Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit in W7, very hard to detect [Solved]


  • This topic is locked This topic is locked

#1
Blackbird10

Blackbird10

    Member

  • Member
  • PipPip
  • 10 posts
Hi,
My PC has been compromised with a rootkit, which is hiding keyloggers and possibly backdoors and god knows what else.
I´ve ran a lot of rootkit scans, but none showed any threats, but I´m pretty certain there is one and probably backdoors.
I would like some advise on how to deal with this since I´m running out of options on what to do, I´ve checked a lot of guides but none really worked.
If some experts could checkout my hijackthis logs would be great, although I think this rootkit is also hiding from logs.
Today I ran Roguekiller and it did find something strange:

¤¤¤ Registry Entries : 8 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\16024152 (system32\drivers\36796125.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\16024152 (system32\drivers\36796125.sys) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

+++++ PhysicalDrive0: SAMSUNG HD642JJ ATA Device +++++
--- User ---
[MBR] 654e352871837011b4f8af029e0ff940
[BSP] 5711017d73af764942470f44f0c2584f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610477 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD322HJ ATA Device +++++
--- User ---
[MBR] ade521bef2454521022876a5b691ceed
[BSP] 1eb4a2c578f759820660b1f07e6dc864 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] c0987d86a3428309fc2a88436888f7c5
[BSP] cea2d875a1f1581ed70ed067a0d69c2e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430796 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

OTL SCANNING RESULTS:

OTL logfile created on: 23/10/2012 0:30:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\********\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

6,00 Gb Total Physical Memory | 3,90 Gb Available Physical Memory | 65,04% Memory free
12,00 Gb Paging File | 8,96 Gb Available in Paging File | 74,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 243,22 Gb Free Space | 81,60% Space Free | Partition Type: NTFS
Drive D: | 182,18 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1397,26 Gb Total Space | 73,66 Gb Free Space | 5,27% Space Free | Partition Type: NTFS
Drive F: | 596,17 Gb Total Space | 495,86 Gb Free Space | 83,17% Space Free | Partition Type: NTFS

Computer Name: *********** | User Name: ******** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/23 00:29:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Downloads\OTL.exe
PRC - [2012/10/11 03:04:29 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/07 15:51:36 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/10/07 15:50:27 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/10/03 18:48:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/21 13:22:22 | 003,341,464 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/08/03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Archivos de programa\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010/01/19 04:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009/11/20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/11 03:04:42 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/07 15:51:35 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/10/07 15:51:34 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012/10/07 15:51:34 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/10/07 15:51:34 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/10/07 15:51:33 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2011/09/03 23:08:45 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/11 03:04:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/07 15:51:36 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/03 18:48:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/15 15:32:51 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/03 09:49:34 | 002,072,896 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/01/19 04:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/10/18 21:01:10 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/10/18 21:01:10 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/10/18 21:01:10 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/24 09:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/07/28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/06/08 11:38:10 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/05/14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/20 13:16:27 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2011/09/29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/13 17:24:04 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/08/13 17:24:03 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/04/22 15:08:14 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/01/27 10:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2012/04/09 16:59:32 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/10/31 16:22:10 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/07/22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = google.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 FA 6A 87 79 FA CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0EA9F28E-8032-4C11-9B2D-4C45BD4C8ED7}: "URL" = http://websearch.ask...21-87B8D1D3DAC3
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Alec\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2012/10/18 20:43:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2012/10/18 20:43:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2012/10/18 20:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/22 21:44:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/20 20:06:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2012/10/22 21:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alec\AppData\Roaming\mozilla\Extensions
[2012/10/22 21:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/10/11 03:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/10/11 05:57:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/11 05:57:25 | 000,003,882 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
[2012/10/11 05:57:25 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
[2012/10/11 05:57:25 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/10/11 05:57:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
[2012/10/11 05:57:25 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: No name found = C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/10/03 01:13:46 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 secure.tune-up.com
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe (RAIDCALL.COM)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Teclado virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Supervisión de URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Teclado virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Supervisión de URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.216.1.65 87.216.1.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC5D33DC-6D75-4793-9F65-FA33DC9A55BB}: DhcpNameServer = 87.216.1.65 87.216.1.66
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/19 15:32:38 | 000,000,046 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4a32d88d-c5a0-11e0-b10c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4a32d88d-c5a0-11e0-b10c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\setup.exe -- [2009/05/12 13:43:59 | 000,124,168 | R--- | M] (Logitech, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/22 20:32:59 | 000,000,000 | ---D | C] -- C:\Users\Alec\Desktop\RK_Quarantine
[2012/10/22 18:32:02 | 000,000,000 | ---D | C] -- C:\Users\Alec\Desktop\Gmer ARK
[2012/10/22 13:32:44 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{6166DAA6-E1A3-402F-99B5-104C75CDDBE2}
[2012/10/21 13:32:10 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{D9EA37CB-6B29-4DB8-B277-67B8556F82A3}
[2012/10/21 03:13:20 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{07FF31DE-3A87-475D-BB2A-F5CB5B153E65}
[2012/10/20 20:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/20 13:58:07 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{DF90467D-BB41-4E19-BCF0-C15E1CDDDCC1}
[2012/10/19 15:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C Company
[2012/10/19 13:48:00 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\Apache
[2012/10/19 13:31:36 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{59955212-AB57-4CE1-914B-6647A0C4D2C1}
[2012/10/19 00:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/10/18 21:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/18 21:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/10/18 20:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2012/10/18 20:43:51 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2012/10/18 20:43:36 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012/10/18 20:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/18 20:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/18 20:43:18 | 000,611,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/18 20:43:18 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2012/10/18 16:37:50 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{605CDCE8-4800-46A3-8EE1-76F0D39B5B65}
[2012/10/17 13:06:00 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{CC40E875-C85C-4699-B926-A75670382EF1}
[2012/10/16 13:27:14 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{B1600356-9D56-4432-BCBD-2B53333074CA}
[2012/10/16 00:54:52 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{9CC1B5AC-9BB4-4854-B129-151D860E195D}
[2012/10/15 12:54:39 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{13BF1897-28F7-4F41-A444-37160068423B}
[2012/10/14 12:52:30 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{924ECC4A-3822-4F4D-8EF7-FEC5B87C77D2}
[2012/10/13 12:37:44 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{A3E62418-B9E8-439B-BEEC-3EA6D29B2294}
[2012/10/12 12:38:41 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{3CF8EAAB-A28D-4DAC-A77C-DB8492970EC1}
[2012/10/12 00:38:17 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{C2F07A76-52F0-4287-B47F-2EF2D7B774FF}
[2012/10/11 22:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/10/11 22:13:27 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Roaming\PowerISO
[2012/10/11 22:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012/10/11 22:11:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/10/11 22:11:28 | 000,126,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2012/10/11 22:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2012/10/11 12:37:52 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{9265CE8C-0281-485F-897E-12E87A70095E}
[2012/10/10 13:22:03 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{6510A39D-E44D-4489-A564-717D86F2E071}
[2012/10/09 11:53:07 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{BA70EAA4-C22B-4881-AB13-8C5D2705CD45}
[2012/10/08 13:10:49 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{0DAEE206-3E8B-4A0C-A656-2638953D7EE7}
[2012/10/07 15:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/10/07 15:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/10/07 15:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/10/07 15:41:34 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{7299AFED-2B9A-40F5-B5F1-3C2E933ABA1E}
[2012/10/06 13:20:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/10/06 13:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012/10/06 13:20:14 | 000,000,000 | ---D | C] -- C:\Games
[2012/10/06 13:15:32 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{14590115-9113-4002-8ACE-F8AD3998FCFE}
[2012/10/05 13:32:04 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{20D400D4-BD1F-46E3-902A-BC6F3BC8A8E7}
[2012/10/04 03:47:36 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{4BA360FD-3272-4F63-A67B-5086C68E3D08}
[2012/10/03 15:10:38 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012/10/03 15:10:37 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012/10/03 15:10:36 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012/10/03 15:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/10/03 15:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012/10/03 15:04:03 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{7A0D51BB-1C44-4D34-8D0A-695B80BD4F8E}
[2012/10/03 14:57:06 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{7F963431-B65F-4CA2-9FBC-347C982A68BA}
[2012/10/03 02:39:34 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{AA2F9AC1-D6AD-489F-AD13-AC5F5DB916FD}
[2012/10/03 01:50:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/10/03 01:00:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/02 12:56:27 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{37F4BD8F-5B46-4F54-BEF3-6E2FFFA0D128}
[2012/10/01 13:48:53 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{75DF4574-D685-4800-867C-AA8D4D428CBB}
[2012/09/30 13:43:56 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{B121B934-3D3D-441D-88CD-0E9968F1F2E2}
[2012/09/29 13:30:04 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{525C74AE-439D-4FF5-B011-312ED9D27820}
[2012/09/28 11:39:33 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{80344DE4-465A-43D4-BB59-6672D469CAF7}
[2012/09/28 02:15:16 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{A31123C6-F106-454A-B484-CCC7B01BA0A1}
[2012/09/27 14:14:45 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{C16161E5-F1B2-46AC-B015-C874BEFB8AEE}
[2012/09/26 13:43:08 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{A2FA5FFD-2332-4659-9825-2CB111DCC09D}
[2012/09/26 02:46:22 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{BD083A99-991D-41DE-A068-130C1A1D0323}
[2012/09/25 13:31:38 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{0118A4F0-A182-4DFC-A48A-63D310DFADAF}
[2012/09/24 15:22:02 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
[2012/09/24 13:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/09/24 13:10:14 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{CDF56A1A-7AE3-4781-823A-E95B9DDABE33}
[2012/09/24 04:22:56 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Roaming\CheckPoint
[2012/09/24 04:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/09/23 13:46:44 | 000,000,000 | ---D | C] -- C:\Users\Alec\AppData\Local\{264427C6-CE65-4C16-BE0A-6B3E7DB54336}
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/22 21:44:44 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/22 21:28:04 | 001,530,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/22 21:28:04 | 000,694,148 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/10/22 21:28:04 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/22 21:28:04 | 000,134,242 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/10/22 21:28:04 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/22 21:27:12 | 000,014,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 21:27:12 | 000,014,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 21:21:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/22 21:21:52 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/22 20:32:56 | 001,425,920 | ---- | M] () -- C:\Users\Alec\Desktop\RogueKiller.exe
[2012/10/22 20:22:57 | 000,000,000 | ---- | M] () -- C:\Users\Alec\defogger_reenable
[2012/10/19 15:27:15 | 000,001,345 | ---- | M] () -- C:\Users\Alec\Desktop\mow_assault_squad.exe - Acceso directo.lnk
[2012/10/19 13:36:53 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/19 00:21:15 | 000,001,916 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/10/19 00:18:29 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/18 21:38:31 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/10/18 21:01:10 | 000,611,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/18 21:01:10 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2012/10/18 21:01:10 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2012/10/18 20:43:51 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2012/10/18 20:32:15 | 000,000,020 | ---- | M] () -- C:\Windows\ÔùC
[2012/10/11 22:12:28 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012/10/11 20:46:50 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/10/11 20:46:50 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/10/11 20:46:41 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/10/07 15:50:11 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/10/07 02:54:50 | 000,001,157 | ---- | M] () -- C:\Users\Alec\Desktop\WoT.lnk
[2012/10/03 18:48:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/10/03 15:10:35 | 000,002,243 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Mantenimiento con 1 clic.lnk
[2012/10/03 15:10:35 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/28 20:53:31 | 071,831,387 | ---- | M] () -- C:\Users\Alec\Desktop\BF3_Premium_Guide02_EN_v2.pdf
[2012/09/28 11:46:32 | 000,383,592 | RHS- | M] () -- C:\gdrop
[2012/09/28 11:46:32 | 000,171,136 | RHS- | M] () -- C:\xeldr
[2012/09/28 11:46:32 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
[2012/09/27 20:59:24 | 072,907,101 | ---- | M] () -- C:\Users\Alec\Desktop\BF3_Premium_Guide01_EN.pdf
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/22 21:44:44 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/22 21:44:44 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/22 20:32:55 | 001,425,920 | ---- | C] () -- C:\Users\Alec\Desktop\RogueKiller.exe
[2012/10/22 20:22:57 | 000,000,000 | ---- | C] () -- C:\Users\Alec\defogger_reenable
[2012/10/19 15:27:15 | 000,001,345 | ---- | C] () -- C:\Users\Alec\Desktop\mow_assault_squad.exe - Acceso directo.lnk
[2012/10/19 00:21:15 | 000,001,916 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/10/19 00:18:29 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/18 20:44:07 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2012/10/18 20:32:15 | 000,000,020 | ---- | C] () -- C:\Windows\ÔùC
[2012/10/11 22:24:24 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012/10/11 22:12:28 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012/10/07 15:50:11 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/10/07 02:54:50 | 000,001,157 | ---- | C] () -- C:\Users\Alec\Desktop\WoT.lnk
[2012/10/03 18:46:51 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/10/03 15:10:35 | 000,002,243 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Mantenimiento con 1 clic.lnk
[2012/10/03 15:10:35 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/10/03 15:10:34 | 000,002,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/09/28 20:53:30 | 071,831,387 | ---- | C] () -- C:\Users\Alec\Desktop\BF3_Premium_Guide02_EN_v2.pdf
[2012/09/28 11:46:32 | 000,383,592 | RHS- | C] () -- C:\gdrop
[2012/09/28 11:46:32 | 000,171,136 | RHS- | C] () -- C:\xeldr
[2012/09/28 11:46:32 | 000,008,192 | ---- | C] () -- C:\bootsect.lxe.bak
[2012/09/27 20:59:22 | 072,907,101 | ---- | C] () -- C:\Users\Alec\Desktop\BF3_Premium_Guide01_EN.pdf
[2012/09/17 12:11:14 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/09/17 12:11:13 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/09/14 22:43:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/09/14 22:39:28 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/09/14 22:39:28 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/09/14 22:39:28 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/10/03 01:24:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011/08/13 14:27:17 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2011/08/13 14:24:07 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Edited by Blackbird10, 22 October 2012 - 04:40 PM.

  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#3
Blackbird10

Blackbird10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Gringo,
First of all thanks for your help it is greatly appreciated.
The PC is doing fine, never ran slow or had any problems malware related, I think the hacker just wants to compromise my privacy and does not want me to know he is in here, in other words, he is spying.
Here is Combofix and SecurityCheck report:

ComboFix 12-10-23.01 - Alec 23/10/2012 14:12:27.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.3082.18.6142.4244 [GMT 2:00]
Running from: c:\users\Alec\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
.
.
2012-10-23 12:15 . 2012-10-23 12:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-19 11:48 . 2012-10-19 11:57 -------- d-----w- c:\users\Alec\AppData\Local\Apache
2012-10-18 22:18 . 2012-10-18 22:18 -------- d-----w- c:\program files\HitmanPro
2012-10-18 19:59 . 2012-10-18 22:21 -------- d-----w- c:\programdata\HitmanPro
2012-10-18 19:57 . 2012-10-18 19:57 -------- d-----w- c:\programdata\Tarma Installer
2012-10-18 18:43 . 2012-07-11 15:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2012-10-18 18:43 . 2012-10-18 18:43 -------- d-----w- c:\windows\ELAMBKUP
2012-10-18 18:43 . 2012-10-23 11:57 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-18 18:43 . 2012-10-18 18:43 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-18 18:43 . 2012-10-18 19:01 611160 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-18 18:43 . 2012-08-13 16:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-10-11 20:24 . 2012-10-11 20:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-10-11 20:13 . 2012-10-11 20:13 -------- d-----w- c:\users\Alec\AppData\Roaming\PowerISO
2012-10-11 20:11 . 2012-10-11 20:11 -------- d--h--w- c:\programdata\Common Files
2012-10-11 20:11 . 2012-10-11 20:12 -------- d-----w- c:\program files (x86)\PowerISO
2012-10-11 20:11 . 2012-08-24 07:56 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-10-07 13:50 . 2012-10-07 14:45 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-10-07 13:50 . 2012-10-23 11:42 -------- d-----w- c:\program files (x86)\Steam
2012-10-06 11:20 . 2012-10-06 11:20 -------- d-----w- C:\Games
2012-10-03 16:46 . 2012-05-22 13:36 2580552 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-10-03 13:10 . 2011-11-03 07:49 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-10-03 13:10 . 2011-11-03 07:49 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-10-03 13:10 . 2011-11-03 07:49 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-10-03 13:10 . 2012-10-03 13:10 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-10-02 23:50 . 2012-10-03 14:02 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-10-02 23:29 . 2009-12-10 10:28 36168 ----a-w- c:\windows\system32\uxt2F2E.tmp
2012-10-02 23:03 . 2009-12-10 10:28 36168 ----a-w- c:\windows\system32\uxt391C.tmp
2012-09-24 13:22 . 2012-09-24 13:22 -------- d-sh--w- c:\windows\system32\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
2012-09-24 11:25 . 2012-09-24 11:25 -------- d-----w- c:\program files\Enigma Software Group
2012-09-24 11:25 . 2012-09-24 11:56 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-24 02:22 . 2012-09-24 02:22 -------- d-----w- c:\users\Alec\AppData\Roaming\CheckPoint
2012-09-24 02:20 . 2012-09-24 02:20 -------- d-----w- c:\programdata\CheckPoint
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-18 19:01 . 2012-07-25 12:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-10-18 19:01 . 2012-05-25 17:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-10-11 18:46 . 2012-09-17 10:53 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-11 18:46 . 2012-09-17 10:11 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-11 18:46 . 2012-09-17 10:11 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-03 16:48 . 2012-09-17 10:11 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-09-29 17:54 . 2012-09-15 13:33 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-08 13:21 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-08 13:21 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-08 13:00 . 2012-09-08 13:00 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-08 13:00 . 2012-09-08 13:00 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-08 13:00 . 2012-09-08 13:00 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-08 13:00 . 2012-09-08 13:00 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-08 13:00 . 2012-09-08 13:00 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-08 13:00 . 2012-09-08 13:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-08 13:00 . 2012-09-08 13:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-08 13:00 . 2012-09-08 13:00 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-08 13:00 . 2012-09-08 13:00 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-08 13:00 . 2012-09-08 13:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-08 13:00 . 2012-09-08 13:00 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-08 13:00 . 2012-09-08 13:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-09-08 13:00 . 2012-09-08 13:00 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-08 13:00 . 2012-09-08 13:00 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-08 13:00 . 2012-09-08 13:00 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-08 13:00 . 2012-09-08 13:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-08 13:00 . 2012-09-08 13:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-09-08 13:00 . 2012-09-08 13:00 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-08 13:00 . 2012-09-08 13:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-09-08 13:00 . 2012-09-08 13:00 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-08 13:00 . 2012-09-08 13:00 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-08 13:00 . 2012-09-08 13:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-08 13:00 . 2012-09-08 13:00 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-08 13:00 . 2012-09-08 13:00 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-08 13:00 . 2012-09-08 13:00 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-08 13:00 . 2012-09-08 13:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-08 13:00 . 2012-09-08 13:00 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-08 13:00 . 2012-09-08 13:00 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-08 13:00 . 2012-09-08 13:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-08 13:00 . 2012-09-08 13:00 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-08 13:00 . 2012-09-08 13:00 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-08 13:00 . 2012-09-08 13:00 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-08 13:00 . 2012-09-08 13:00 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-09-08 13:00 . 2012-09-08 13:00 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-08 13:00 . 2012-09-08 13:00 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-08 13:00 . 2012-09-08 13:00 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-08 13:00 . 2012-09-08 13:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-08 13:00 . 2012-09-08 13:00 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-08 13:00 . 2012-09-08 13:00 448512 ----a-w- c:\windows\system32\html.iec
2012-09-08 13:00 . 2012-09-08 13:00 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-08 13:00 . 2012-09-08 13:00 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-08 13:00 . 2012-09-08 13:00 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-08 13:00 . 2012-09-08 13:00 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-08 13:00 . 2012-09-08 13:00 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-08 13:00 . 2012-09-08 13:00 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-08 13:00 . 2012-09-08 13:00 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-08 13:00 . 2012-09-08 13:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-08 13:00 . 2012-09-08 13:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-08 13:00 . 2012-09-08 13:00 237056 ----a-w- c:\windows\system32\url.dll
2012-09-08 13:00 . 2012-09-08 13:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-08 13:00 . 2012-09-08 13:00 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-08 13:00 . 2012-09-08 13:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-08 13:00 . 2012-09-08 13:00 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-08 13:00 . 2012-09-08 13:00 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-09-08 13:00 . 2012-09-08 13:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-08 13:00 . 2012-09-08 13:00 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-08 13:00 . 2012-09-08 13:00 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-08 13:00 . 2012-09-08 13:00 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-08 13:00 . 2012-09-08 13:00 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-08 13:00 . 2012-09-08 13:00 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-08 13:00 . 2012-09-08 13:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-08 13:00 . 2012-09-08 13:00 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-08 13:00 . 2012-09-08 13:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-09-08 13:00 . 2012-09-08 13:00 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-08 13:00 . 2012-09-08 13:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-08 13:00 . 2012-09-08 13:00 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-08 13:00 . 2012-09-08 13:00 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-08 13:00 . 2012-09-08 13:00 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-08 13:00 . 2012-09-08 13:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-08 13:00 . 2012-09-08 13:00 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-08 13:00 . 2012-09-08 13:00 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-08 12:04 . 2012-09-08 12:04 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2012-09-08 11:59 . 2012-09-08 12:00 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-08 11:59 . 2012-09-08 12:00 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-08 11:59 . 2011-08-13 13:07 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-27 23:49 . 2012-09-08 13:48 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1447D990-7F00-4F4B-BA25-828FE792538C}\mpengine.dll
2012-08-13 14:49 . 2012-08-13 14:49 178008 ----a-w- c:\windows\system32\drivers\kneps.sys
2012-08-03 02:27 . 2012-09-08 12:48 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-02 13:09 . 2012-08-02 13:09 28504 ----a-w- c:\windows\system32\drivers\klim6.sys
2012-07-28 04:09 . 2012-04-06 01:34 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2012-04-06 02:21 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2012-04-06 02:20 1100288 ----a-w- c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-09-14 20:39 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files (x86)\Ares\Ares.exe" [2010-02-08 1015808]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-15 5663616]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-09-21 3341464]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-10-07 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"RaidCall"="c:\program files (x86)\RaidCall\raidcall.exe" [2012-09-25 3076096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-24 336992]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-08-17 218880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 aswArKrn;aswArKrn;c:\users\Alec\AppData\Local\Temp\aswArKrn.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 115168]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-22 21544]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-15 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-03 2072896]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-18 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-18 29528]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-31 11856]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 87.216.1.65 87.216.1.66
FF - ProfilePath - c:\users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\p4gr6p2e.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - ExtSQL: 2012-10-18 20:43; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
FF - ExtSQL: 2012-10-18 20:43; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
FF - ExtSQL: 2012-10-18 20:43; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3311288779-1017221690-2713501278-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3311288779-1017221690-2713501278-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3311288779-1017221690-2713501278-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ac,e4,19,af,2e,4c,67,92,8d,20,1a,ba,bf,f8,16,d5,36,99,a2,a5,0e,93,a5,
ea,18,69,f7,17,5b,c2,47,79,7a,9b,35,b6,a2,6e,35,80,67,8f,27,cd,9f,05,4b,93,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-23 14:16:18
ComboFix-quarantined-files.txt 2012-10-23 12:16
ComboFix2.txt 2012-10-23 12:06
.
Pre-Run: 260.784.566.272 bytes libres
Post-Run: 260.717.989.888 bytes libres
.
- - End Of File - - A392C6CE4A049B63150AE0AB2656F61F

Security Check:

Results of screen317's Security Check version 0.99.53
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Anti-Virus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versión 1.65.1.1000
TuneUp Utilities 2012
TuneUp Utilities Language Pack (es-ES)
CCleaner (remove only)
Java™ 6 Update 26
Java™ 6 Update 22
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X 10.1.1 Adobe Reader out of Date!
Mozilla Firefox (16.0.1)
Google Chrome 17.0.963.56
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#5
Blackbird10

Blackbird10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
TDSSKiller:

20:06:01.0121 12964 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
20:06:01.0371 12964 ============================================================
20:06:01.0371 12964 Current date / time: 2012/10/23 20:06:01.0371
20:06:01.0371 12964 SystemInfo:
20:06:01.0371 12964
20:06:01.0371 12964 OS Version: 6.1.7601 ServicePack: 1.0
20:06:01.0371 12964 Product type: Workstation
20:06:01.0371 12964 ComputerName: ZILDJIAN90
20:06:01.0371 12964 UserName: Alec
20:06:01.0371 12964 Windows directory: C:\Windows
20:06:01.0371 12964 System windows directory: C:\Windows
20:06:01.0371 12964 Running under WOW64
20:06:01.0371 12964 Processor architecture: Intel x64
20:06:01.0371 12964 Number of processors: 8
20:06:01.0371 12964 Page size: 0x1000
20:06:01.0371 12964 Boot type: Normal boot
20:06:01.0371 12964 ============================================================
20:06:02.0151 12964 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:06:09.0051 12964 Drive \Device\Harddisk0\DR0 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:06:09.0061 12964 Drive \Device\Harddisk2\DR2 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:06:15.0331 12964 ============================================================
20:06:15.0331 12964 \Device\Harddisk1\DR1:
20:06:15.0331 12964 MBR partitions:
20:06:15.0331 12964 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
20:06:15.0331 12964 \Device\Harddisk0\DR0:
20:06:15.0331 12964 MBR partitions:
20:06:15.0331 12964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A856800
20:06:15.0331 12964 \Device\Harddisk2\DR2:
20:06:15.0331 12964 MBR partitions:
20:06:15.0331 12964 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
20:06:15.0331 12964 ============================================================
20:06:15.0341 12964 C: <-> \Device\Harddisk1\DR1\Partition1
20:06:15.0371 12964 E: <-> \Device\Harddisk2\DR2\Partition1
20:06:15.0421 12964 F: <-> \Device\Harddisk0\DR0\Partition1
20:06:15.0421 12964 ============================================================
20:06:15.0421 12964 Initialize success
20:06:15.0421 12964 ============================================================
20:06:17.0861 15540 ============================================================
20:06:17.0861 15540 Scan started
20:06:17.0861 15540 Mode: Manual;
20:06:17.0861 15540 ============================================================
20:06:18.0341 15540 ================ Scan system memory ========================
20:06:18.0341 15540 System memory - ok
20:06:18.0341 15540 ================ Scan services =============================
20:06:18.0431 15540 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:06:18.0431 15540 !SASCORE - ok
20:06:18.0541 15540 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:06:18.0541 15540 1394ohci - ok
20:06:18.0571 15540 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:06:18.0571 15540 ACPI - ok
20:06:18.0591 15540 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:06:18.0591 15540 AcpiPmi - ok
20:06:18.0641 15540 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:06:18.0641 15540 AdobeARMservice - ok
20:06:18.0681 15540 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:06:18.0681 15540 adp94xx - ok
20:06:18.0701 15540 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:06:18.0711 15540 adpahci - ok
20:06:18.0721 15540 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:06:18.0721 15540 adpu320 - ok
20:06:18.0741 15540 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:06:18.0741 15540 AeLookupSvc - ok
20:06:18.0771 15540 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:06:18.0781 15540 AFD - ok
20:06:18.0791 15540 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:06:18.0791 15540 agp440 - ok
20:06:18.0811 15540 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:06:18.0811 15540 ALG - ok
20:06:18.0811 15540 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:06:18.0811 15540 aliide - ok
20:06:18.0841 15540 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:06:18.0841 15540 AMD External Events Utility - ok
20:06:18.0841 15540 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:06:18.0841 15540 amdide - ok
20:06:18.0861 15540 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:06:18.0861 15540 AmdK8 - ok
20:06:19.0021 15540 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:06:19.0101 15540 amdkmdag - ok
20:06:19.0121 15540 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:06:19.0121 15540 amdkmdap - ok
20:06:19.0141 15540 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:06:19.0141 15540 AmdPPM - ok
20:06:19.0161 15540 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:06:19.0161 15540 amdsata - ok
20:06:19.0191 15540 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:06:19.0191 15540 amdsbs - ok
20:06:19.0201 15540 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:06:19.0201 15540 amdxata - ok
20:06:19.0231 15540 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:06:19.0231 15540 AppID - ok
20:06:19.0261 15540 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:06:19.0261 15540 AppIDSvc - ok
20:06:19.0291 15540 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:06:19.0291 15540 Appinfo - ok
20:06:19.0321 15540 [ A632D9EA15F37D2605A7FCAF3892EC96 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
20:06:19.0321 15540 AppleCharger - ok
20:06:19.0331 15540 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
20:06:19.0331 15540 AppleChargerSrv - ok
20:06:19.0351 15540 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:06:19.0361 15540 AppMgmt - ok
20:06:19.0381 15540 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:06:19.0381 15540 arc - ok
20:06:19.0401 15540 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:06:19.0401 15540 arcsas - ok
20:06:19.0521 15540 aswArKrn - ok
20:06:19.0531 15540 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:06:19.0531 15540 AsyncMac - ok
20:06:19.0541 15540 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:06:19.0541 15540 atapi - ok
20:06:19.0571 15540 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:06:19.0571 15540 AtiHDAudioService - ok
20:06:19.0601 15540 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
20:06:19.0601 15540 atksgt - ok
20:06:19.0651 15540 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:06:19.0651 15540 AudioEndpointBuilder - ok
20:06:19.0661 15540 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:06:19.0661 15540 AudioSrv - ok
20:06:19.0721 15540 [ F1CA8ED683D6945EFDC4492AB60B1460 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
20:06:19.0721 15540 AVP - ok
20:06:19.0741 15540 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:06:19.0751 15540 AxInstSV - ok
20:06:19.0781 15540 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:06:19.0781 15540 b06bdrv - ok
20:06:19.0811 15540 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:06:19.0811 15540 b57nd60a - ok
20:06:19.0841 15540 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:06:19.0851 15540 BDESVC - ok
20:06:19.0871 15540 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:06:19.0871 15540 Beep - ok
20:06:19.0911 15540 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:06:19.0911 15540 BFE - ok
20:06:19.0931 15540 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
20:06:19.0941 15540 BITS - ok
20:06:19.0961 15540 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:06:19.0961 15540 blbdrive - ok
20:06:19.0991 15540 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:06:19.0991 15540 bowser - ok
20:06:20.0001 15540 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:06:20.0001 15540 BrFiltLo - ok
20:06:20.0011 15540 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:06:20.0011 15540 BrFiltUp - ok
20:06:20.0051 15540 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:06:20.0061 15540 BridgeMP - ok
20:06:20.0081 15540 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:06:20.0091 15540 Browser - ok
20:06:20.0101 15540 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:06:20.0101 15540 Brserid - ok
20:06:20.0121 15540 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:06:20.0121 15540 BrSerWdm - ok
20:06:20.0121 15540 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:06:20.0131 15540 BrUsbMdm - ok
20:06:20.0131 15540 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:06:20.0131 15540 BrUsbSer - ok
20:06:20.0161 15540 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:06:20.0161 15540 BTHMODEM - ok
20:06:20.0191 15540 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:06:20.0191 15540 bthserv - ok
20:06:20.0221 15540 catchme - ok
20:06:20.0221 15540 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:06:20.0221 15540 cdfs - ok
20:06:20.0251 15540 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:06:20.0251 15540 cdrom - ok
20:06:20.0291 15540 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:06:20.0291 15540 CertPropSvc - ok
20:06:20.0301 15540 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:06:20.0301 15540 circlass - ok
20:06:20.0321 15540 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:06:20.0321 15540 CLFS - ok
20:06:20.0381 15540 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:06:20.0381 15540 clr_optimization_v2.0.50727_32 - ok
20:06:20.0421 15540 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:06:20.0421 15540 clr_optimization_v2.0.50727_64 - ok
20:06:20.0441 15540 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:06:20.0441 15540 CmBatt - ok
20:06:20.0451 15540 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:06:20.0451 15540 cmdide - ok
20:06:20.0481 15540 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:06:20.0491 15540 CNG - ok
20:06:20.0501 15540 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:06:20.0501 15540 Compbatt - ok
20:06:20.0521 15540 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:06:20.0521 15540 CompositeBus - ok
20:06:20.0531 15540 COMSysApp - ok
20:06:20.0541 15540 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:06:20.0541 15540 crcdisk - ok
20:06:20.0561 15540 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:06:20.0561 15540 CryptSvc - ok
20:06:20.0591 15540 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
20:06:20.0591 15540 CSC - ok
20:06:20.0621 15540 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
20:06:20.0631 15540 CscService - ok
20:06:20.0661 15540 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:06:20.0661 15540 DcomLaunch - ok
20:06:20.0681 15540 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:06:20.0691 15540 defragsvc - ok
20:06:20.0701 15540 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:06:20.0711 15540 DfsC - ok
20:06:20.0721 15540 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:06:20.0731 15540 Dhcp - ok
20:06:20.0731 15540 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:06:20.0731 15540 discache - ok
20:06:20.0761 15540 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:06:20.0761 15540 Disk - ok
20:06:20.0791 15540 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:06:20.0791 15540 Dnscache - ok
20:06:20.0821 15540 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:06:20.0821 15540 dot3svc - ok
20:06:20.0841 15540 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:06:20.0851 15540 DPS - ok
20:06:20.0871 15540 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:06:20.0871 15540 drmkaud - ok
20:06:20.0891 15540 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:06:20.0901 15540 DXGKrnl - ok
20:06:20.0931 15540 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:06:20.0931 15540 EapHost - ok
20:06:20.0981 15540 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:06:21.0011 15540 ebdrv - ok
20:06:21.0031 15540 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:06:21.0031 15540 EFS - ok
20:06:21.0071 15540 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:06:21.0071 15540 ehRecvr - ok
20:06:21.0091 15540 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:06:21.0101 15540 ehSched - ok
20:06:21.0111 15540 EIO64 - ok
20:06:21.0131 15540 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:06:21.0141 15540 elxstor - ok
20:06:21.0151 15540 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:06:21.0151 15540 ErrDev - ok
20:06:21.0201 15540 esgiguard - ok
20:06:21.0231 15540 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:06:21.0231 15540 EventSystem - ok
20:06:21.0251 15540 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:06:21.0251 15540 exfat - ok
20:06:21.0271 15540 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:06:21.0271 15540 fastfat - ok
20:06:21.0301 15540 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:06:21.0311 15540 Fax - ok
20:06:21.0321 15540 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:06:21.0321 15540 fdc - ok
20:06:21.0351 15540 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:06:21.0351 15540 fdPHost - ok
20:06:21.0351 15540 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:06:21.0361 15540 FDResPub - ok
20:06:21.0361 15540 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:06:21.0361 15540 FileInfo - ok
20:06:21.0381 15540 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:06:21.0381 15540 Filetrace - ok
20:06:21.0381 15540 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:06:21.0381 15540 flpydisk - ok
20:06:21.0401 15540 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:06:21.0401 15540 FltMgr - ok
20:06:21.0441 15540 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
20:06:21.0451 15540 FontCache - ok
20:06:21.0501 15540 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:06:21.0501 15540 FontCache3.0.0.0 - ok
20:06:21.0511 15540 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:06:21.0511 15540 FsDepends - ok
20:06:21.0531 15540 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:06:21.0531 15540 fssfltr - ok
20:06:21.0591 15540 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:06:21.0611 15540 fsssvc - ok
20:06:21.0631 15540 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:06:21.0631 15540 Fs_Rec - ok
20:06:21.0651 15540 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:06:21.0651 15540 fvevol - ok
20:06:21.0661 15540 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:06:21.0671 15540 gagp30kx - ok
20:06:21.0681 15540 [ F51FB25E1328FA14F446A8B24AC52709 ] gdrv C:\Windows\gdrv.sys
20:06:21.0681 15540 gdrv - ok
20:06:21.0701 15540 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:06:21.0711 15540 gpsvc - ok
20:06:21.0741 15540 [ 7EEC4281639DC7E9A67C661EFD414F3A ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
20:06:21.0741 15540 hamachi - ok
20:06:21.0751 15540 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:06:21.0751 15540 hcw85cir - ok
20:06:21.0801 15540 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:06:21.0801 15540 HdAudAddService - ok
20:06:21.0821 15540 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:06:21.0821 15540 HDAudBus - ok
20:06:21.0831 15540 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:06:21.0831 15540 HidBatt - ok
20:06:21.0841 15540 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:06:21.0841 15540 HidBth - ok
20:06:21.0861 15540 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:06:21.0861 15540 HidIr - ok
20:06:21.0891 15540 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:06:21.0891 15540 hidserv - ok
20:06:21.0951 15540 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:06:21.0951 15540 HidUsb - ok
20:06:21.0981 15540 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:06:21.0981 15540 hkmsvc - ok
20:06:22.0021 15540 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:06:22.0021 15540 HomeGroupListener - ok
20:06:22.0061 15540 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:06:22.0061 15540 HomeGroupProvider - ok
20:06:22.0071 15540 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:06:22.0071 15540 HpSAMD - ok
20:06:22.0111 15540 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:06:22.0121 15540 HTTP - ok
20:06:22.0131 15540 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:06:22.0131 15540 hwpolicy - ok
20:06:22.0171 15540 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:06:22.0171 15540 i8042prt - ok
20:06:22.0201 15540 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:06:22.0201 15540 iaStorV - ok
20:06:22.0231 15540 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:06:22.0241 15540 idsvc - ok
20:06:22.0261 15540 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:06:22.0261 15540 iirsp - ok
20:06:22.0281 15540 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:06:22.0291 15540 IKEEXT - ok
20:06:22.0361 15540 [ EE64207F2F5C20BFE5F73DB2566C4601 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:06:22.0381 15540 IntcAzAudAddService - ok
20:06:22.0401 15540 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:06:22.0401 15540 intelide - ok
20:06:22.0421 15540 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:06:22.0421 15540 intelppm - ok
20:06:22.0441 15540 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:06:22.0441 15540 IPBusEnum - ok
20:06:22.0471 15540 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:06:22.0471 15540 IpFilterDriver - ok
20:06:22.0501 15540 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:06:22.0501 15540 iphlpsvc - ok
20:06:22.0531 15540 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:06:22.0531 15540 IPMIDRV - ok
20:06:22.0551 15540 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:06:22.0551 15540 IPNAT - ok
20:06:22.0571 15540 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:06:22.0571 15540 IRENUM - ok
20:06:22.0591 15540 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:06:22.0591 15540 isapnp - ok
20:06:22.0611 15540 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:06:22.0621 15540 iScsiPrt - ok
20:06:22.0691 15540 [ F3A41EC4C6506E76E07A219B3A1DF8D2 ] JMB36X C:\Windows\SysWOW64\XSrvSetup.exe
20:06:22.0691 15540 JMB36X - ok
20:06:22.0711 15540 [ 1C368C1A2733DCC5B8E15420AA2B0F6D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
20:06:22.0711 15540 JRAID - ok
20:06:22.0741 15540 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:06:22.0751 15540 kbdclass - ok
20:06:22.0771 15540 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:06:22.0771 15540 kbdhid - ok
20:06:22.0781 15540 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:06:22.0781 15540 KeyIso - ok
20:06:22.0811 15540 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
20:06:22.0821 15540 kl1 - ok
20:06:22.0861 15540 [ 8191BB24F61EBCAF84719993C7F7B5C6 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
20:06:22.0871 15540 KLIF - ok
20:06:22.0881 15540 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
20:06:22.0881 15540 KLIM6 - ok
20:06:22.0911 15540 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
20:06:22.0911 15540 klkbdflt - ok
20:06:22.0931 15540 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
20:06:22.0931 15540 klmouflt - ok
20:06:22.0951 15540 [ FFC0501A1EA742406F1904A0CFE3BFE2 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
20:06:22.0951 15540 kltdi - ok
20:06:22.0961 15540 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
20:06:22.0961 15540 kneps - ok
20:06:22.0981 15540 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:06:22.0981 15540 KSecDD - ok
20:06:22.0991 15540 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:06:22.0991 15540 KSecPkg - ok
20:06:23.0011 15540 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:06:23.0011 15540 ksthunk - ok
20:06:23.0041 15540 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:06:23.0041 15540 KtmRm - ok
20:06:23.0081 15540 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:06:23.0081 15540 LanmanServer - ok
20:06:23.0121 15540 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:06:23.0121 15540 LanmanWorkstation - ok
20:06:23.0151 15540 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
20:06:23.0151 15540 LGBusEnum - ok
20:06:23.0161 15540 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
20:06:23.0161 15540 LGVirHid - ok
20:06:23.0201 15540 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
20:06:23.0201 15540 lirsgt - ok
20:06:23.0221 15540 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:06:23.0231 15540 lltdio - ok
20:06:23.0241 15540 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:06:23.0251 15540 lltdsvc - ok
20:06:23.0251 15540 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:06:23.0261 15540 lmhosts - ok
20:06:23.0301 15540 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:06:23.0331 15540 LSI_FC - ok
20:06:23.0381 15540 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:06:23.0391 15540 LSI_SAS - ok
20:06:23.0401 15540 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:06:23.0401 15540 LSI_SAS2 - ok
20:06:23.0421 15540 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:06:23.0421 15540 LSI_SCSI - ok
20:06:23.0431 15540 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:06:23.0431 15540 luafv - ok
20:06:23.0461 15540 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:06:23.0471 15540 MBAMProtector - ok
20:06:23.0511 15540 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:06:23.0511 15540 MBAMScheduler - ok
20:06:23.0541 15540 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:06:23.0541 15540 MBAMService - ok
20:06:23.0571 15540 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:06:23.0581 15540 Mcx2Svc - ok
20:06:23.0591 15540 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:06:23.0591 15540 megasas - ok
20:06:23.0611 15540 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:06:23.0611 15540 MegaSR - ok
20:06:23.0631 15540 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:06:23.0631 15540 MMCSS - ok
20:06:23.0641 15540 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:06:23.0641 15540 Modem - ok
20:06:23.0671 15540 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:06:23.0671 15540 monitor - ok
20:06:23.0681 15540 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:06:23.0681 15540 mouclass - ok
20:06:23.0711 15540 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:06:23.0711 15540 mouhid - ok
20:06:23.0731 15540 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:06:23.0731 15540 mountmgr - ok
20:06:23.0791 15540 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:06:23.0801 15540 MozillaMaintenance - ok
20:06:23.0821 15540 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:06:23.0821 15540 mpio - ok
20:06:23.0841 15540 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:06:23.0841 15540 mpsdrv - ok
20:06:23.0881 15540 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:06:23.0891 15540 MpsSvc - ok
20:06:23.0911 15540 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:06:23.0911 15540 MRxDAV - ok
20:06:23.0941 15540 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:06:23.0941 15540 mrxsmb - ok
20:06:23.0951 15540 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:06:23.0951 15540 mrxsmb10 - ok
20:06:23.0951 15540 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:06:23.0951 15540 mrxsmb20 - ok
20:06:23.0981 15540 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:06:23.0981 15540 msahci - ok
20:06:23.0991 15540 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:06:23.0991 15540 msdsm - ok
20:06:24.0011 15540 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:06:24.0011 15540 MSDTC - ok
20:06:24.0021 15540 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:06:24.0021 15540 Msfs - ok
20:06:24.0031 15540 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:06:24.0031 15540 mshidkmdf - ok
20:06:24.0031 15540 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:06:24.0031 15540 msisadrv - ok
20:06:24.0061 15540 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:06:24.0061 15540 MSiSCSI - ok
20:06:24.0061 15540 msiserver - ok
20:06:24.0081 15540 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:06:24.0081 15540 MSKSSRV - ok
20:06:24.0101 15540 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:06:24.0101 15540 MSPCLOCK - ok
20:06:24.0111 15540 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:06:24.0111 15540 MSPQM - ok
20:06:24.0151 15540 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:06:24.0151 15540 MsRPC - ok
20:06:24.0161 15540 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:06:24.0161 15540 mssmbios - ok
20:06:24.0171 15540 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:06:24.0171 15540 MSTEE - ok
20:06:24.0181 15540 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:06:24.0181 15540 MTConfig - ok
20:06:24.0191 15540 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:06:24.0191 15540 Mup - ok
20:06:24.0211 15540 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:06:24.0211 15540 napagent - ok
20:06:24.0251 15540 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:06:24.0251 15540 NativeWifiP - ok
20:06:24.0291 15540 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:06:24.0301 15540 NDIS - ok
20:06:24.0311 15540 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:06:24.0311 15540 NdisCap - ok
20:06:24.0341 15540 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:06:24.0341 15540 NdisTapi - ok
20:06:24.0371 15540 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:06:24.0371 15540 Ndisuio - ok
20:06:24.0381 15540 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:06:24.0381 15540 NdisWan - ok
20:06:24.0421 15540 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:06:24.0421 15540 NDProxy - ok
20:06:24.0441 15540 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:06:24.0441 15540 NetBIOS - ok
20:06:24.0451 15540 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:06:24.0461 15540 NetBT - ok
20:06:24.0461 15540 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:06:24.0471 15540 Netlogon - ok
20:06:24.0491 15540 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:06:24.0491 15540 Netman - ok
20:06:24.0511 15540 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:06:24.0511 15540 netprofm - ok
20:06:24.0531 15540 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:06:24.0531 15540 NetTcpPortSharing - ok
20:06:24.0551 15540 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:06:24.0551 15540 nfrd960 - ok
20:06:24.0581 15540 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:06:24.0581 15540 NlaSvc - ok
20:06:24.0581 15540 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:06:24.0581 15540 Npfs - ok
20:06:24.0601 15540 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:06:24.0601 15540 nsi - ok
20:06:24.0601 15540 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:06:24.0601 15540 nsiproxy - ok
20:06:24.0641 15540 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:06:24.0651 15540 Ntfs - ok
20:06:24.0661 15540 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:06:24.0661 15540 Null - ok
20:06:24.0691 15540 [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
20:06:24.0691 15540 nusb3hub - ok
20:06:24.0711 15540 [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:06:24.0711 15540 nusb3xhc - ok
20:06:24.0721 15540 nvlddmkm - ok
20:06:24.0731 15540 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:06:24.0741 15540 nvraid - ok
20:06:24.0751 15540 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:06:24.0761 15540 nvstor - ok
20:06:24.0781 15540 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:06:24.0781 15540 nv_agp - ok
20:06:24.0801 15540 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:06:24.0801 15540 ohci1394 - ok
20:06:24.0831 15540 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:06:24.0831 15540 p2pimsvc - ok
20:06:24.0841 15540 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:06:24.0851 15540 p2psvc - ok
20:06:24.0901 15540 [ 3A6DCEB1848470320E4A3C12D7A35B1C ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS
20:06:24.0901 15540 PAC207 - ok
20:06:24.0921 15540 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:06:24.0921 15540 Parport - ok
20:06:24.0941 15540 Partizan - ok
20:06:24.0951 15540 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:06:24.0951 15540 partmgr - ok
20:06:24.0961 15540 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:06:24.0961 15540 PcaSvc - ok
20:06:24.0981 15540 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:06:24.0981 15540 pci - ok
20:06:24.0981 15540 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:06:24.0981 15540 pciide - ok
20:06:24.0991 15540 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:06:25.0001 15540 pcmcia - ok
20:06:25.0001 15540 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:06:25.0001 15540 pcw - ok
20:06:25.0021 15540 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:06:25.0021 15540 PEAUTH - ok
20:06:25.0051 15540 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:06:25.0071 15540 PeerDistSvc - ok
20:06:25.0091 15540 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:06:25.0091 15540 PerfHost - ok
20:06:25.0141 15540 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:06:25.0161 15540 pla - ok
20:06:25.0191 15540 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:06:25.0201 15540 PlugPlay - ok
20:06:25.0221 15540 PnkBstrA - ok
20:06:25.0251 15540 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:06:25.0251 15540 PNRPAutoReg - ok
20:06:25.0271 15540 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:06:25.0271 15540 PNRPsvc - ok
20:06:25.0311 15540 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:06:25.0321 15540 PolicyAgent - ok
20:06:25.0351 15540 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:06:25.0351 15540 Power - ok
20:06:25.0381 15540 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:06:25.0381 15540 PptpMiniport - ok
20:06:25.0401 15540 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:06:25.0401 15540 Processor - ok
20:06:25.0431 15540 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:06:25.0431 15540 ProfSvc - ok
20:06:25.0441 15540 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:06:25.0441 15540 ProtectedStorage - ok
20:06:25.0481 15540 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:06:25.0481 15540 Psched - ok
20:06:25.0511 15540 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:06:25.0521 15540 ql2300 - ok
20:06:25.0541 15540 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:06:25.0541 15540 ql40xx - ok
20:06:25.0571 15540 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:06:25.0571 15540 QWAVE - ok
20:06:25.0581 15540 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:06:25.0581 15540 QWAVEdrv - ok
20:06:25.0591 15540 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:06:25.0591 15540 RasAcd - ok
20:06:25.0621 15540 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:06:25.0621 15540 RasAgileVpn - ok
20:06:25.0631 15540 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:06:25.0641 15540 RasAuto - ok
20:06:25.0651 15540 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:06:25.0651 15540 Rasl2tp - ok
20:06:25.0671 15540 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:06:25.0671 15540 RasMan - ok
20:06:25.0681 15540 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:06:25.0681 15540 RasPppoe - ok
20:06:25.0701 15540 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:06:25.0701 15540 RasSstp - ok
20:06:25.0711 15540 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:06:25.0711 15540 rdbss - ok
20:06:25.0721 15540 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:06:25.0721 15540 rdpbus - ok
20:06:25.0731 15540 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:06:25.0731 15540 RDPCDD - ok
20:06:25.0761 15540 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:06:25.0771 15540 RDPDR - ok
20:06:25.0781 15540 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:06:25.0781 15540 RDPENCDD - ok
20:06:25.0781 15540 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:06:25.0781 15540 RDPREFMP - ok
20:06:25.0821 15540 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:06:25.0821 15540 RdpVideoMiniport - ok
20:06:25.0841 15540 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:06:25.0841 15540 RDPWD - ok
20:06:25.0861 15540 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:06:25.0861 15540 rdyboost - ok
20:06:25.0881 15540 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:06:25.0881 15540 RemoteAccess - ok
20:06:25.0901 15540 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:06:25.0901 15540 RemoteRegistry - ok
20:06:25.0921 15540 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:06:25.0931 15540 RpcEptMapper - ok
20:06:25.0941 15540 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:06:25.0941 15540 RpcLocator - ok
20:06:25.0971 15540 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:06:25.0981 15540 RpcSs - ok
20:06:25.0991 15540 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:06:25.0991 15540 rspndr - ok
20:06:26.0031 15540 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:06:26.0041 15540 RTL8167 - ok
20:06:26.0061 15540 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:06:26.0061 15540 s3cap - ok
20:06:26.0071 15540 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:06:26.0071 15540 SamSs - ok
20:06:26.0131 15540 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:06:26.0131 15540 SASDIFSV - ok
20:06:26.0151 15540 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:06:26.0151 15540 SASKUTIL - ok
20:06:26.0161 15540 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:06:26.0161 15540 sbp2port - ok
20:06:26.0191 15540 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:06:26.0191 15540 SCardSvr - ok
20:06:26.0241 15540 [ 3A09F31454DFEFBB124BAF378F90B636 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
20:06:26.0241 15540 SCDEmu - ok
20:06:26.0271 15540 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:06:26.0271 15540 scfilter - ok
20:06:26.0311 15540 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:06:26.0321 15540 Schedule - ok
20:06:26.0341 15540 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:06:26.0341 15540 SCPolicySvc - ok
20:06:26.0371 15540 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:06:26.0371 15540 SDRSVC - ok
20:06:26.0401 15540 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:06:26.0401 15540 secdrv - ok
20:06:26.0421 15540 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:06:26.0421 15540 seclogon - ok
20:06:26.0441 15540 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:06:26.0441 15540 SENS - ok
20:06:26.0451 15540 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:06:26.0451 15540 SensrSvc - ok
20:06:26.0471 15540 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:06:26.0471 15540 Serenum - ok
20:06:26.0491 15540 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:06:26.0491 15540 Serial - ok
20:06:26.0501 15540 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:06:26.0501 15540 sermouse - ok
20:06:26.0531 15540 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:06:26.0531 15540 SessionEnv - ok
20:06:26.0551 15540 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:06:26.0561 15540 sffdisk - ok
20:06:26.0571 15540 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:06:26.0571 15540 sffp_mmc - ok
20:06:26.0581 15540 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:06:26.0581 15540 sffp_sd - ok
20:06:26.0591 15540 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:06:26.0591 15540 sfloppy - ok
20:06:26.0621 15540 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:06:26.0631 15540 SharedAccess - ok
20:06:26.0641 15540 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:06:26.0651 15540 ShellHWDetection - ok
20:06:26.0661 15540 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:06:26.0661 15540 SiSRaid2 - ok
20:06:26.0671 15540 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:06:26.0671 15540 SiSRaid4 - ok
20:06:26.0711 15540 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:06:26.0721 15540 SkypeUpdate - ok
20:06:26.0741 15540 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:06:26.0741 15540 Smb - ok
20:06:26.0771 15540 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:06:26.0771 15540 SNMPTRAP - ok
20:06:26.0781 15540 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:06:26.0781 15540 spldr - ok
20:06:26.0811 15540 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:06:26.0811 15540 Spooler - ok
20:06:26.0871 15540 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:06:26.0901 15540 sppsvc - ok
20:06:26.0921 15540 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:06:26.0921 15540 sppuinotify - ok
20:06:26.0951 15540 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:06:26.0951 15540 srv - ok
20:06:26.0971 15540 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:06:26.0971 15540 srv2 - ok
20:06:26.0971 15540 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:06:26.0971 15540 srvnet - ok
20:06:27.0001 15540 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:06:27.0001 15540 SSDPSRV - ok
20:06:27.0011 15540 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:06:27.0021 15540 SstpSvc - ok
20:06:27.0061 15540 Steam Client Service - ok
20:06:27.0081 15540 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:06:27.0081 15540 stexstor - ok
20:06:27.0121 15540 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:06:27.0131 15540 stisvc - ok
20:06:27.0131 15540 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:06:27.0131 15540 storflt - ok
20:06:27.0161 15540 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:06:27.0161 15540 storvsc - ok
20:06:27.0171 15540 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:06:27.0171 15540 swenum - ok
20:06:27.0181 15540 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:06:27.0191 15540 swprv - ok
20:06:27.0201 15540 Synth3dVsc - ok
20:06:27.0251 15540 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:06:27.0271 15540 SysMain - ok
20:06:27.0301 15540 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:06:27.0301 15540 TabletInputService - ok
20:06:27.0331 15540 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:06:27.0331 15540 TapiSrv - ok
20:06:27.0351 15540 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:06:27.0351 15540 TBS - ok
20:06:27.0401 15540 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:06:27.0421 15540 Tcpip - ok
20:06:27.0441 15540 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:06:27.0451 15540 TCPIP6 - ok
20:06:27.0481 15540 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:06:27.0481 15540 tcpipreg - ok
20:06:27.0501 15540 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:06:27.0501 15540 TDPIPE - ok
20:06:27.0521 15540 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:06:27.0521 15540 TDTCP - ok
20:06:27.0561 15540 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:06:27.0561 15540 tdx - ok
20:06:27.0581 15540 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:06:27.0591 15540 TermDD - ok
20:06:27.0621 15540 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:06:27.0621 15540 TermService - ok
20:06:27.0641 15540 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:06:27.0641 15540 Themes - ok
20:06:27.0661 15540 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:06:27.0661 15540 THREADORDER - ok
20:06:27.0681 15540 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:06:27.0691 15540 TrkWks - ok
20:06:27.0731 15540 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:06:27.0731 15540 TrustedInstaller - ok
20:06:27.0761 15540 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:06:27.0761 15540 tssecsrv - ok
20:06:27.0791 15540 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:06:27.0801 15540 TsUsbFlt - ok
20:06:27.0801 15540 tsusbhub - ok
20:06:27.0881 15540 [ E3F63884AD6CDB2E71DA98C0AA3F8D74 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
20:06:27.0891 15540 TuneUp.UtilitiesSvc - ok
20:06:27.0921 15540 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
20:06:27.0921 15540 TuneUpUtilitiesDrv - ok
20:06:27.0961 15540 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:06:27.0961 15540 tunnel - ok
20:06:27.0981 15540 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:06:27.0991 15540 uagp35 - ok
20:06:28.0011 15540 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:06:28.0011 15540 udfs - ok
20:06:28.0041 15540 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:06:28.0041 15540 UI0Detect - ok
20:06:28.0051 15540 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:06:28.0051 15540 uliagpkx - ok
20:06:28.0081 15540 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:06:28.0081 15540 umbus - ok
20:06:28.0091 15540 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:06:28.0091 15540 UmPass - ok
20:06:28.0121 15540 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
20:06:28.0121 15540 UmRdpService - ok
20:06:28.0151 15540 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:06:28.0161 15540 upnphost - ok
20:06:28.0181 15540 USBAAPL64 - ok
20:06:28.0201 15540 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:06:28.0201 15540 usbccgp - ok
20:06:28.0231 15540 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:06:28.0231 15540 usbcir - ok
20:06:28.0241 15540 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:06:28.0241 15540 usbehci - ok
20:06:28.0251 15540 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:06:28.0251 15540 usbhub - ok
20:06:28.0261 15540 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:06:28.0261 15540 usbohci - ok
20:06:28.0271 15540 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:06:28.0271 15540 usbprint - ok
20:06:28.0281 15540 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
20:06:28.0281 15540 USBSTOR - ok
20:06:28.0281 15540 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:06:28.0281 15540 usbuhci - ok
20:06:28.0291 15540 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:06:28.0291 15540 UxSms - ok
20:06:28.0301 15540 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:06:28.0311 15540 VaultSvc - ok
20:06:28.0331 15540 [ F0FAF3FB9B138F8CAFB65ECFFE9F4AB6 ] vcd10bus C:\Windows\system32\DRIVERS\vcd10bus.sys
20:06:28.0331 15540 vcd10bus - ok
20:06:28.0351 15540 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:06:28.0351 15540 vdrvroot - ok
20:06:28.0381 15540 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:06:28.0391 15540 vds - ok
20:06:28.0411 15540 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:06:28.0411 15540 vga - ok
20:06:28.0421 15540 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:06:28.0431 15540 VgaSave - ok
20:06:28.0431 15540 VGPU - ok
20:06:28.0441 15540 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:06:28.0441 15540 vhdmp - ok
20:06:28.0461 15540 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:06:28.0471 15540 viaide - ok
20:06:28.0481 15540 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:06:28.0481 15540 vmbus - ok
20:06:28.0491 15540 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:06:28.0501 15540 VMBusHID - ok
20:06:28.0501 15540 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:06:28.0501 15540 volmgr - ok
20:06:28.0531 15540 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:06:28.0541 15540 volmgrx - ok
20:06:28.0541 15540 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:06:28.0541 15540 volsnap - ok
20:06:28.0551 15540 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:06:28.0561 15540 vsmraid - ok
20:06:28.0601 15540 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:06:28.0611 15540 VSS - ok
20:06:28.0621 15540 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:06:28.0621 15540 vwifibus - ok
20:06:28.0651 15540 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:06:28.0651 15540 W32Time - ok
20:06:28.0671 15540 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:06:28.0671 15540 WacomPen - ok
20:06:28.0691 15540 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:06:28.0691 15540 WANARP - ok
20:06:28.0691 15540 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:06:28.0691 15540 Wanarpv6 - ok
20:06:28.0721 15540 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:06:28.0741 15540 wbengine - ok
20:06:28.0751 15540 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:06:28.0761 15540 WbioSrvc - ok
20:06:28.0781 15540 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:06:28.0791 15540 wcncsvc - ok
20:06:28.0801 15540 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:06:28.0801 15540 WcsPlugInService - ok
20:06:28.0821 15540 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:06:28.0821 15540 Wd - ok
20:06:28.0831 15540 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:06:28.0841 15540 Wdf01000 - ok
20:06:28.0841 15540 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:06:28.0851 15540 WdiServiceHost - ok
20:06:28.0851 15540 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:06:28.0851 15540 WdiSystemHost - ok
20:06:28.0871 15540 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:06:28.0881 15540 WebClient - ok
20:06:28.0891 15540 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:06:28.0891 15540 Wecsvc - ok
20:06:28.0911 15540 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:06:28.0911 15540 wercplsupport - ok
20:06:28.0931 15540 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:06:28.0931 15540 WerSvc - ok
20:06:28.0941 15540 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:06:28.0941 15540 WfpLwf - ok
20:06:28.0951 15540 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:06:28.0951 15540 WIMMount - ok
20:06:28.0961 15540 WinDefend - ok
20:06:28.0961 15540 WinHttpAutoProxySvc - ok
20:06:28.0991 15540 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:06:29.0001 15540 Winmgmt - ok
20:06:29.0041 15540 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:06:29.0061 15540 WinRM - ok
20:06:29.0101 15540 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:06:29.0101 15540 WinUsb - ok
20:06:29.0131 15540 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:06:29.0141 15540 Wlansvc - ok
20:06:29.0171 15540 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:06:29.0171 15540 wlcrasvc - ok
20:06:29.0251 15540 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:06:29.0261 15540 wlidsvc - ok
20:06:29.0291 15540 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:06:29.0291 15540 WmiAcpi - ok
20:06:29.0321 15540 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:06:29.0331 15540 wmiApSrv - ok
20:06:29.0361 15540 WMPNetworkSvc - ok
20:06:29.0371 15540 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:06:29.0371 15540 WPCSvc - ok
20:06:29.0391 15540 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:06:29.0401 15540 WPDBusEnum - ok
20:06:29.0421 15540 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:06:29.0421 15540 ws2ifsl - ok
20:06:29.0441 15540 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:06:29.0441 15540 wscsvc - ok
20:06:29.0441 15540 WSearch - ok
20:06:29.0491 15540 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:06:29.0511 15540 wuauserv - ok
20:06:29.0541 15540 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:06:29.0541 15540 WudfPf - ok
20:06:29.0551 15540 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:06:29.0551 15540 WUDFRd - ok
20:06:29.0561 15540 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:06:29.0561 15540 wudfsvc - ok
20:06:29.0591 15540 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:06:29.0591 15540 WwanSvc - ok
20:06:29.0641 15540 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
20:06:29.0651 15540 xnacc - ok
20:06:29.0651 15540 ================ Scan global ===============================
20:06:29.0681 15540 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:06:29.0701 15540 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:06:29.0701 15540 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:06:29.0721 15540 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:06:29.0741 15540 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:06:29.0741 15540 [Global] - ok
20:06:29.0741 15540 ================ Scan MBR ==================================
20:06:29.0751 15540 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:06:29.0871 15540 \Device\Harddisk1\DR1 - ok
20:06:29.0871 15540 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:06:29.0871 15540 \Device\Harddisk0\DR0 - ok
20:06:29.0871 15540 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
20:06:29.0881 15540 \Device\Harddisk2\DR2 - ok
20:06:29.0881 15540 ================ Scan VBR ==================================
20:06:29.0881 15540 [ D8FD4447A7D9E156493C5AD5BA0B0471 ] \Device\Harddisk1\DR1\Partition1
20:06:29.0881 15540 \Device\Harddisk1\DR1\Partition1 - ok
20:06:29.0881 15540 [ 8088975A75DA14E220A07E447B4AE964 ] \Device\Harddisk0\DR0\Partition1
20:06:29.0881 15540 \Device\Harddisk0\DR0\Partition1 - ok
20:06:29.0891 15540 [ 2CD98AECD45AA0093ADC7DFBA25C4570 ] \Device\Harddisk2\DR2\Partition1
20:06:29.0891 15540 \Device\Harddisk2\DR2\Partition1 - ok
20:06:29.0891 15540 ============================================================
20:06:29.0891 15540 Scan finished
20:06:29.0891 15540 ============================================================
20:06:29.0891 6924 Detected object count: 0
20:06:29.0891 6924 Actual detected object count: 0

ASWMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-23 00:44:54
-----------------------------
00:44:54.301 OS Version: Windows x64 6.1.7601 Service Pack 1
00:44:54.301 Number of processors: 8 586 0x1A05
00:44:54.301 ComputerName: ZILDJIAN90 UserName: Alec
00:44:54.942 Initialize success
00:45:03.650 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
00:45:03.652 Disk 0 Vendor: SAMSUNG_HD642JJ 1AA01113 Size: 610479MB BusType: 3
00:45:03.653 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
00:45:03.654 Disk 1 Vendor: SAMSUNG_HD322HJ 1AC01113 Size: 305245MB BusType: 3
00:45:03.663 Disk 1 MBR read successfully
00:45:03.665 Disk 1 MBR scan
00:45:03.666 Disk 1 Windows 7 default MBR code
00:45:03.668 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
00:45:03.671 Disk 1 scanning C:\Windows\system32\drivers
00:45:08.172 Service scanning
00:45:12.271 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
00:45:12.313 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
00:45:12.341 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
00:45:12.680 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
00:45:13.029 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
00:45:13.045 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
00:45:18.584 Modules scanning
00:45:18.588 Disk 1 trace - called modules:
00:45:18.599 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:45:18.603 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800605d060]
00:45:18.606 3 CLASSPNP.SYS[fffff880021ca43f] -> nt!IofCallDriver -> [0xfffffa8005d57520]
00:45:18.609 5 ACPI.sys[fffff88000eee7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8005d56060]
00:45:18.612 Scan finished successfully
00:48:45.252 Disk 1 MBR has been saved successfully to "C:\Users\Alec\Desktop\MBR.dat"
00:48:45.255 The log file has been saved successfully to "C:\Users\Alec\Desktop\aswMBR.txt"
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#7
Blackbird10

Blackbird10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Gringo,
The Pc is doing fine, haven´t noticed anything out of normal.
I did as you said with the script and here is new ComboFix log:

ComboFix 12-10-23.01 - Alec 23/10/2012 22:20:30.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.3082.18.6142.4097 [GMT 2:00]
Running from: c:\users\Alec\Desktop\ComboFix.exe
Command switches used :: c:\users\Alec\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
.
.
2012-10-23 20:24 . 2012-10-23 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-19 11:48 . 2012-10-19 11:57 -------- d-----w- c:\users\Alec\AppData\Local\Apache
2012-10-18 22:18 . 2012-10-18 22:18 -------- d-----w- c:\program files\HitmanPro
2012-10-18 19:59 . 2012-10-18 22:21 -------- d-----w- c:\programdata\HitmanPro
2012-10-18 19:57 . 2012-10-18 19:57 -------- d-----w- c:\programdata\Tarma Installer
2012-10-18 18:43 . 2012-07-11 15:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2012-10-18 18:43 . 2012-10-18 18:43 -------- d-----w- c:\windows\ELAMBKUP
2012-10-18 18:43 . 2012-10-23 20:00 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-18 18:43 . 2012-10-18 18:43 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-18 18:43 . 2012-10-18 19:01 611160 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-18 18:43 . 2012-08-13 16:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-10-11 20:24 . 2012-10-11 20:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-10-11 20:13 . 2012-10-11 20:13 -------- d-----w- c:\users\Alec\AppData\Roaming\PowerISO
2012-10-11 20:11 . 2012-10-11 20:11 -------- d--h--w- c:\programdata\Common Files
2012-10-11 20:11 . 2012-10-11 20:12 -------- d-----w- c:\program files (x86)\PowerISO
2012-10-11 20:11 . 2012-08-24 07:56 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-10-07 13:50 . 2012-10-07 14:45 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-10-07 13:50 . 2012-10-23 11:42 -------- d-----w- c:\program files (x86)\Steam
2012-10-06 11:20 . 2012-10-06 11:20 -------- d-----w- C:\Games
2012-10-03 16:46 . 2012-05-22 13:36 2580552 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-10-03 13:10 . 2011-11-03 07:49 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-10-03 13:10 . 2011-11-03 07:49 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-10-03 13:10 . 2011-11-03 07:49 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-10-03 13:10 . 2012-10-03 13:10 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-10-02 23:50 . 2012-10-03 14:02 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-10-02 23:29 . 2009-12-10 10:28 36168 ----a-w- c:\windows\system32\uxt2F2E.tmp
2012-10-02 23:03 . 2009-12-10 10:28 36168 ----a-w- c:\windows\system32\uxt391C.tmp
2012-09-24 13:22 . 2012-09-24 13:22 -------- d-sh--w- c:\windows\system32\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
2012-09-24 11:25 . 2012-09-24 11:25 -------- d-----w- c:\program files\Enigma Software Group
2012-09-24 11:25 . 2012-09-24 11:56 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-24 02:22 . 2012-09-24 02:22 -------- d-----w- c:\users\Alec\AppData\Roaming\CheckPoint
2012-09-24 02:20 . 2012-09-24 02:20 -------- d-----w- c:\programdata\CheckPoint
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-18 19:01 . 2012-07-25 12:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-10-18 19:01 . 2012-05-25 17:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-10-11 18:46 . 2012-09-17 10:53 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-11 18:46 . 2012-09-17 10:11 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-11 18:46 . 2012-09-17 10:11 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-03 16:48 . 2012-09-17 10:11 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-09-29 17:54 . 2012-09-15 13:33 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-08 13:21 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-08 13:21 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-08 13:00 . 2012-09-08 13:00 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-08 13:00 . 2012-09-08 13:00 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-08 13:00 . 2012-09-08 13:00 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-08 13:00 . 2012-09-08 13:00 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-08 13:00 . 2012-09-08 13:00 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-08 13:00 . 2012-09-08 13:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-08 13:00 . 2012-09-08 13:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-08 13:00 . 2012-09-08 13:00 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-08 13:00 . 2012-09-08 13:00 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-08 13:00 . 2012-09-08 13:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-08 13:00 . 2012-09-08 13:00 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-08 13:00 . 2012-09-08 13:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-09-08 13:00 . 2012-09-08 13:00 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-08 13:00 . 2012-09-08 13:00 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-08 13:00 . 2012-09-08 13:00 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-08 13:00 . 2012-09-08 13:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-08 13:00 . 2012-09-08 13:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-09-08 13:00 . 2012-09-08 13:00 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-08 13:00 . 2012-09-08 13:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-09-08 13:00 . 2012-09-08 13:00 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-08 13:00 . 2012-09-08 13:00 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-08 13:00 . 2012-09-08 13:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-08 13:00 . 2012-09-08 13:00 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-08 13:00 . 2012-09-08 13:00 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-08 13:00 . 2012-09-08 13:00 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-08 13:00 . 2012-09-08 13:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-09-08 13:00 . 2012-09-08 13:00 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-08 13:00 . 2012-09-08 13:00 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-08 13:00 . 2012-09-08 13:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-08 13:00 . 2012-09-08 13:00 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-08 13:00 . 2012-09-08 13:00 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-08 13:00 . 2012-09-08 13:00 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-08 13:00 . 2012-09-08 13:00 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-09-08 13:00 . 2012-09-08 13:00 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-08 13:00 . 2012-09-08 13:00 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-08 13:00 . 2012-09-08 13:00 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-08 13:00 . 2012-09-08 13:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-08 13:00 . 2012-09-08 13:00 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-08 13:00 . 2012-09-08 13:00 448512 ----a-w- c:\windows\system32\html.iec
2012-09-08 13:00 . 2012-09-08 13:00 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-08 13:00 . 2012-09-08 13:00 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-08 13:00 . 2012-09-08 13:00 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-08 13:00 . 2012-09-08 13:00 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-08 13:00 . 2012-09-08 13:00 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-08 13:00 . 2012-09-08 13:00 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-08 13:00 . 2012-09-08 13:00 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-08 13:00 . 2012-09-08 13:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-08 13:00 . 2012-09-08 13:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-08 13:00 . 2012-09-08 13:00 237056 ----a-w- c:\windows\system32\url.dll
2012-09-08 13:00 . 2012-09-08 13:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-08 13:00 . 2012-09-08 13:00 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-08 13:00 . 2012-09-08 13:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-08 13:00 . 2012-09-08 13:00 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-08 13:00 . 2012-09-08 13:00 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-09-08 13:00 . 2012-09-08 13:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-08 13:00 . 2012-09-08 13:00 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-08 13:00 . 2012-09-08 13:00 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-08 13:00 . 2012-09-08 13:00 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-08 13:00 . 2012-09-08 13:00 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-08 13:00 . 2012-09-08 13:00 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-08 13:00 . 2012-09-08 13:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-09-08 13:00 . 2012-09-08 13:00 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-08 13:00 . 2012-09-08 13:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-09-08 13:00 . 2012-09-08 13:00 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-08 13:00 . 2012-09-08 13:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-08 13:00 . 2012-09-08 13:00 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-08 13:00 . 2012-09-08 13:00 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-08 13:00 . 2012-09-08 13:00 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-08 13:00 . 2012-09-08 13:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-08 13:00 . 2012-09-08 13:00 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-08 13:00 . 2012-09-08 13:00 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-08 12:04 . 2012-09-08 12:04 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2012-09-08 11:59 . 2012-09-08 12:00 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-08 11:59 . 2012-09-08 12:00 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-08 11:59 . 2011-08-13 13:07 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-27 23:49 . 2012-09-08 13:48 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1447D990-7F00-4F4B-BA25-828FE792538C}\mpengine.dll
2012-08-13 14:49 . 2012-08-13 14:49 178008 ----a-w- c:\windows\system32\drivers\kneps.sys
2012-08-03 02:27 . 2012-09-08 12:48 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-02 13:09 . 2012-08-02 13:09 28504 ----a-w- c:\windows\system32\drivers\klim6.sys
2012-07-28 04:09 . 2012-04-06 01:34 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2012-04-06 02:21 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2012-04-06 02:20 1100288 ----a-w- c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-09-14 20:39 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files (x86)\Ares\Ares.exe" [2010-02-08 1015808]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-15 5663616]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-09-21 3341464]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-10-07 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"RaidCall"="c:\program files (x86)\RaidCall\raidcall.exe" [2012-09-25 3076096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-24 336992]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-08-17 218880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 aswArKrn;aswArKrn;c:\users\Alec\AppData\Local\Temp\aswArKrn.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 115168]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-22 21544]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-15 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-03 2072896]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-18 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-18 29528]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-31 11856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 87176924
*Deregistered* - 87176924
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 87.216.1.65 87.216.1.66
FF - ProfilePath - c:\users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\p4gr6p2e.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - ExtSQL: 2012-10-18 20:43; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
FF - ExtSQL: 2012-10-18 20:43; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
FF - ExtSQL: 2012-10-18 20:43; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3311288779-1017221690-2713501278-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3311288779-1017221690-2713501278-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3311288779-1017221690-2713501278-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ac,e4,19,af,2e,4c,67,92,8d,20,1a,ba,bf,f8,16,d5,36,99,a2,a5,0e,93,a5,
ea,18,69,f7,17,5b,c2,47,79,7a,9b,35,b6,a2,6e,35,80,67,8f,27,cd,9f,05,4b,93,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-23 22:25:19
ComboFix-quarantined-files.txt 2012-10-23 20:25
ComboFix2.txt 2012-10-23 12:16
ComboFix3.txt 2012-10-23 12:06
.
Pre-Run: 260.356.911.104 bytes libres
Post-Run: 260.290.084.864 bytes libres
.
- - End Of File - - B195A108883D62101156A1A0A97C2A17
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#9
Blackbird10

Blackbird10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here it is:

Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1) - Español
Application Profiles
Ares 2.1.5
Audacity 1.3.13 (Unicode)
Battlefield 3™
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
Company of Heroes - FAKEMSI
Control ActiveX de Windows Live Mesh para conexiones remotas
D3DX10
DiRT 3
ESN Sonar
Galería fotográfica de Windows Live
Gigabyte Raid Configurer
HiJackThis
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 26
Junk Mail filter update
Kaspersky Anti-Virus 2013
Malwarebytes Anti-Malware versión 1.65.1.1000
Men of War: Assault Squad (Remove Only)
Mesh Runtime
Messenger Companion
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 16.0.1 (x86 es-ES)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NEC Electronics USB 3.0 Host Controller Driver
NVIDIA 3D Vision Controller Driver
ON_OFF Charge B10.0422.2
OpenAL
OpenOffice.org 3.3
Origin
PowerISO
PunkBuster Services
RaidCall
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Skype™ 5.10
Steam
TuneUp Utilities 2012
TuneUp Utilities Language Pack (es-ES)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Tanks
World of Warcraft
  • 0

#10
Blackbird10

Blackbird10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I´ve found in two of my HDD these folders:
$RECYCLE.BIN and another folder named RECYCLER.

$RECYCLE.BIN is in my secondary HD and RECYCLER and $RECYCLE.BIN in my external HD, I dont know if this is malware or not but I never saw them before.

They are empty.

Edited by Blackbird10, 23 October 2012 - 04:01 PM.

  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

those folders are not a problem


Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java 7 Update 7
Java™ 6 Update 22
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#12
Blackbird10

Blackbird10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,
Here is MBAM and Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:33:07, on 24/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Teclado virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Supervisión de URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Servicio Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 23077 bytes


MBAM:

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Versión de la Base de Datos: v2012.10.23.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alec :: ZILDJIAN90 [administrador]

Protección: Personas de movilidad reducida

24/10/2012 0:33:43
mbam-log-2012-10-24 (00-33-43).txt

Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 203354
Tiempo transcurrido: 1 minuto(s), 31 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 0
(No se han detectado elementos maliciosos)

fin)
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
  • 0

#14
Blackbird10

Blackbird10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Gringo,
I did as you told and fixed those entries with HJT.
Eset Online scan isn´t finished yet but i would like to ask you about this Roguekiller report I did a few days ago.
Do those first two registry entries look suspicious to you?
¤¤¤ Registry Entries : 8 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\16024152 (system32\drivers\36796125.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\16024152 (system32\drivers\36796125.sys) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
They do not look good - but they seem to be left overs and may have been removed as I do not see them in my reports anywhere


gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP