B3ED6C71C ] SqmProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
23:22:10.0109 2828 SqmProviderSvc - ok
23:22:10.0125 2828 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:22:10.0125 2828 sr - ok
23:22:10.0125 2828 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:22:10.0140 2828 srservice - ok
23:22:10.0156 2828 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:22:10.0156 2828 Srv - ok
23:22:10.0156 2828 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:22:10.0171 2828 SSDPSRV - ok
23:22:10.0187 2828 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:22:10.0187 2828 stisvc - ok
23:22:10.0234 2828 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:22:10.0234 2828 swenum - ok
23:22:10.0250 2828 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:22:10.0250 2828 swmidi - ok
23:22:10.0250 2828 SwPrv - ok
23:22:10.0250 2828 symc810 - ok
23:22:10.0250 2828 symc8xx - ok
23:22:10.0250 2828 sym_hi - ok
23:22:10.0250 2828 sym_u3 - ok
23:22:10.0265 2828 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:22:10.0265 2828 sysaudio - ok
23:22:10.0265 2828 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:22:10.0281 2828 SysmonLog - ok
23:22:10.0281 2828 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:22:10.0281 2828 TapiSrv - ok
23:22:10.0343 2828 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:22:10.0343 2828 Tcpip - ok
23:22:10.0343 2828 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:22:10.0343 2828 TDPIPE - ok
23:22:10.0359 2828 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:22:10.0359 2828 TDTCP - ok
23:22:10.0375 2828 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:22:10.0375 2828 TermDD - ok
23:22:10.0390 2828 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:22:10.0390 2828 TermService - ok
23:22:10.0406 2828 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:22:10.0406 2828 Themes - ok
23:22:10.0421 2828 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:22:10.0437 2828 TlntSvr - ok
23:22:10.0437 2828 TosIde - ok
23:22:10.0437 2828 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:22:10.0453 2828 TrkWks - ok
23:22:10.0468 2828 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:22:10.0468 2828 Udfs - ok
23:22:10.0562 2828 [ 810883E6225C0037F2553D964FC866E3 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
23:22:10.0562 2828 UleadBurningHelper - ok
23:22:10.0562 2828 ultra - ok
23:22:10.0562 2828 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:22:10.0578 2828 Update - ok
23:22:10.0609 2828 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:22:10.0625 2828 upnphost - ok
23:22:10.0625 2828 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:22:10.0625 2828 UPS - ok
23:22:10.0671 2828 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:22:10.0671 2828 usbccgp - ok
23:22:10.0671 2828 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:22:10.0671 2828 usbehci - ok
23:22:10.0671 2828 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:22:10.0687 2828 usbhub - ok
23:22:10.0687 2828 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:22:10.0687 2828 usbohci - ok
23:22:10.0687 2828 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:22:10.0687 2828 usbprint - ok
23:22:10.0703 2828 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:22:10.0703 2828 usbscan - ok
23:22:10.0718 2828 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:22:10.0718 2828 USBSTOR - ok
23:22:10.0750 2828 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:22:10.0750 2828 VgaSave - ok
23:22:10.0812 2828 [ 1A8E19B027885E8E9E852784C9E4B21A ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
23:22:10.0828 2828 VIAHdAudAddService - ok
23:22:10.0828 2828 ViaIde - ok
23:22:10.0843 2828 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:22:10.0843 2828 VolSnap - ok
23:22:10.0890 2828 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:22:10.0906 2828 VSS - ok
23:22:10.0921 2828 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:22:10.0921 2828 W32Time - ok
23:22:10.0937 2828 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:22:10.0937 2828 Wanarp - ok
23:22:10.0937 2828 WDICA - ok
23:22:10.0937 2828 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:22:10.0953 2828 wdmaud - ok
23:22:10.0953 2828 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:22:10.0968 2828 WebClient - ok
23:22:11.0046 2828 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:22:11.0046 2828 winmgmt - ok
23:22:11.0109 2828 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:22:11.0140 2828 wlidsvc - ok
23:22:11.0171 2828 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:22:11.0187 2828 WmdmPmSN - ok
23:22:11.0203 2828 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:22:11.0218 2828 Wmi - ok
23:22:11.0218 2828 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:22:11.0218 2828 WmiAcpi - ok
23:22:11.0218 2828 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:22:11.0234 2828 WmiApSrv - ok
23:22:11.0296 2828 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:22:11.0312 2828 WMPNetworkSvc - ok
23:22:11.0640 2828 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:22:11.0656 2828 WPFFontCache_v0400 - ok
23:22:11.0703 2828 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:22:11.0703 2828 WS2IFSL - ok
23:22:11.0750 2828 [ B27C0BB50B2C246FEC2684D86E39B62E ] WSConnectorUpdate C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
23:22:11.0750 2828 WSConnectorUpdate - ok
23:22:11.0796 2828 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:22:11.0812 2828 wscsvc - ok
23:22:11.0843 2828 [ D319A833EC173AD83C67885B3ED6C71C ] WSS_ComputerBackupProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
23:22:11.0843 2828 WSS_ComputerBackupProviderSvc - ok
23:22:11.0859 2828 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:22:11.0859 2828 wuauserv - ok
23:22:11.0906 2828 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:22:11.0906 2828 WudfPf - ok
23:22:11.0921 2828 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:22:11.0921 2828 WudfRd - ok
23:22:11.0968 2828 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:22:11.0968 2828 WudfSvc - ok
23:22:12.0015 2828 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:22:12.0031 2828 WZCSVC - ok
23:22:12.0046 2828 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:22:12.0046 2828 xmlprov - ok
23:22:12.0046 2828 ================ Scan global ===============================
23:22:12.0093 2828 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:22:12.0140 2828 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:22:12.0140 2828 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:22:12.0156 2828 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:22:12.0171 2828 [Global] - ok
23:22:12.0171 2828 ================ Scan MBR ==================================
23:22:12.0171 2828 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:22:12.0343 2828 \Device\Harddisk0\DR0 - ok
23:22:12.0359 2828 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:22:12.0531 2828 \Device\Harddisk1\DR1 - ok
23:22:12.0546 2828 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
23:22:12.0703 2828 \Device\Harddisk2\DR2 - ok
23:22:13.0687 2828 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
23:22:13.0703 2828 \Device\Harddisk3\DR3 - ok
23:22:13.0703 2828 [ 06449E7C4AF0550B77E260798769AA40 ] \Device\Harddisk4\DR9
23:22:13.0703 2828 \Device\Harddisk4\DR9 - ok
23:22:13.0718 2828 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk6\DR12
23:22:13.0718 2828 \Device\Harddisk6\DR12 - ok
23:22:13.0718 2828 [ 06449E7C4AF0550B77E260798769AA40 ] \Device\Harddisk7\DR13
23:22:13.0734 2828 \Device\Harddisk7\DR13 - ok
23:22:13.0734 2828 ================ Scan VBR ==================================
23:22:13.0734 2828 [ 406D08C67AF38E716114F01FB7014F00 ] \Device\Harddisk0\DR0\Partition1
23:22:13.0734 2828 \Device\Harddisk0\DR0\Partition1 - ok
23:22:13.0734 2828 [ 0FB03B80DE4A189B212714CA0FA925F9 ] \Device\Harddisk1\DR1\Partition1
23:22:13.0734 2828 \Device\Harddisk1\DR1\Partition1 - ok
23:22:13.0750 2828 [ C2D43BC381865F5560EDAA7E7AE2CE23 ] \Device\Harddisk2\DR2\Partition1
23:22:13.0750 2828 \Device\Harddisk2\DR2\Partition1 - ok
23:22:13.0781 2828 [ DD11F9A117EF0A3E60C8AB23A3F856A9 ] \Device\Harddisk2\DR2\Partition2
23:22:13.0781 2828 \Device\Harddisk2\DR2\Partition2 - ok
23:22:13.0781 2828 [ 331B5935D6F88C03A70B7D797CFF01FE ] \Device\Harddisk3\DR3\Partition1
23:22:13.0781 2828 \Device\Harddisk3\DR3\Partition1 - ok
23:22:13.0781 2828 [ E387233CB05B5F0699717735C4FDA34F ] \Device\Harddisk4\DR9\Partition1
23:22:13.0781 2828 \Device\Harddisk4\DR9\Partition1 - ok
23:22:13.0781 2828 [ 0DEE750189656F9A1D51FB75B639D6DA ] \Device\Harddisk6\DR12\Partition1
23:22:13.0781 2828 \Device\Harddisk6\DR12\Partition1 - ok
23:22:13.0781 2828 [ EB2C8741CEEC6D6C37379DBB22DC27EF ] \Device\Harddisk7\DR13\Partition1
23:22:13.0796 2828 \Device\Harddisk7\DR13\Partition1 - ok
23:22:13.0796 2828 ============================================================
23:22:13.0796 2828 Scan finished
23:22:13.0796 2828 ============================================================
23:22:13.0796 4536 Detected object count: 0
23:22:13.0796 4536 Actual detected object count: 0
23:22:29.0375 0576 ============================================================
23:22:29.0375 0576 Scan started
23:22:29.0375 0576 Mode: Manual;
23:22:29.0375 0576 ============================================================
23:22:30.0234 0576 ================ Scan system memory ========================
23:22:30.0234 0576 System memory - ok
23:22:30.0234 0576 ================ Scan services =============================
23:22:30.0328 0576 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
23:22:30.0328 0576 !SASCORE - ok
23:22:30.0437 0576 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
23:22:30.0437 0576 Aavmker4 - ok
23:22:30.0437 0576 Abiosdsk - ok
23:22:30.0437 0576 abp480n5 - ok
23:22:30.0468 0576 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:22:30.0468 0576 ACPI - ok
23:22:30.0515 0576 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:22:30.0515 0576 ACPIEC - ok
23:22:30.0515 0576 adpu160m - ok
23:22:30.0531 0576 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:22:30.0531 0576 aec - ok
23:22:30.0578 0576 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:22:30.0578 0576 AFD - ok
23:22:30.0578 0576 Aha154x - ok
23:22:30.0578 0576 aic78u2 - ok
23:22:30.0578 0576 aic78xx - ok
23:22:30.0609 0576 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:22:30.0609 0576 Alerter - ok
23:22:30.0640 0576 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:22:30.0640 0576 ALG - ok
23:22:30.0640 0576 AliIde - ok
23:22:30.0640 0576 amsint - ok
23:22:30.0656 0576 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:22:30.0656 0576 AppMgmt - ok
23:22:30.0656 0576 asc - ok
23:22:30.0671 0576 asc3350p - ok
23:22:30.0671 0576 asc3550 - ok
23:22:30.0781 0576 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:22:30.0781 0576 aspnet_state - ok
23:22:30.0828 0576 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:22:30.0828 0576 aswFsBlk - ok
23:22:30.0828 0576 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
23:22:30.0828 0576 aswMon2 - ok
23:22:30.0859 0576 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
23:22:30.0875 0576 aswRdr - ok
23:22:30.0890 0576 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
23:22:30.0890 0576 aswSnx - ok
23:22:30.0921 0576 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
23:22:30.0921 0576 aswSP - ok
23:22:30.0937 0576 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
23:22:30.0937 0576 aswTdi - ok
23:22:30.0984 0576 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:22:30.0984 0576 AsyncMac - ok
23:22:30.0984 0576 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:22:30.0984 0576 atapi - ok
23:22:30.0984 0576 Atdisk - ok
23:22:31.0000 0576 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:22:31.0000 0576 Atmarpc - ok
23:22:31.0031 0576 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:22:31.0031 0576 AudioSrv - ok
23:22:31.0062 0576 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:22:31.0062 0576 audstub - ok
23:22:31.0156 0576 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:22:31.0156 0576 avast! Antivirus - ok
23:22:31.0187 0576 [ FB2D375C8F90CB17AAF2F90FE37C7B91 ] BackupReader C:\WINDOWS\system32\DRIVERS\BackupReader.sys
23:22:31.0187 0576 BackupReader - ok
23:22:31.0218 0576 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:22:31.0218 0576 Beep - ok
23:22:31.0265 0576 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:22:31.0265 0576 BITS - ok
23:22:31.0296 0576 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:22:31.0296 0576 Browser - ok
23:22:31.0296 0576 catchme - ok
23:22:31.0312 0576 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:22:31.0312 0576 cbidf2k - ok
23:22:31.0328 0576 cd20xrnt - ok
23:22:31.0328 0576 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:22:31.0328 0576 Cdaudio - ok
23:22:31.0328 0576 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:22:31.0328 0576 Cdfs - ok
23:22:31.0343 0576 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:22:31.0343 0576 Cdrom - ok
23:22:31.0343 0576 Changer - ok
23:22:31.0390 0576 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:22:31.0390 0576 CiSvc - ok
23:22:31.0390 0576 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:22:31.0390 0576 ClipSrv - ok
23:22:31.0468 0576 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:22:31.0468 0576 clr_optimization_v2.0.50727_32 - ok
23:22:31.0515 0576 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:22:31.0515 0576 clr_optimization_v4.0.30319_32 - ok
23:22:31.0609 0576 [ 907324001AE25AC5959C91EAA34CABAE ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
23:22:31.0625 0576 cmdAgent - ok
23:22:31.0671 0576 [ BEE235831F8E3F0BAACA18B39D285CF5 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
23:22:31.0671 0576 cmdGuard - ok
23:22:31.0671 0576 [ DE548946F36CAB62FEC2E6AA0149A619 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
23:22:31.0671 0576 cmdHlp - ok
23:22:31.0671 0576 CmdIde - ok
23:22:31.0671 0576 COMSysApp - ok
23:22:31.0687 0576 Cpqarray - ok
23:22:31.0718 0576 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:22:31.0718 0576 CryptSvc - ok
23:22:31.0765 0576 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
23:22:31.0765 0576 ctsfm2k - ok
23:22:31.0812 0576 [ 5174F5DD7CD6329396E942C022243BB1 ] cypherixservice C:\WINDOWS\system32\cypherixsrv.exe
23:22:31.0828 0576 cypherixservice - ok
23:22:31.0843 0576 [ 46C1FF8CCD6E4196E2381EE73B569883 ] cyphxdrv C:\WINDOWS\system32\Drivers\cyphxdrv.sys
23:22:31.0843 0576 cyphxdrv - ok
23:22:31.0843 0576 dac2w2k - ok
23:22:31.0843 0576 dac960nt - ok
23:22:31.0890 0576 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:22:31.0890 0576 DcomLaunch - ok
23:22:31.0937 0576 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:22:31.0937 0576 Dhcp - ok
23:22:31.0937 0576 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:22:31.0937 0576 Disk - ok
23:22:31.0937 0576 dmadmin - ok
23:22:31.0968 0576 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:22:31.0968 0576 dmboot - ok
23:22:31.0968 0576 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:22:31.0968 0576 dmio - ok
23:22:32.0000 0576 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:22:32.0000 0576 dmload - ok
23:22:32.0031 0576 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:22:32.0031 0576 dmserver - ok
23:22:32.0031 0576 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:22:32.0031 0576 DMusic - ok
23:22:32.0062 0576 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:22:32.0078 0576 Dnscache - ok
23:22:32.0109 0576 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:22:32.0109 0576 Dot3svc - ok
23:22:32.0109 0576 dpti2o - ok
23:22:32.0109 0576 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:22:32.0109 0576 drmkaud - ok
23:22:32.0125 0576 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:22:32.0125 0576 EapHost - ok
23:22:32.0171 0576 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
23:22:32.0171 0576 EL90XBC - ok
23:22:32.0171 0576 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:22:32.0171 0576 ERSvc - ok
23:22:32.0218 0576 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:22:32.0218 0576 Eventlog - ok
23:22:32.0250 0576 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:22:32.0250 0576 EventSystem - ok
23:22:32.0265 0576 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:22:32.0265 0576 Fastfat - ok
23:22:32.0312 0576 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:22:32.0312 0576 FastUserSwitchingCompatibility - ok
23:22:32.0328 0576 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:22:32.0328 0576 Fdc - ok
23:22:32.0375 0576 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:22:32.0375 0576 Fips - ok
23:22:32.0375 0576 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:22:32.0375 0576 Flpydisk - ok
23:22:32.0406 0576 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:22:32.0406 0576 FltMgr - ok
23:22:32.0453 0576 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:22:32.0468 0576 FontCache3.0.0.0 - ok
23:22:32.0468 0576 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:22:32.0468 0576 Fs_Rec - ok
23:22:32.0468 0576 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:22:32.0468 0576 Ftdisk - ok
23:22:32.0500 0576 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:22:32.0500 0576 Gpc - ok
23:22:32.0531 0576 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:22:32.0531 0576 gusvc - ok
23:22:32.0546 0576 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:22:32.0546 0576 HDAudBus - ok
23:22:32.0593 0576 [ D319A833EC173AD83C67885B3ED6C71C ] HealthAlertsSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
23:22:32.0593 0576 HealthAlertsSvc - ok
23:22:32.0671 0576 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:22:32.0671 0576 helpsvc - ok
23:22:32.0718 0576 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:22:32.0718 0576 HidServ - ok
23:22:32.0734 0576 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:22:32.0734 0576 hidusb - ok
23:22:32.0765 0576 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:22:32.0765 0576 hkmsvc - ok
23:22:32.0765 0576 hpn - ok
23:22:32.0843 0576 [ 58D4765AB87347DB835D5693ADF652C1 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:22:32.0843 0576 hpqcxs08 - ok
23:22:32.0859 0576 [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
23:22:32.0875 0576 HPSLPSVC - ok
23:22:32.0906 0576 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:22:32.0906 0576 HTTP - ok
23:22:32.0921 0576 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:22:32.0921 0576 HTTPFilter - ok
23:22:32.0921 0576 i2omgmt - ok
23:22:32.0937 0576 i2omp - ok
23:22:32.0953 0576 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
23:22:32.0953 0576 i8042prt - ok
23:22:33.0000 0576 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:22:33.0015 0576 idsvc - ok
23:22:33.0031 0576 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:22:33.0031 0576 Imapi - ok
23:22:33.0062 0576 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:22:33.0062 0576 ImapiService - ok
23:22:33.0078 0576 ini910u - ok
23:22:33.0078 0576 [ D319A833EC173AD83C67885B3ED6C71C ] initMonitor C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
23:22:33.0078 0576 initMonitor - ok
23:22:33.0125 0576 [ F89849CF13805EF49DA64A8A63193AF7 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
23:22:33.0125 0576 Inspect - ok
23:22:33.0125 0576 IntelIde - ok
23:22:33.0171 0576 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:22:33.0171 0576 Ip6Fw - ok
23:22:33.0187 0576 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:22:33.0187 0576 IpFilterDriver - ok
23:22:33.0187 0576 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:22:33.0187 0576 IpInIp - ok
23:22:33.0218 0576 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:22:33.0218 0576 IpNat - ok
23:22:33.0218 0576 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:22:33.0218 0576 IPSec - ok
23:22:33.0234 0576 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:22:33.0234 0576 IRENUM - ok
23:22:33.0250 0576 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:22:33.0250 0576 isapnp - ok
23:22:33.0328 0576 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:22:33.0328 0576 JavaQuickStarterService - ok
23:22:33.0328 0576 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:22:33.0328 0576 Kbdclass - ok
23:22:33.0328 0576 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:22:33.0328 0576 kbdhid - ok
23:22:33.0343 0576 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:22:33.0343 0576 kmixer - ok
23:22:33.0359 0576 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:22:33.0359 0576 KSecDD - ok
23:22:33.0390 0576 [ F11FF47203538DD145FAF56A4DAF5D75 ] LANConfig C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
23:22:33.0390 0576 LANConfig - ok
23:22:33.0453 0576 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:22:33.0468 0576 lanmanserver - ok
23:22:33.0500 0576 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:22:33.0500 0576 lanmanworkstation - ok
23:22:33.0500 0576 lbrtfdc - ok
23:22:33.0546 0576 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\WINDOWS\runservice.exe
23:22:33.0546 0576 LicCtrlService - ok
23:22:33.0640 0576 [ C2E324014D54DAA2B5A4DE47CB696FD8 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:22:33.0640 0576 LightScribeService - ok
23:22:33.0671 0576 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:22:33.0687 0576 LmHosts - ok
23:22:33.0718 0576 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
23:22:33.0718 0576 MBAMProtector - ok
23:22:33.0765 0576 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:22:33.0781 0576 MBAMScheduler - ok
23:22:33.0796 0576 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:22:33.0796 0576 MBAMService - ok
23:22:33.0859 0576 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:22:33.0859 0576 MDM - ok
23:22:33.0875 0576 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:22:33.0875 0576 Messenger - ok
23:22:33.0921 0576 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:22:33.0921 0576 mnmdd - ok
23:22:33.0953 0576 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:22:33.0953 0576 mnmsrvc - ok
23:22:33.0968 0576 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:22:33.0968 0576 Modem - ok
23:22:33.0984 0576 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:22:33.0984 0576 Mouclass - ok
23:22:34.0000 0576 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:22:34.0000 0576 mouhid - ok
23:22:34.0000 0576 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:22:34.0000 0576 MountMgr - ok
23:22:34.0062 0576 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:22:34.0062 0576 MozillaMaintenance - ok
23:22:34.0062 0576 mraid35x - ok
23:22:34.0078 0576 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:22:34.0078 0576 MRxDAV - ok
23:22:34.0109 0576 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:22:34.0109 0576 MRxSmb - ok
23:22:34.0125 0576 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:22:34.0125 0576 MSDTC - ok
23:22:34.0125 0576 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:22:34.0125 0576 Msfs - ok
23:22:34.0140 0576 MSIServer - ok
23:22:34.0140 0576 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:22:34.0140 0576 MSKSSRV - ok
23:22:34.0156 0576 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:22:34.0156 0576 MSPCLOCK - ok
23:22:34.0203 0576 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:22:34.0203 0576 MSPQM - ok
23:22:34.0218 0576 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:22:34.0218 0576 mssmbios - ok
23:22:34.0250 0576 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
23:22:34.0250 0576 MTsensor - ok
23:22:34.0281 0576 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:22:34.0281 0576 Mup - ok
23:22:34.0296 0576 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:22:34.0312 0576 napagent - ok
23:22:34.0328 0576 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:22:34.0328 0576 NDIS - ok
23:22:34.0343 0576 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:22:34.0343 0576 NdisTapi - ok
23:22:34.0375 0576 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:22:34.0375 0576 Ndisuio - ok
23:22:34.0375 0576 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:22:34.0390 0576 NdisWan - ok
23:22:34.0390 0576 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:22:34.0390 0576 NDProxy - ok
23:22:34.0437 0576 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
23:22:34.0437 0576 Net Driver HPZ12 - ok
23:22:34.0437 0576 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:22:34.0437 0576 NetBIOS - ok
23:22:34.0453 0576 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:22:34.0453 0576 NetBT - ok
23:22:34.0484 0576 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:22:34.0500 0576 NetDDE - ok
23:22:34.0500 0576 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:22:34.0500 0576 NetDDEdsdm - ok
23:22:34.0531 0576 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:22:34.0531 0576 Netlogon - ok
23:22:34.0578 0576 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:22:34.0578 0576 Netman - ok
23:22:34.0625 0576 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:22:34.0625 0576 NetTcpPortSharing - ok
23:22:34.0640 0576 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:22:34.0640 0576 Nla - ok
23:22:34.0671 0576 [ D319A833EC173AD83C67885B3ED6C71C ] NotificationsProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
23:22:34.0671 0576 NotificationsProviderSvc - ok
23:22:34.0687 0576 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:22:34.0687 0576 Npfs - ok
23:22:34.0718 0576 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:22:34.0718 0576 Ntfs - ok
23:22:34.0718 0576 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:22:34.0734 0576 NtLmSsp - ok
23:22:34.0750 0576 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:22:34.0765 0576 NtmsSvc - ok
23:22:34.0781 0576 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:22:34.0781 0576 Null - ok
23:22:34.0984 0576 [ 8B2C874897EA498DA012284E12F9DB2B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:22:35.0046 0576 nv - ok
23:22:35.0125 0576 [ 2CC4E45B0EB4C48392CEC9C83B5B8E3B ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
23:22:35.0140 0576 nvUpdatusService - ok
23:22:35.0171 0576 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:22:35.0171 0576 NwlnkFlt - ok
23:22:35.0171 0576 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:22:35.0171 0576 NwlnkFwd - ok
23:22:35.0218 0576 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:22:35.0218 0576 ose - ok
23:22:35.0234 0576 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
23:22:35.0250 0576 ossrv - ok
23:22:35.0296 0576 [ DF886FFED69AEAD0CF608B89B18C3F6F ] P17 C:\WINDOWS\system32\drivers\P17.sys
23:22:35.0312 0576 P17 - ok
23:22:35.0343 0576 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:22:35.0343 0576 Parport - ok
23:22:35.0343 0576 Partizan - ok
23:22:35.0359 0576 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:22:35.0359 0576 PartMgr - ok
23:22:35.0406 0576 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:22:35.0406 0576 ParVdm - ok
23:22:35.0406 0576 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:22:35.0406 0576 PCI - ok
23:22:35.0406 0576 PCIDump - ok
23:22:35.0421 0576 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:22:35.0421 0576 PCIIde - ok
23:22:35.0453 0576 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:22:35.0453 0576 Pcmcia - ok
23:22:35.0453 0576 PDCOMP - ok
23:22:35.0453 0576 PDFRAME - ok
23:22:35.0453 0576 PDRELI - ok
23:22:35.0453 0576 PDRFRAME - ok
23:22:35.0453 0576 perc2 - ok
23:22:35.0468 0576 perc2hib - ok
23:22:35.0468 0576 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:22:35.0484 0576 PlugPlay - ok
23:22:35.0484 0576 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
23:22:35.0484 0576 Pml Driver HPZ12 - ok
23:22:35.0531 0576 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
23:22:35.0531 0576 PnkBstrA - ok
23:22:35.0546 0576 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:22:35.0546 0576 PolicyAgent - ok
23:22:35.0546 0576 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:22:35.0546 0576 PptpMiniport - ok
23:22:35.0562 0576 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
23:22:35.0562 0576 Processor - ok
23:22:35.0562 0576 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:22:35.0562 0576 ProtectedStorage - ok
23:22:35.0578 0576 [ D319A833EC173AD83C67885B3ED6C71C ] providers_system C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
23:22:35.0578 0576 providers_system - ok
23:22:35.0578 0576 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:22:35.0578 0576 PSched - ok
23:22:35.0609 0576 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:22:35.0609 0576 Ptilink - ok
23:22:35.0640 0576 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:22:35.0640 0576 PxHelp20 - ok
23:22:35.0640 0576 ql1080 - ok
23:22:35.0640 0576 Ql10wnt - ok
23:22:35.0656 0576 ql12160 - ok
23:22:35.0656 0576 ql1240 - ok
23:22:35.0656 0576 ql1280 - ok
23:22:35.0687 0576 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:22:35.0687 0576 RasAcd - ok
23:22:35.0734 0576 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:22:35.0734 0576 RasAuto - ok
23:22:35.0734 0576 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:22:35.0734 0576 Rasl2tp - ok
23:22:35.0765 0576 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:22:35.0765 0576 RasMan - ok
23:22:35.0765 0576 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:22:35.0765 0576 RasPppoe - ok
23:22:35.0781 0576 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:22:35.0781 0576 Raspti - ok
23:22:35.0796 0576 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:22:35.0796 0576 Rdbss - ok
23:22:35.0796 0576 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:22:35.0812 0576 RDPCDD - ok
23:22:35.0812 0576 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:22:35.0812 0576 rdpdr - ok
23:22:35.0859 0576 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:22:35.0859 0576 RDPWD - ok
23:22:35.0875 0576 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:22:35.0875 0576 RDSessMgr - ok
23:22:35.0890 0576 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:22:35.0890 0576 redbook - ok
23:22:35.0890 0576 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:22:35.0890 0576 RemoteAccess - ok
23:22:35.0906 0576 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:22:35.0921 0576 RemoteRegistry - ok
23:22:35.0921 0576 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:22:35.0921 0576 RpcLocator - ok
23:22:35.0937 0576 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:22:35.0953 0576 RpcSs - ok
23:22:35.0968 0576 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:22:35.0984 0576 RSVP - ok
23:22:35.0984 0576 [ CB9310A5A910648D359C99A857E22A54 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:22:35.0984 0576 RTLE8023xp - ok
23:22:36.0015 0576 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:22:36.0015 0576 SamSs - ok
23:22:36.0062 0576 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:22:36.0062 0576 SASDIFSV - ok
23:22:36.0062 0576 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:22:36.0062 0576 SASKUTIL - ok
23:22:36.0140 0576 [ 1FBD21895B768CD40E83B86C18E6454F ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
23:22:36.0140 0576 SbieDrv - ok
23:22:36.0156 0576 [ D5D875D6662F30C7FBF5F6879452B12B ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
23:22:36.0156 0576 SbieSvc - ok
23:22:36.0187 0576 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:22:36.0203 0576 SCardSvr - ok
23:22:36.0218 0576 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:22:36.0234 0576 Schedule - ok
23:22:36.0234 0576 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:22:36.0234 0576 Secdrv - ok
23:22:36.0234 0576 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:22:36.0234 0576 seclogon - ok
23:22:36.0234 0576 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:22:36.0250 0576 SENS - ok
23:22:36.0265 0576 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:22:36.0265 0576 serenum - ok
23:22:36.0265 0576 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:22:36.0265 0576 Serial - ok
23:22:36.0312 0576 [ 2AF4866050E7C07132473AA5E57630EB ] ServiceProviderRegistry C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
23:22:36.0312 0576 ServiceProviderRegistry - ok
23:22:36.0328 0576 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:22:36.0328 0576 Sfloppy - ok
23:22:36.0328 0576 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:22:36.0343 0576 SharedAccess - ok
23:22:36.0343 0576 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:22:36.0359 0576 ShellHWDetection - ok
23:22:36.0359 0576 Simbad - ok
23:22:36.0359 0576 Sparrow - ok
23:22:36.0359 0576 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:22:36.0359 0576 splitter - ok
23:22:36.0406 0576 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:22:36.0406 0576 Spooler - ok
23:22:36.0421 0576 [ D319A833EC173AD83C67885B3ED6C71C ] SqmProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
23:22:36.0421 0576 SqmProviderSvc - ok
23:22:36.0437 0576 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:22:36.0437 0576 sr - ok
23:22:36.0437 0576 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:22:36.0453 0576 srservice - ok
23:22:36.0468 0576 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:22:36.0468 0576 Srv - ok
23:22:36.0468 0576 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:22:36.0484 0576 SSDPSRV - ok
23:22:36.0500 0576 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:22:36.0515 0576 stisvc - ok
23:22:36.0531 0576 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:22:36.0531 0576 swenum - ok
23:22:36.0531 0576 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:22:36.0531 0576 swmidi - ok
23:22:36.0531 0576 SwPrv - ok
23:22:36.0531 0576 symc810 - ok
23:22:36.0531 0576 symc8xx - ok
23:22:36.0531 0576 sym_hi - ok
23:22:36.0546 0576 sym_u3 - ok
23:22:36.0546 0576 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:22:36.0546 0576 sysaudio - ok
23:22:36.0546 0576 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:22:36.0546 0576 SysmonLog - ok
23:22:36.0562 0576 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:22:36.0562 0576 TapiSrv - ok
23:22:36.0609 0576 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:22:36.0625 0576 Tcpip - ok
23:22:36.0625 0576 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:22:36.0625 0576 TDPIPE - ok
23:22:36.0640 0576 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:22:36.0640 0576 TDTCP - ok
23:22:36.0640 0576 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:22:36.0640 0576 TermDD - ok
23:22:36.0656 0576 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:22:36.0656 0576 TermService - ok
23:22:36.0687 0576 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:22:36.0687 0576 Themes - ok
23:22:36.0703 0576 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:22:36.0703 0576 TlntSvr - ok
23:22:36.0703 0576 TosIde - ok
23:22:36.0718 0576 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:22:36.0718 0576 TrkWks - ok
23:22:36.0750 0576 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:22:36.0750 0576 Udfs - ok
23:22:36.0828 0576 [ 810883E6225C0037F2553D964FC866E3 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
23:22:36.0828 0576 UleadBurningHelper - ok
23:22:36.0828 0576 ultra - ok
23:22:36.0843 0576 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:22:36.0843 0576 Update - ok
23:22:36.0859 0576 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:22:36.0875 0576 upnphost - ok
23:22:36.0875 0576 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:22:36.0890 0576 UPS - ok
23:22:36.0906 0576 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:22:36.0906 0576 usbccgp - ok
23:22:36.0906 0576 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:22:36.0906 0576 usbehci - ok
23:22:36.0906 0576 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:22:36.0906 0576 usbhub - ok
23:22:36.0921 0576 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:22:36.0921 0576 usbohci - ok
23:22:36.0921 0576 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:22:36.0921 0576 usbprint - ok
23:22:36.0937 0576 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:22:36.0937 0576 usbscan - ok
23:22:36.0953 0576 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:22:36.0953 0576 USBSTOR - ok
23:22:36.0968 0576 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:22:36.0968 0576 VgaSave - ok
23:22:37.0031 0576 [ 1A8E19B027885E8E9E852784C9E4B21A ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
23:22:37.0031 0576 VIAHdAudAddService - ok
23:22:37.0046 0576 ViaIde - ok
23:22:37.0046 0576 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:22:37.0046 0576 VolSnap - ok
23:22:37.0062 0576 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:22:37.0062 0576 VSS - ok
23:22:37.0078 0576 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:22:37.0093 0576 W32Time - ok
23:22:37.0093 0576 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:22:37.0093 0576 Wanarp - ok
23:22:37.0109 0576 WDICA - ok
23:22:37.0109 0576 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:22:37.0109 0576 wdmaud - ok
23:22:37.0125 0576 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:22:37.0125 0576 WebClient - ok
23:22:37.0187 0576 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:22:37.0187 0576 winmgmt - ok
23:22:37.0250 0576 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:22:37.0265 0576 wlidsvc - ok
23:22:37.0296 0576 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:22:37.0312 0576 WmdmPmSN - ok
23:22:37.0328 0576 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:22:37.0328 0576 Wmi - ok
23:22:37.0328 0576 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:22:37.0343 0576 WmiAcpi - ok
23:22:37.0343 0576 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:22:37.0343 0576 WmiApSrv - ok
23:22:37.0406 0576 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:22:37.0406 0576 WMPNetworkSvc - ok
23:22:37.0500 0576 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:22:37.0500 0576 WPFFontCache_v0400 - ok
23:22:37.0531 0576 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:22:37.0546 0576 WS2IFSL - ok
23:22:37.0578 0576 [ B27C0BB50B2C246FEC2684D86E39B62E ] WSConnectorUpdate C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
23:22:37.0593 0576 WSConnectorUpdate - ok
23:22:37.0625 0576 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:22:37.0640 0576 wscsvc - ok
23:22:37.0656 0576 [ D319A833EC173AD83C67885B3ED6C71C ] WSS_ComputerBackupProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
23:22:37.0656 0576 WSS_ComputerBackupProviderSvc - ok
23:22:37.0671 0576 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:22:37.0671 0576 wuauserv - ok
23:22:37.0718 0576 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:22:37.0718 0576 WudfPf - ok
23:22:37.0718 0576 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:22:37.0734 0576 WudfRd - ok
23:22:37.0765 0576 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:22:37.0781 0576 WudfSvc - ok
23:22:37.0828 0576 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:22:37.0843 0576 WZCSVC - ok
23:22:37.0859 0576 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:22:37.0859 0576 xmlprov - ok
23:22:37.0859 0576 ================ Scan global ===============================
23:22:37.0906 0576 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:22:37.0937 0576 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:22:37.0953 0576 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:22:37.0968 0576 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:22:37.0968 0576 [Global] - ok
23:22:37.0968 0576 ================ Scan MBR ==================================
23:22:37.0984 0576 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:22:38.0125 0576 \Device\Harddisk0\DR0 - ok
23:22:38.0125 0576 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:22:38.0312 0576 \Device\Harddisk1\DR1 - ok
23:22:38.0328 0576 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
23:22:38.0468 0576 \Device\Harddisk2\DR2 - ok
23:22:38.0500 0576 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
23:22:38.0500 0576 \Device\Harddisk3\DR3 - ok
23:22:38.0500 0576 [ 06449E7C4AF0550B77E260798769AA40 ] \Device\Harddisk4\DR9
23:22:38.0500 0576 \Device\Harddisk4\DR9 - ok
23:22:38.0515 0576 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk6\DR12
23:22:38.0515 0576 \Device\Harddisk6\DR12 - ok
23:22:38.0515 0576 [ 06449E7C4AF0550B77E260798769AA40 ] \Device\Harddisk7\DR13
23:22:38.0531 0576 \Device\Harddisk7\DR13 - ok
23:22:38.0531 0576 ================ Scan VBR ==================================
23:22:38.0531 0576 [ 406D08C67AF38E716114F01FB7014F00 ] \Device\Harddisk0\DR0\Partition1
23:22:38.0531 0576 \Device\Harddisk0\DR0\Partition1 - ok
23:22:38.0531 0576 [ 0FB03B80DE4A189B212714CA0FA925F9 ] \Device\Harddisk1\DR1\Partition1
23:22:38.0531 0576 \Device\Harddisk1\DR1\Partition1 - ok
23:22:38.0546 0576 [ C2D43BC381865F5560EDAA7E7AE2CE23 ] \Device\Harddisk2\DR2\Partition1
23:22:38.0546 0576 \Device\Harddisk2\DR2\Partition1 - ok
23:22:38.0562 0576 [ DD11F9A117EF0A3E60C8AB23A3F856A9 ] \Device\Harddisk2\DR2\Partition2
23:22:38.0562 0576 \Device\Harddisk2\DR2\Partition2 - ok
23:22:38.0562 0576 [ 331B5935D6F88C03A70B7D797CFF01FE ] \Device\Harddisk3\DR3\Partition1
23:22:38.0562 0576 \Device\Harddisk3\DR3\Partition1 - ok
23:22:38.0562 0576 [ E387233CB05B5F0699717735C4FDA34F ] \Device\Harddisk4\DR9\Partition1
23:22:38.0562 0576 \Device\Harddisk4\DR9\Partition1 - ok
23:22:38.0562 0576 [ 0DEE750189656F9A1D51FB75B639D6DA ] \Device\Harddisk6\DR12\Partition1
23:22:38.0562 0576 \Device\Harddisk6\DR12\Partition1 - ok
23:22:38.0578 0576 [ EB2C8741CEEC6D6C37379DBB22DC27EF ] \Device\Harddisk7\DR13\Partition1
23:22:38.0578 0576 \Device\Harddisk7\DR13\Partition1 - ok
23:22:38.0578 0576 ============================================================
23:22:38.0578 0576 Scan finished
23:22:38.0578 0576 ============================================================
23:22:38.0578 3160 Detected object count: 0
23:22:38.0578 3160 Actual detected object count: 0

aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-24 23:23:19
-----------------------------
23:23:19.234 OS Version: Windows 5.1.2600 Service Pack 3
23:23:19.234 Number of processors: 4 586 0x403
23:23:19.234 ComputerName: HUTSELL1 UserName:
23:23:20.828 Initialize success
23:23:21.484 AVAST engine defs: 12102500
23:24:13.359 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
23:24:13.359 Disk 0 Vendor: WDC_WD3200AAJS-00L7A0 01.03E01 Size: 305245MB BusType: 3
23:24:13.359 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
23:24:13.359 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
23:24:13.359 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-18
23:24:13.359 Disk 2 Vendor: ST3500413AS JC4B Size: 476940MB BusType: 3
23:24:13.359 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-2c
23:24:13.359 Disk 3 Vendor: WDC_WD7500AADS-00L5B1 01.01A01 Size: 715404MB BusType: 3
23:24:13.359 Disk 2 MBR read successfully
23:24:13.359 Disk 2 MBR scan
23:24:13.359 Disk 2 Windows XP default MBR code
23:24:13.359 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300002 MB offset 63
23:24:13.359 Disk 2 Partition - 00 0F Extended LBA 176926 MB offset 614405925
23:24:13.390 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 176926 MB offset 614405988
23:24:13.390 Disk 2 scanning sectors +976752000
23:24:13.453 Disk 2 scanning C:\WINDOWS\system32\drivers
23:24:20.359 Service scanning
23:24:30.484 Modules scanning
23:24:33.625 Disk 2 trace - called modules:
23:24:33.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:24:33.656 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x8a6acab8]
23:24:33.656 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000077[0x8a7409e8]
23:24:33.656 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-18[0x8a6cad98]
23:24:34.078 AVAST engine scan C:\WINDOWS
23:24:40.296 AVAST engine scan C:\WINDOWS\system32
23:26:48.156 AVAST engine scan C:\WINDOWS\system32\drivers
23:26:57.218 AVAST engine scan C:\Documents and Settings\ahutsell2001
23:29:18.671 AVAST engine scan C:\Documents and Settings\All Users
23:29:34.125 Scan finished successfully
23:29:49.015 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\ahutsell2001\Desktop\MBR.dat"
23:29:49.015 The log file has been saved successfully to "C:\Documents and Settings\ahutsell2001\Desktop\aswMBR.txt"
  • 0

#9
gringo_pr
Posted 24 October 2012 - 09:41 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#10
majorlag
Posted 24 October 2012 - 09:54 PM

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Greetings!

Here is the second Combofix log (after drag-n-drop script). Computer seems to be a little smoother. Log look OK to you?

ComboFix 12-10-24.02 - ahutsell2001 10/24/2012 23:44:32.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1181 [GMT -4:00]
Running from: c:\documents and settings\ahutsell2001\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ahutsell2001\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
.
.
2012-10-22 23:39 . 2012-10-22 23:39 -------- d-----w- c:\program files\Common Files\Java
2012-10-15 05:32 . 2010-08-02 14:55 316280 ----a-w- c:\windows\system32\Tcpview.exe
2012-10-15 05:32 . 2010-07-28 19:47 199544 ----a-w- c:\windows\system32\Tcpvcon.exe
2012-10-01 03:56 . 2012-10-01 03:56 -------- d-----w- c:\program files\Audacity
2012-09-30 22:32 . 2012-09-30 22:32 -------- d-----w- c:\documents and settings\ahutsell2001\Application Data\Amazon
2012-09-30 22:31 . 2012-09-30 22:31 -------- d-----w- c:\program files\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-21 20:21 . 2012-09-07 01:36 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-21 20:21 . 2011-08-03 23:14 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 23:54 . 2011-09-26 05:24 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 19:32 . 2012-08-08 05:53 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 19:32 . 2012-02-25 05:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 17:51 . 2012-08-08 05:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-14 07:17 . 2011-08-05 17:12 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-14 07:17 . 2011-08-05 17:12 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-14 07:17 . 2011-08-05 17:12 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-14 05:31 . 2011-08-05 17:12 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-28 15:14 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2006-02-28 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 09:13 . 2011-08-03 04:06 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-08-01 05:41 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-08-01 05:41 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-08-01 05:41 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-08-01 05:41 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2011-08-01 05:41 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2011-08-01 05:41 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:13 . 2011-08-01 05:41 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-08-03 04:06 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-08-01 05:40 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-11 01:06 . 2012-10-12 17:07 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 466704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-17 4762496]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-11-20 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-11-18 33697792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Launchpad"="c:\program files\Windows Server\Bin\Launchpad.exe" [2012-07-06 1099384]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\documents and settings\ahutsell2001\Start Menu\Programs\Startup\
Shortcut to procexp.lnk - c:\windows\system32\procexp.exe [2011-8-5 3550592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Twonky Tray Control.lnk - c:\program files\TwonkyMedia\twonkymediaserverconfig.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2008-11-07 17:50 54576 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupPersonalReminder]
2004-07-15 17:02 266240 ----a-w- c:\program files\Personal Reminder\PersonalReminder.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{53A8C41D-37A5-4B57-8F80-0D83F4F34271}\\setup\\hpznui01.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/3/2011 12:06 AM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/1/2011 1:41 AM 355632]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 31704]
R1 cyphxdrv;cyphxdrv;c:\windows\system32\drivers\cyphxdrv.sys [8/5/2011 1:19 PM 97784]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 7:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/1/2011 1:41 AM 21256]
R2 cypherixservice;Cypherix service;c:\windows\system32\cypherixsrv.exe [8/5/2011 1:19 PM 928496]
R2 HealthAlertsSvc;Windows Server Health Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [3/2/2011 3:46 PM 30592]
R2 LANConfig;Windows Server LAN Configuration;c:\program files\Windows Server\Bin\LANConfigSvc.exe [3/2/2011 3:46 PM 27520]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/9/2012 9:08 PM 399432]
R2 NotificationsProviderSvc;Windows Server Notifications Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [3/2/2011 3:46 PM 30592]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/1/2011 9:23 PM 2214504]
R2 providers_system;Windows Server Download Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [3/2/2011 3:46 PM 30592]
R2 ServiceProviderRegistry;Windows Server Service Provider Registry;c:\program files\Windows Server\Bin\ProviderRegistryService.exe [1/12/2012 12:26 PM 40832]
R2 WSConnectorUpdate;Windows Server Connector Update;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe [3/2/2011 1:54 PM 162176]
R2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [3/2/2011 3:46 PM 30592]
R3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [3/2/2011 1:33 PM 53504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/26/2011 1:24 AM 22856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/1/2011 1:39 AM 1425280]
S2 initMonitor;Windows Server Initialization Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [3/2/2011 3:46 PM 30592]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [12/16/2011 9:39 PM 2560]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/26/2011 1:24 AM 676936]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/21/2012 8:50 PM 115168]
S4 SqmProviderSvc;Windows Server SQM Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [3/2/2011 3:46 PM 30592]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 91642318
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - 91642318
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 19:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-25 c:\windows\Tasks\Alert Evaluations.job
- c:\program files\Windows Server\Bin\runtask.exe [2012-01-12 16:26]
.
2012-10-25 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-14 09:12]
.
2012-10-24 c:\windows\Tasks\Backup.job
- c:\program files\Windows Server\Bin\runtask.exe [2012-01-12 16:26]
.
2012-10-25 c:\windows\Tasks\Health Definition Updates.job
- c:\program files\Windows Server\Bin\runtask.exe [2012-01-12 16:26]
.
2012-10-25 c:\windows\Tasks\InstallAddIns.job
- c:\program files\Windows Server\Bin\runtask.exe [2012-01-12 16:26]
.
2012-10-25 c:\windows\Tasks\RenewClientCertificate.job
- c:\program files\Windows Server\Bin\runtask.exe [2012-01-12 16:26]
.
2012-10-24 c:\windows\Tasks\SaveCEIPData.job
- c:\program files\Windows Server\Bin\runtask.exe [2012-01-12 16:26]
.
2012-10-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3ff65753-3767-48ed-a63d-2c1855324e99.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-10-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 762ceecc-56fb-4a5b-86fc-5278d51db2d7.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-10-24 c:\windows\Tasks\UploadCEIPData.job
- c:\program files\Windows Server\Bin\runtask.exe [2012-01-12 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://myvaughnmelton.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.2
FF - ProfilePath - c:\documents and settings\ahutsell2001\Application Data\Mozilla\Firefox\Profiles\pz8ot46n.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - ExtSQL: 2012-09-06 21:38; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-22 19:39; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-24 23:48
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\5090D0C6F0C41D66F1FC186653400623]
"1"=hex:bf,6a,73,4a,48,57,d9,26,5d,d7,11,8b,51,ce,1c,37,d5,35,55,01,4a,fa,87,
5b,05,b9,40,36,74,e8,ba,9b,68,bf,3f,9f,70,2a,e2,47
"2"=hex:b9,79,92,49,84,61,ca,64
"3"=hex:ed,25,d3,d0,21,00,27,b3,ee,5c,b5,b1,e1,61,fa,91,1d,1b,fe,f9,0d,11,09,
59,9a,77,68,25,e5,34,1e,a0,1b,d1,e7,20,dd,37,e4,3b,85,92,59,33,d9,f4,0b,31,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,6a,73,4a,48,57,d9,26,5d,d7,11,8b,51,ce,1c,37,d5,35,55,01,4a,fa,87,
5b,cb,fb,81,cd,c4,7c,14,7a,ec,b1,2c,0b,31,b7,01,87,bb,2f,ac,3d,2b,97,1a,1b,\
"7"=hex:6a,0b,56,13,c1,93,dc,9c,a0,00,aa,b4,e4,7b,e0,c8,74,2a,16,32,d3,b5,82,
f9,9f,42,18,f6,e4,ae,ab,8d,63,db,05,00,73,01,e2,83,29,05,70,f6,f1,7e,78,c9,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
64,ae,a5,e1,39,c0,fe,a7,12,fb,d4,fe,25,dc,00,56,48,96,3b,a2,3d,de,dc,19,d4,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:2a,34,42,58,5f,32,8f,0f,1f,55,b5,57,8d,60,3d,d7,f8,ed,7f,84,79,33,ec,
6c,d3,86,02,8d,c4,17,08,f0,7e,68,ec,b4,42,91,99,cb,f3,5f,6a,3c,ee,11,ab,d2,\
"13"=hex:2c,7d,07,5d,bc,25,f4,02,ed,43,66,10,e3,2a,55,f2,12,56,ce,20,b0,0b,fe,
ff,cc,a8,f9,c7,64,07,58,23,c4,5c,ea,82,28,c6,52,26
"14"=hex:1f,8a,67,97,71,05,61,4c,7f,43,3b,71,e0,a5,64,da
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:14,5b,b0,0d,f9,1b,74,1b,6f,0b,b2,ca,7d,96,11,f3
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:eb,25,51,66,6a,72,1d,2d,fc,53,09,22,0a,c4,b1,9a,3b,de,19,ca,6e,8b,7e,
40,33,1d,55,74,ee,e5,b9,cb,f4,80,0b,49,94,62,e6,a7,1b,b4,7e,eb,1d,48,d1,2f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3304)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(632)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-10-24 23:49:41
ComboFix-quarantined-files.txt 2012-10-25 03:49
ComboFix2.txt 2012-10-25 02:29
ComboFix3.txt 2011-11-28 03:25
.
Pre-Run: 99,664,130,048 bytes free
Post-Run: 99,649,978,368 bytes free
.
- - End Of File - - B870CEE4DAEF093AB921F42F5436D6D7

Edited by majorlag, 24 October 2012 - 09:56 PM.

  • 0

Advertisements

#11
gringo_pr
Posted 25 October 2012 - 04:39 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#12
majorlag
Posted 25 October 2012 - 04:29 PM

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Good evening!

Here's the Combofix report from the Qoobox folder:

32 Bit HP CIO Components Installer
6000E609_BasicWeb
6000E609_Help_BasicWeb
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Software Update
Audacity 1.3.10 (Unicode)
Audacity 2.0.2
avast! Free Antivirus
BPDSoftware_Ini
BufferChm
CCleaner
Combat Mission Beyond Overlord v1.12
COMODO Internet Security
Contact1
Corel VideoStudio 12
Creative EAX Settings
Creative Speaker Settings
Cypherix LE
Destination Component
Device Control
DeviceManagementQFolder
DocProc
DocProcQFolder
DVDFab 8.1.0.5 (04/07/2011) Qt
DVDStyler v2.3
ESET Online Scanner v3
eSupportQFolder
Eudora (8.0.0b5)
FileZilla Client 3.5.3
Foxit Reader
Full Video Converter Free 9
GIMP 2.6.7
H&R Block Deluxe + Efile + State 2011
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Officejet 6000 E609 Series
HP Scanjet G3010 and 4370 9.0
HP Solution Center 9.0
hpg3010
hpg3010QFolder
HPProductAssistant
IZArc 3.7
Java Auto Updater
Java™ 6 Update 37
LAME v3.98.3 for Audacity
LightScribe System Software
Malwarebytes Anti-Malware version 1.65.1.1000
Mathcad 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NCMA Masonry Design Software
Neo's SafeKeys v3
Nero 7 Ultra Edition
Network
NVIDIA Control Panel 275.33
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA nView 135.85
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Update 1.3.5
NVIDIA Update Components
OLYMPUS Master 2
Paint.NET v3.31
PanoStandAlone
PDF reDirect (remove only)
Picasa 3
Platform
Playlist Creator 3.6.2
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
RIP Vinyl
Sandboxie 3.72 (32-bit)
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SmartSound Quicktracks Plugin
SolutionCenter
Strategic Command WWII Global Conflict GOLD Demo
SUPERAntiSpyware
System Requirements Lab
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
VideoStudio
VisualAnalysis 5.5 Edu
VLC media player 0.9.9
WebFldrs XP
WebReg
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Home Server 2011 Connector
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wolfenstein - Enemy Territory
Xiph.Org Open Codecs 0.85.17777
  • 0

#13
gringo_pr
Posted 25 October 2012 - 05:06 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 37 [/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#14
majorlag
Posted 25 October 2012 - 06:15 PM

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
OK, I ran the uninstaller, reinstalled Java, and ran MBAM:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.25.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ahutsell2001 :: HUTSELL1 [administrator]

10/25/2012 8:09:05 PM
mbam-log-2012-10-25 (20-09-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212026
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


And here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:15:08 PM, on 10/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\cypherixsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Server\Bin\Launchpad.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\smsniff\smsniff.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\procexp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Eudora\eudora.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\ahutsell2001\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myvaughnmelton.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Launchpad] %programfiles%\Windows Server\Bin\Launchpad.exe -autostart
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Startup: Shortcut to procexp.lnk = C:\WINDOWS\system32\procexp.exe
O4 - Global Startup: Twonky Tray Control.lnk = C:\Program Files\TwonkyMedia\twonkymediaserverconfig.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.co...sreqlab_nvd.cab
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://myvaughnmelton.com/XTSAC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1344404936000
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Cypherix service (cypherixservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\system32\cypherixsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9286 bytes
  • 0

#15
gringo_pr
Posted 25 October 2012 - 07:26 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
      O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
      O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
      O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP