Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exploit Blackhole Exploit Kit removal..


  • This topic is locked This topic is locked
15 replies to this topic

#1 nwbalddog

nwbalddog

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Snohomish, WA
  • Local time:06:45 PM

Posted 17 March 2012 - 08:30 PM

I have had a very lethargic machine, crashing, redirecting, especially going to Google...I would love some help here!
Thanks very much

Edited by nwbalddog, 17 March 2012 - 08:33 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 19 March 2012 - 10:32 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Backup The Computer!!

If you have not done it yet spend a few minutes to backup the computer. Removing malware can be unpredictable and this may save you and me allot of grief later.

There is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the computer backed up you may do the following.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 nwbalddog

nwbalddog
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Snohomish, WA
  • Local time:06:45 PM

Posted 20 March 2012 - 09:06 AM

Thanks very much:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/7/2009 7:32:13 AM
System Uptime: 3/20/2012 6:26:22 AM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Athlon™ 7550 Dual-Core Processor | Socket AM2 | 1300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 116.807 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.586 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 932 GiB total, 142.062 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP348: 3/2/2012 3:00:15 AM - Windows Update
RP349: 3/13/2012 1:12:58 AM - Scheduled Checkpoint
RP350: 3/18/2012 8:00:05 AM - Windows Update
RP351: 3/19/2012 6:30:08 AM - Windows Update
RP352: 3/20/2012 6:16:06 AM - Windows Update
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.2)
All-Pro Software Tournament Scheduler Pro Free Trial 5.0
AVG 2011
Basketball Playbook 009 j
Bing Bar
Bing Maps 3D
Bing Rewards Client Installer
CA Pest Patrol Realtime Protection
CCleaner
Cisco Network Magic
Compatibility Pack for the 2007 Office system
Constant Guard Protection Suite
Excel to PDF Converter 3.00
Free PS Convert driver 8.15
Google Chrome
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
GuardedID
Home or Away Trial
Internet TV for Windows Media Center
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java™ 6 Update 24
Lacrosse Plugin 1
Logitech High Quality Video
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Network Magic
NVIDIA Drivers
PhotoshopdotcomInspirationBrowser
Pure Networks Platform
PVSonyDll
Rainier
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Sony USB Driver
TurboHddUsb
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Vegas Movie Studio Platinum 9.0
WebEx Support Manager for Internet Explorer
Windows Live ID Sign-in Assistant
XFINITY Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/20/2012 6:53:42 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/20/2012 6:53:42 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
3/20/2012 6:53:42 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
3/20/2012 6:52:42 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
3/20/2012 6:51:42 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
3/20/2012 6:51:42 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/20/2012 6:51:42 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/20/2012 6:51:42 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/20/2012 6:51:42 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/20/2012 6:51:42 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/20/2012 6:51:42 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/20/2012 6:51:42 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/20/2012 6:51:42 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/20/2012 6:51:42 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/20/2012 6:51:42 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/20/2012 6:51:42 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/20/2012 6:51:42 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/20/2012 6:51:42 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/20/2012 6:51:42 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/20/2012 6:27:43 AM, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.
3/20/2012 6:26:55 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82cf5ca0, 0x8cc78b4c, 0x8cc78730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032012-32214-01.
3/20/2012 6:16:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2639308).
3/19/2012 9:15:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
3/19/2012 9:15:10 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/19/2012 8:55:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
3/19/2012 8:02:50 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/19/2012 7:21:57 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/19/2012 6:25:58 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
3/19/2012 6:21:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/19/2012 6:19:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/19/2012 6:19:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/19/2012 6:19:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/19/2012 6:19:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/19/2012 6:18:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/19/2012 6:18:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC discache NetBIOS nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
3/19/2012 6:18:40 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/19/2012 6:18:40 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2012 6:18:40 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2012 6:18:40 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/19/2012 6:18:40 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/19/2012 6:18:40 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2012 6:18:40 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/19/2012 6:18:40 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/19/2012 6:18:40 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/19/2012 6:18:40 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2012 8:57:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000075, 0x00000002, 0x00000001, 0x82ccd92b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-60855-01.
3/18/2012 5:06:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
3/18/2012 5:06:41 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/18/2012 4:57:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
3/18/2012 11:54:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
3/18/2012 11:52:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
3/18/2012 10:00:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user mom_dad-PC\Repair SID (S-1-5-21-1316481493-3646135646-4112620032-1005) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/17/2012 8:48:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
3/17/2012 8:48:58 PM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/17/2012 7:22:13 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.
3/17/2012 5:30:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82cbbca0, 0x8cd23b4c, 0x8cd23730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031712-75832-01.
3/17/2012 5:27:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user mom_dad-PC\mom_dad SID (S-1-5-21-1316481493-3646135646-4112620032-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/16/2012 10:21:55 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A thread could not be created for the service.
3/16/2012 10:17:50 PM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: A thread could not be created for the service.
3/16/2012 10:17:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/15/2012 2:53:51 PM, Error: Service Control Manager [7023] - The Multimedia Class Scheduler service terminated with the following error: Not enough storage is available to process this command.
.
==== End Of File ===========================


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by mom_dad at 6:51:09 on 2012-03-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1111 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\TurboHddUsb\TurboHddUsb.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\SFT\GuardedID\GIDD.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\mom_dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom_dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom_dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom_dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom_dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom_dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom_dad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom_dad\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Program Files\AVG\AVG10\avgcfgex.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WerFault.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\mom_dad\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [Update] rundll32.exe "c:\windows\temp\",DllRegisterServer
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [TurboHddUsb] c:\program files\turbohddusb\TurboHddUsb.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
dRun: [disknotify] %APPDATA%\disknotify.exe
dRun: [Update] rundll32.exe "c:\windows\temp\",DllRegisterServer
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxps://leagueathletics.com/XUpload.ocx
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{05FA5C6A-5AC8-473B-8A67-5AFF0ED649DB} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-1-16 7040]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2012-1-25 25232]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-2-15 65096]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-17 1025352]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-1-16 17792]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-30 52224]
.
=============== Created Last 30 ================
.
2012-03-18 15:29:58 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-09 16:32:02 151552 ----a-w- c:\programdata\microsoft\windows\drm\8162.tmp
2012-03-04 22:05:32 162664 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10140.bin
.
==================== Find3M ====================
.
2012-02-18 18:35:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86BB849F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86bbf740]; MOV EAX, [0x86bbf8b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C7952A] -> \Device\Harddisk0\DR0[0x866C77A0]
3 CLASSPNP[0x8AF9E59E] -> ntkrnlpa!IofCallDriver[0x82C7952A] -> [0x85664700]
5 ACPI[0x834163D4] -> ntkrnlpa!IofCallDriver[0x82C7952A] -> \0000005a[0x85FCB6B8]
\Driver\nvstor[0x86BF5858] -> IRP_MJ_CREATE -> 0x86BB849F
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\0000005a -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-65M0A#4&18e270a&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 6:59:06.89 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 20 March 2012 - 01:00 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 nwbalddog

nwbalddog
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Snohomish, WA
  • Local time:06:45 PM

Posted 21 March 2012 - 08:23 AM

ComboFix 12-03-20.02 - mom_dad 03/20/2012 21:18:24.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.2072 [GMT -7:00]
Running from: c:\users\mom_dad\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mom_dad\AppData\Local\Temp\7zS2922\HPSLPSVC32.DLL
c:\users\mom_dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011
c:\users\mom_dad\Documents\~WRL0226.tmp
c:\windows\$NtUninstallKB60519$
c:\windows\$NtUninstallKB60519$\1140830104\@
c:\windows\$NtUninstallKB60519$\1140830104\bckfg.tmp
c:\windows\$NtUninstallKB60519$\1140830104\cfg.ini
c:\windows\$NtUninstallKB60519$\1140830104\Desktop.ini
c:\windows\$NtUninstallKB60519$\1140830104\kwrd.dll
c:\windows\$NtUninstallKB60519$\1140830104\L\xadqgnnk
c:\windows\$NtUninstallKB60519$\1140830104\lsflt7.ver
c:\windows\$NtUninstallKB60519$\1140830104\U\00000001.@
c:\windows\$NtUninstallKB60519$\1140830104\U\00000002.@
c:\windows\$NtUninstallKB60519$\1140830104\U\00000004.@
c:\windows\$NtUninstallKB60519$\1140830104\U\80000000.@
c:\windows\$NtUninstallKB60519$\1140830104\U\80000004.@
c:\windows\$NtUninstallKB60519$\1140830104\U\80000032.@
c:\windows\$NtUninstallKB60519$\1401206613
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6e45e5122b062a5f.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d1158c62f47a7004.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\fdb67ea3c237ae05.fb
G:\Autorun.inf
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys
.
c:\windows\system32\drivers\netbt.sys was missing
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))
.
.
2012-03-21 04:33 . 2012-03-21 04:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-21 04:33 . 2012-03-21 04:33 -------- d-----w- c:\users\Administrator2\AppData\Local\temp
2012-03-21 04:33 . 2012-03-21 13:09 -------- d-----w- c:\users\mom_dad\AppData\Local\temp
2012-03-19 02:08 . 2012-03-19 02:08 -------- d-----w- c:\users\Repair
2012-03-18 15:29 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-18 02:14 . 2012-03-18 02:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2012-03-12 07:11 . 2012-03-12 07:25 -------- d-----w- c:\users\Administrator2\AppData\Local\ID Vault
2012-03-09 16:32 . 2012-03-09 16:32 151552 ----a-w- c:\programdata\Microsoft\Windows\DRM\8162.tmp
2012-03-04 22:05 . 2012-03-04 22:05 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 18:35 . 2011-05-25 06:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-13 23:59 . 2012-01-13 23:59 10 ----a-w- c:\windows\Fonts\wfonts.key
2012-01-04 08:58 . 2012-02-15 04:56 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-15 04:56 478720 ----a-w- c:\windows\system32\timedate.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 00:26 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-08 39408]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"TurboHddUsb"="c:\program files\TurboHddUsb\TurboHddUsb.exe" [2010-01-16 3327488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-2-15 4720200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [2012-02-15 65096]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-01-16 17792]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-01-16 7040]
S1 GIDv2;GIDv2; [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 18:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 03:00]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 03:00]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316481493-3646135646-4112620032-1001Core.job
- c:\users\mom_dad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 03:31]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316481493-3646135646-4112620032-1001UA.job
- c:\users\mom_dad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 03:31]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316481493-3646135646-4112620032-1004Core.job
- c:\users\Administrator2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-08 10:20]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316481493-3646135646-4112620032-1004UA.job
- c:\users\Administrator2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-08 10:20]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKU-Default-Run-disknotify - c:\users\mom_dad\AppData\Roaming\disknotify.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8570F49F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85716740]; MOV EAX, [0x857168b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E8D52A] -> \Device\Harddisk0\DR0[0x85265168]
3 CLASSPNP[0x89FAF59E] -> ntkrnlpa!IofCallDriver[0x81E8D52A] -> [0x84257368]
5 ACPI[0x89C0E3D4] -> ntkrnlpa!IofCallDriver[0x81E8D52A] -> \0000005e[0x842576A0]
\Driver\nvstor[0x856353E0] -> IRP_MJ_CREATE -> 0x8570F49F
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\0000005e -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-65M0A#4&18e270a&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1708)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-03-21 06:15:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-21 13:15
.
Pre-Run: 125,585,256,448 bytes free
Post-Run: 128,417,333,248 bytes free
.
- - End Of File - - 863FC9787FB940351EA18A824F6C850B
Thanks

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 21 March 2012 - 12:44 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 nwbalddog

nwbalddog
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Snohomish, WA
  • Local time:06:45 PM

Posted 22 March 2012 - 07:16 PM

22:22:40.0980 6208 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
22:22:41.0583 6208 ============================================================
22:22:41.0583 6208 Current date / time: 2012/03/21 22:22:41.0583
22:22:41.0583 6208 SystemInfo:
22:22:41.0583 6208
22:22:41.0583 6208 OS Version: 6.1.7601 ServicePack: 1.0
22:22:41.0583 6208 Product type: Workstation
22:22:41.0583 6208 ComputerName: MOM_DAD-PC
22:22:41.0584 6208 UserName: mom_dad
22:22:41.0584 6208 Windows directory: C:\Windows
22:22:41.0584 6208 System windows directory: C:\Windows
22:22:41.0584 6208 Processor architecture: Intel x86
22:22:41.0584 6208 Number of processors: 2
22:22:41.0584 6208 Page size: 0x1000
22:22:41.0584 6208 Boot type: Normal boot
22:22:41.0584 6208 ============================================================
22:22:43.0570 6208 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:22:43.0592 6208 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:22:43.0596 6208 \Device\Harddisk0\DR0:
22:22:43.0596 6208 MBR used
22:22:43.0596 6208 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23DA00C2
22:22:43.0596 6208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23DA0101, BlocksNum 0x168D5C0
22:22:43.0596 6208 \Device\Harddisk1\DR1:
22:22:43.0596 6208 MBR used
22:22:43.0596 6208 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
22:22:43.0675 6208 Initialize success
22:22:43.0675 6208 ============================================================
22:22:52.0336 5964 ============================================================
22:22:52.0336 5964 Scan started
22:22:52.0336 5964 Mode: Manual;
22:22:52.0336 5964 ============================================================
22:22:57.0316 5964 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:22:57.0322 5964 1394ohci - ok
22:22:57.0382 5964 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:22:57.0402 5964 ACPI - ok
22:22:57.0481 5964 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:22:57.0482 5964 AcpiPmi - ok
22:22:57.0648 5964 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
22:22:57.0653 5964 AdobeActiveFileMonitor7.0 - ok
22:22:57.0944 5964 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:22:57.0956 5964 AdobeARMservice - ok
22:22:58.0184 5964 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:22:58.0217 5964 adp94xx - ok
22:22:58.0581 5964 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:22:58.0615 5964 adpahci - ok
22:22:58.0882 5964 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:22:58.0887 5964 adpu320 - ok
22:22:59.0199 5964 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:22:59.0214 5964 AeLookupSvc - ok
22:22:59.0325 5964 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:22:59.0329 5964 AFD - ok
22:22:59.0481 5964 AGERESoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
22:22:59.0507 5964 AGERESoftModem - ok
22:22:59.0552 5964 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:22:59.0555 5964 agp440 - ok
22:22:59.0622 5964 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:22:59.0629 5964 aic78xx - ok
22:22:59.0710 5964 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:22:59.0750 5964 ALG - ok
22:22:59.0807 5964 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:22:59.0811 5964 aliide - ok
22:22:59.0850 5964 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:22:59.0854 5964 amdagp - ok
22:22:59.0873 5964 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:22:59.0876 5964 amdide - ok
22:22:59.0928 5964 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:22:59.0932 5964 AmdK8 - ok
22:23:00.0002 5964 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:23:00.0006 5964 AmdPPM - ok
22:23:00.0070 5964 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:23:00.0074 5964 amdsata - ok
22:23:00.0113 5964 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:23:00.0116 5964 amdsbs - ok
22:23:00.0130 5964 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:23:00.0132 5964 amdxata - ok
22:23:00.0434 5964 AntiSpywareService (f9dac844b1d370da4c984d4c22f5e696) C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
22:23:00.0459 5964 AntiSpywareService - ok
22:23:00.0590 5964 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:23:00.0594 5964 AppID - ok
22:23:00.0728 5964 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:23:00.0758 5964 AppIDSvc - ok
22:23:00.0854 5964 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
22:23:00.0856 5964 Appinfo - ok
22:23:00.0947 5964 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:23:00.0976 5964 arc - ok
22:23:00.0990 5964 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:23:00.0993 5964 arcsas - ok
22:23:01.0096 5964 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:23:01.0097 5964 AsyncMac - ok
22:23:01.0157 5964 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:23:01.0160 5964 atapi - ok
22:23:01.0227 5964 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:23:01.0245 5964 AudioEndpointBuilder - ok
22:23:01.0257 5964 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:23:01.0263 5964 Audiosrv - ok
22:23:01.0439 5964 AVG Security Toolbar Service (3a457c2f798cad79cd30224e723e01fb) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
22:23:01.0465 5964 AVG Security Toolbar Service - ok
22:23:01.0800 5964 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
22:23:01.0934 5964 AVGIDSAgent - ok
22:23:02.0123 5964 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:23:02.0128 5964 AVGIDSDriver - ok
22:23:02.0212 5964 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:23:02.0227 5964 AVGIDSEH - ok
22:23:02.0317 5964 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:23:02.0321 5964 AVGIDSFilter - ok
22:23:02.0355 5964 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
22:23:02.0359 5964 AVGIDSShim - ok
22:23:02.0419 5964 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
22:23:02.0434 5964 Avgldx86 - ok
22:23:02.0476 5964 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
22:23:02.0478 5964 Avgmfx86 - ok
22:23:02.0606 5964 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
22:23:02.0612 5964 Avgrkx86 - ok
22:23:02.0657 5964 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
22:23:02.0662 5964 Avgtdix - ok
22:23:02.0752 5964 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe
22:23:02.0759 5964 avgwd - ok
22:23:02.0952 5964 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
22:23:02.0956 5964 AxInstSV - ok
22:23:03.0037 5964 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:23:03.0055 5964 b06bdrv - ok
22:23:03.0114 5964 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:23:03.0119 5964 b57nd60x - ok
22:23:03.0347 5964 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
22:23:03.0353 5964 BBSvc - ok
22:23:03.0392 5964 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:23:03.0397 5964 BDESVC - ok
22:23:03.0474 5964 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:23:03.0493 5964 Beep - ok
22:23:03.0560 5964 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
22:23:03.0578 5964 BFE - ok
22:23:03.0738 5964 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
22:23:03.0758 5964 BITS - ok
22:23:03.0823 5964 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:23:03.0835 5964 blbdrive - ok
22:23:03.0876 5964 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:23:03.0888 5964 bowser - ok
22:23:03.0914 5964 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:23:03.0916 5964 BrFiltLo - ok
22:23:03.0935 5964 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:23:03.0937 5964 BrFiltUp - ok
22:23:04.0082 5964 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
22:23:04.0087 5964 BridgeMP - ok
22:23:04.0128 5964 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
22:23:04.0130 5964 Browser - ok
22:23:04.0149 5964 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:23:04.0157 5964 Brserid - ok
22:23:04.0196 5964 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:23:04.0199 5964 BrSerWdm - ok
22:23:04.0249 5964 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:23:04.0325 5964 BrUsbMdm - ok
22:23:04.0367 5964 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:23:04.0370 5964 BrUsbSer - ok
22:23:04.0392 5964 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:23:04.0397 5964 BTHMODEM - ok
22:23:04.0458 5964 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:23:04.0461 5964 bthserv - ok
22:23:04.0618 5964 catchme - ok
22:23:04.0800 5964 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:23:04.0803 5964 cdfs - ok
22:23:04.0868 5964 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
22:23:04.0886 5964 cdrom - ok
22:23:05.0112 5964 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:23:05.0117 5964 CertPropSvc - ok
22:23:05.0163 5964 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:23:05.0167 5964 circlass - ok
22:23:05.0210 5964 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:23:05.0213 5964 CLFS - ok
22:23:05.0343 5964 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:23:05.0347 5964 clr_optimization_v2.0.50727_32 - ok
22:23:05.0452 5964 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:23:05.0542 5964 clr_optimization_v4.0.30319_32 - ok
22:23:05.0722 5964 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:23:05.0760 5964 CmBatt - ok
22:23:05.0935 5964 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:23:05.0937 5964 cmdide - ok
22:23:05.0987 5964 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
22:23:05.0993 5964 CNG - ok
22:23:06.0015 5964 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:23:06.0017 5964 Compbatt - ok
22:23:06.0096 5964 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:23:06.0116 5964 CompositeBus - ok
22:23:06.0168 5964 COMSysApp - ok
22:23:06.0499 5964 cpuz132 - ok
22:23:06.0637 5964 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:23:06.0639 5964 crcdisk - ok
22:23:06.0700 5964 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
22:23:06.0704 5964 CryptSvc - ok
22:23:06.0727 5964 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:23:06.0736 5964 DcomLaunch - ok
22:23:06.0777 5964 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:23:06.0819 5964 defragsvc - ok
22:23:06.0925 5964 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:23:06.0958 5964 DfsC - ok
22:23:07.0050 5964 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
22:23:07.0099 5964 Dhcp - ok
22:23:07.0210 5964 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:23:07.0211 5964 discache - ok
22:23:07.0265 5964 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:23:07.0267 5964 Disk - ok
22:23:07.0313 5964 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
22:23:07.0317 5964 Dnscache - ok
22:23:07.0361 5964 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
22:23:07.0394 5964 dot3svc - ok
22:23:07.0449 5964 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
22:23:07.0453 5964 DPS - ok
22:23:07.0529 5964 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:23:07.0531 5964 drmkaud - ok
22:23:07.0573 5964 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:23:07.0591 5964 DXGKrnl - ok
22:23:07.0640 5964 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:23:07.0675 5964 EapHost - ok
22:23:07.0820 5964 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:23:07.0881 5964 ebdrv - ok
22:23:08.0035 5964 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
22:23:08.0038 5964 EFS - ok
22:23:08.0130 5964 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
22:23:08.0147 5964 ehRecvr - ok
22:23:08.0180 5964 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:23:08.0183 5964 ehSched - ok
22:23:08.0504 5964 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:23:08.0512 5964 elxstor - ok
22:23:08.0563 5964 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:23:08.0565 5964 ErrDev - ok
22:23:08.0626 5964 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:23:08.0631 5964 EventSystem - ok
22:23:08.0664 5964 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:23:08.0668 5964 exfat - ok
22:23:08.0696 5964 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:23:08.0700 5964 fastfat - ok
22:23:08.0814 5964 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
22:23:08.0831 5964 Fax - ok
22:23:08.0852 5964 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:23:08.0861 5964 fdc - ok
22:23:08.0899 5964 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:23:08.0901 5964 fdPHost - ok
22:23:08.0918 5964 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:23:08.0921 5964 FDResPub - ok
22:23:08.0939 5964 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:23:08.0942 5964 FileInfo - ok
22:23:08.0965 5964 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:23:08.0968 5964 Filetrace - ok
22:23:09.0117 5964 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:23:09.0135 5964 FLEXnet Licensing Service - ok
22:23:09.0156 5964 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:23:09.0159 5964 flpydisk - ok
22:23:09.0240 5964 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:23:09.0245 5964 FltMgr - ok
22:23:09.0320 5964 FNETTBOH (b91c51d44558985ed0593fd5963d1866) C:\Windows\system32\drivers\FNETTBOH.SYS
22:23:09.0341 5964 FNETTBOH - ok
22:23:09.0380 5964 FNETURPX (0a79334fb069c6b38df7ad56a109ea01) C:\Windows\system32\drivers\FNETURPX.SYS
22:23:09.0382 5964 FNETURPX - ok
22:23:09.0425 5964 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
22:23:09.0443 5964 FontCache - ok
22:23:09.0540 5964 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:23:09.0546 5964 FontCache3.0.0.0 - ok
22:23:09.0633 5964 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:23:09.0660 5964 FsDepends - ok
22:23:09.0685 5964 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:23:09.0688 5964 Fs_Rec - ok
22:23:09.0745 5964 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:23:09.0748 5964 fvevol - ok
22:23:09.0794 5964 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:23:09.0797 5964 gagp30kx - ok
22:23:09.0846 5964 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\Windows\system32\drivers\GIDv2.sys
22:23:09.0854 5964 GIDv2 - ok
22:23:09.0908 5964 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
22:23:09.0930 5964 gpsvc - ok
22:23:10.0065 5964 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:23:10.0067 5964 gupdate - ok
22:23:10.0123 5964 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:23:10.0125 5964 gupdatem - ok
22:23:10.0279 5964 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:23:10.0296 5964 gusvc - ok
22:23:10.0715 5964 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:23:10.0717 5964 hcw85cir - ok
22:23:10.0786 5964 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:23:10.0791 5964 HdAudAddService - ok
22:23:10.0842 5964 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:23:10.0845 5964 HDAudBus - ok
22:23:10.0903 5964 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:23:10.0918 5964 HidBatt - ok
22:23:10.0937 5964 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:23:10.0940 5964 HidBth - ok
22:23:10.0961 5964 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:23:10.0964 5964 HidIr - ok
22:23:11.0003 5964 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
22:23:11.0006 5964 hidserv - ok
22:23:11.0074 5964 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:23:11.0078 5964 HidUsb - ok
22:23:11.0137 5964 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
22:23:11.0158 5964 hkmsvc - ok
22:23:11.0188 5964 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
22:23:11.0193 5964 HomeGroupListener - ok
22:23:11.0233 5964 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
22:23:11.0238 5964 HomeGroupProvider - ok
22:23:11.0307 5964 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:23:11.0311 5964 HpSAMD - ok
22:23:11.0370 5964 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:23:11.0387 5964 HTTP - ok
22:23:11.0440 5964 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:23:11.0442 5964 hwpolicy - ok
22:23:11.0502 5964 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:23:11.0507 5964 i8042prt - ok
22:23:11.0566 5964 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:23:11.0579 5964 iaStorV - ok
22:23:11.0730 5964 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:23:11.0747 5964 idsvc - ok
22:23:11.0823 5964 IDVaultSvc (398ea31959dc66fac3f5e37d67b3d41b) C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
22:23:11.0826 5964 IDVaultSvc - ok
22:23:12.0135 5964 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:23:12.0142 5964 iirsp - ok
22:23:12.0182 5964 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
22:23:12.0217 5964 IKEEXT - ok
22:23:12.0527 5964 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:23:12.0531 5964 intelide - ok
22:23:12.0587 5964 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:23:12.0591 5964 intelppm - ok
22:23:12.0717 5964 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
22:23:12.0794 5964 IntuitUpdateService - ok
22:23:12.0947 5964 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
22:23:12.0950 5964 IntuitUpdateServiceV4 - ok
22:23:13.0066 5964 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:23:13.0087 5964 IPBusEnum - ok
22:23:13.0144 5964 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:23:13.0148 5964 IpFilterDriver - ok
22:23:13.0210 5964 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
22:23:13.0226 5964 iphlpsvc - ok
22:23:13.0259 5964 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:23:13.0262 5964 IPMIDRV - ok
22:23:13.0297 5964 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:23:13.0312 5964 IPNAT - ok
22:23:13.0362 5964 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:23:13.0365 5964 IRENUM - ok
22:23:13.0396 5964 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:23:13.0399 5964 isapnp - ok
22:23:13.0438 5964 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:23:13.0442 5964 iScsiPrt - ok
22:23:13.0567 5964 ITMRTSVC (54f694c6cd3a1149ba3a8bdacc83badc) C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
22:23:13.0592 5964 ITMRTSVC - ok
22:23:13.0693 5964 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:23:13.0696 5964 kbdclass - ok
22:23:13.0771 5964 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
22:23:13.0775 5964 kbdhid - ok
22:23:13.0818 5964 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:23:13.0820 5964 KeyIso - ok
22:23:13.0853 5964 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
22:23:13.0855 5964 KSecDD - ok
22:23:13.0875 5964 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
22:23:13.0878 5964 KSecPkg - ok
22:23:13.0929 5964 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:23:13.0937 5964 KtmRm - ok
22:23:13.0997 5964 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
22:23:14.0014 5964 LanmanServer - ok
22:23:14.0099 5964 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
22:23:14.0107 5964 LanmanWorkstation - ok
22:23:14.0193 5964 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:23:14.0197 5964 lltdio - ok
22:23:14.0259 5964 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:23:14.0275 5964 lltdsvc - ok
22:23:14.0420 5964 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:23:14.0424 5964 lmhosts - ok
22:23:14.0504 5964 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:23:14.0509 5964 LSI_FC - ok
22:23:14.0529 5964 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:23:14.0533 5964 LSI_SAS - ok
22:23:14.0552 5964 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:23:14.0555 5964 LSI_SAS2 - ok
22:23:14.0591 5964 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:23:14.0594 5964 LSI_SCSI - ok
22:23:14.0615 5964 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:23:14.0617 5964 luafv - ok
22:23:14.0715 5964 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\Windows\system32\DRIVERS\lvpopflt.sys
22:23:14.0720 5964 lvpopflt - ok
22:23:14.0746 5964 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
22:23:14.0763 5964 LVRS - ok
22:23:14.0902 5964 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
22:23:15.0052 5964 LVUVC - ok
22:23:15.0089 5964 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
22:23:15.0092 5964 Mcx2Svc - ok
22:23:15.0178 5964 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:23:15.0186 5964 MDM - ok
22:23:15.0366 5964 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:23:15.0370 5964 megasas - ok
22:23:15.0416 5964 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:23:15.0420 5964 MegaSR - ok
22:23:15.0449 5964 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:23:15.0451 5964 MMCSS - ok
22:23:15.0477 5964 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:23:15.0479 5964 Modem - ok
22:23:15.0526 5964 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:23:15.0564 5964 monitor - ok
22:23:15.0643 5964 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
22:23:15.0645 5964 mouclass - ok
22:23:15.0701 5964 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:23:15.0703 5964 mouhid - ok
22:23:15.0738 5964 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:23:15.0740 5964 mountmgr - ok
22:23:15.0778 5964 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:23:15.0781 5964 mpio - ok
22:23:15.0797 5964 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:23:15.0800 5964 mpsdrv - ok
22:23:15.0879 5964 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
22:23:15.0901 5964 MpsSvc - ok
22:23:15.0936 5964 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:23:15.0941 5964 MRxDAV - ok
22:23:15.0975 5964 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:23:15.0992 5964 mrxsmb - ok
22:23:16.0032 5964 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:23:16.0073 5964 mrxsmb10 - ok
22:23:16.0113 5964 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:23:16.0125 5964 mrxsmb20 - ok
22:23:16.0171 5964 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:23:16.0173 5964 msahci - ok
22:23:16.0203 5964 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:23:16.0208 5964 msdsm - ok
22:23:16.0277 5964 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:23:16.0282 5964 MSDTC - ok
22:23:16.0609 5964 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:23:16.0612 5964 Msfs - ok
22:23:16.0622 5964 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:23:16.0626 5964 mshidkmdf - ok
22:23:16.0667 5964 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:23:16.0669 5964 msisadrv - ok
22:23:16.0720 5964 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:23:16.0723 5964 MSiSCSI - ok
22:23:16.0734 5964 msiserver - ok
22:23:16.0814 5964 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:23:16.0816 5964 MSKSSRV - ok
22:23:16.0907 5964 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:23:16.0913 5964 MSPCLOCK - ok
22:23:16.0933 5964 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:23:16.0937 5964 MSPQM - ok
22:23:16.0960 5964 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:23:16.0964 5964 MsRPC - ok
22:23:17.0006 5964 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:23:17.0008 5964 mssmbios - ok
22:23:17.0076 5964 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:23:17.0101 5964 MSTEE - ok
22:23:17.0230 5964 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:23:17.0233 5964 MTConfig - ok
22:23:17.0257 5964 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:23:17.0260 5964 Mup - ok
22:23:17.0303 5964 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
22:23:17.0319 5964 napagent - ok
22:23:17.0451 5964 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:23:17.0468 5964 NativeWifiP - ok
22:23:17.0531 5964 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:23:17.0549 5964 NDIS - ok
22:23:17.0611 5964 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:23:17.0614 5964 NdisCap - ok
22:23:17.0657 5964 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:23:17.0660 5964 NdisTapi - ok
22:23:17.0749 5964 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:23:17.0761 5964 Ndisuio - ok
22:23:17.0795 5964 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:23:17.0808 5964 NdisWan - ok
22:23:17.0846 5964 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:23:17.0848 5964 NDProxy - ok
22:23:17.0902 5964 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:23:17.0904 5964 NetBIOS - ok
22:23:18.0156 5964 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\drivers\netbt.sys
22:23:18.0161 5964 NetBT - ok
22:23:18.0260 5964 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:23:18.0261 5964 Netlogon - ok
22:23:18.0617 5964 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:23:18.0635 5964 Netman - ok
22:23:18.0661 5964 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:23:18.0670 5964 netprofm - ok
22:23:18.0769 5964 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:23:18.0772 5964 NetTcpPortSharing - ok
22:23:18.0931 5964 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:23:18.0934 5964 nfrd960 - ok
22:23:18.0990 5964 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
22:23:18.0995 5964 NlaSvc - ok
22:23:19.0104 5964 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
22:23:19.0122 5964 nmservice - ok
22:23:19.0294 5964 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:23:19.0297 5964 Npfs - ok
22:23:19.0341 5964 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:23:19.0354 5964 nsi - ok
22:23:19.0386 5964 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:23:19.0387 5964 nsiproxy - ok
22:23:19.0455 5964 Ntfs (a7266d82db9675afbded39695b69edac) C:\Windows\system32\drivers\Ntfs.sys
22:23:19.0517 5964 Ntfs - ok
22:23:19.0546 5964 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:23:19.0549 5964 Null - ok
22:23:19.0615 5964 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
22:23:19.0632 5964 NVENETFD - ok
22:23:19.0901 5964 nvlddmkm (8b75f652726a2ba3197860f300514e3f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:23:20.0050 5964 nvlddmkm - ok
22:23:20.0209 5964 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:23:20.0238 5964 nvraid - ok
22:23:20.0287 5964 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:23:20.0289 5964 nvstor - ok
22:23:20.0543 5964 nvsvc (387dc341e2aed29eb8f67b6ee53bb43b) C:\Windows\system32\nvvsvc.exe
22:23:20.0548 5964 nvsvc - ok
22:23:20.0577 5964 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:23:20.0580 5964 nv_agp - ok
22:23:20.0613 5964 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:23:20.0635 5964 ohci1394 - ok
22:23:20.0725 5964 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:23:20.0739 5964 ose - ok
22:23:20.0796 5964 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:23:20.0813 5964 p2pimsvc - ok
22:23:20.0881 5964 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:23:20.0898 5964 p2psvc - ok
22:23:20.0937 5964 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:23:20.0940 5964 Parport - ok
22:23:21.0006 5964 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
22:23:21.0025 5964 partmgr - ok
22:23:21.0045 5964 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:23:21.0047 5964 Parvdm - ok
22:23:21.0070 5964 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:23:21.0079 5964 PcaSvc - ok
22:23:21.0116 5964 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:23:21.0120 5964 pci - ok
22:23:21.0145 5964 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:23:21.0148 5964 pciide - ok
22:23:21.0175 5964 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:23:21.0179 5964 pcmcia - ok
22:23:21.0205 5964 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:23:21.0208 5964 pcw - ok
22:23:21.0234 5964 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:23:21.0267 5964 PEAUTH - ok
22:23:21.0347 5964 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
22:23:21.0382 5964 pla - ok
22:23:21.0443 5964 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
22:23:21.0459 5964 PlugPlay - ok
22:23:21.0556 5964 pnarp (8092d881311b313c99099870f663f888) C:\Windows\system32\DRIVERS\pnarp.sys
22:23:21.0574 5964 pnarp - ok
22:23:21.0603 5964 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:23:21.0607 5964 PNRPAutoReg - ok
22:23:21.0629 5964 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:23:21.0632 5964 PNRPsvc - ok
22:23:21.0674 5964 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
22:23:21.0682 5964 PolicyAgent - ok
22:23:21.0723 5964 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
22:23:21.0729 5964 Power - ok
22:23:21.0791 5964 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:23:21.0816 5964 PptpMiniport - ok
22:23:21.0855 5964 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:23:21.0859 5964 Processor - ok
22:23:21.0911 5964 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
22:23:21.0916 5964 ProfSvc - ok
22:23:21.0951 5964 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:23:21.0953 5964 ProtectedStorage - ok
22:23:22.0043 5964 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:23:22.0065 5964 Psched - ok
22:23:22.0207 5964 purendis (9715050608550825b23507213cae0208) C:\Windows\system32\DRIVERS\purendis.sys
22:23:22.0212 5964 purendis - ok
22:23:22.0498 5964 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
22:23:22.0516 5964 PxHelp20 - ok
22:23:22.0576 5964 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:23:22.0609 5964 ql2300 - ok
22:23:22.0629 5964 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:23:22.0632 5964 ql40xx - ok
22:23:22.0663 5964 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:23:22.0668 5964 QWAVE - ok
22:23:22.0711 5964 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:23:22.0716 5964 QWAVEdrv - ok
22:23:22.0729 5964 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:23:22.0731 5964 RasAcd - ok
22:23:22.0785 5964 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:23:22.0790 5964 RasAgileVpn - ok
22:23:22.0807 5964 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:23:22.0811 5964 RasAuto - ok
22:23:22.0864 5964 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:23:22.0872 5964 Rasl2tp - ok
22:23:22.0910 5964 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
22:23:22.0944 5964 RasMan - ok
22:23:22.0973 5964 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:23:22.0979 5964 RasPppoe - ok
22:23:23.0009 5964 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:23:23.0012 5964 RasSstp - ok
22:23:23.0044 5964 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:23:23.0049 5964 rdbss - ok
22:23:23.0069 5964 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:23:23.0071 5964 rdpbus - ok
22:23:23.0107 5964 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:23:23.0108 5964 RDPCDD - ok
22:23:23.0221 5964 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:23:23.0222 5964 RDPENCDD - ok
22:23:23.0245 5964 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:23:23.0246 5964 RDPREFMP - ok
22:23:23.0285 5964 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
22:23:23.0290 5964 RDPWD - ok
22:23:23.0351 5964 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:23:23.0355 5964 rdyboost - ok
22:23:23.0389 5964 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:23:23.0392 5964 RemoteAccess - ok
22:23:23.0448 5964 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:23:23.0467 5964 RemoteRegistry - ok
22:23:23.0508 5964 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:23:23.0512 5964 RpcEptMapper - ok
22:23:23.0549 5964 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:23:23.0570 5964 RpcLocator - ok
22:23:23.0610 5964 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:23:23.0615 5964 RpcSs - ok
22:23:23.0737 5964 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:23:23.0758 5964 rspndr - ok
22:23:23.0802 5964 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:23:23.0805 5964 SamSs - ok
22:23:23.0860 5964 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:23:23.0865 5964 sbp2port - ok
22:23:23.0911 5964 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:23:23.0916 5964 SCardSvr - ok
22:23:23.0957 5964 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:23:23.0983 5964 scfilter - ok
22:23:24.0052 5964 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
22:23:24.0078 5964 Schedule - ok
22:23:24.0121 5964 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:23:24.0122 5964 SCPolicySvc - ok
22:23:24.0167 5964 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
22:23:24.0170 5964 SDRSVC - ok
22:23:24.0480 5964 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
22:23:24.0486 5964 SeaPort - ok
22:23:24.0577 5964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:23:24.0581 5964 secdrv - ok
22:23:24.0612 5964 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:23:24.0618 5964 seclogon - ok
22:23:24.0645 5964 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
22:23:24.0648 5964 SENS - ok
22:23:24.0694 5964 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:23:24.0744 5964 SensrSvc - ok
22:23:24.0786 5964 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:23:24.0790 5964 Serenum - ok
22:23:24.0833 5964 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:23:24.0838 5964 Serial - ok
22:23:24.0866 5964 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:23:24.0870 5964 sermouse - ok
22:23:24.0919 5964 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
22:23:24.0925 5964 SessionEnv - ok
22:23:24.0961 5964 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:23:24.0963 5964 sffdisk - ok
22:23:24.0984 5964 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:23:24.0999 5964 sffp_mmc - ok
22:23:25.0028 5964 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:23:25.0031 5964 sffp_sd - ok
22:23:25.0076 5964 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:23:25.0078 5964 sfloppy - ok
22:23:25.0137 5964 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:23:25.0146 5964 SharedAccess - ok
22:23:25.0190 5964 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
22:23:25.0208 5964 ShellHWDetection - ok
22:23:25.0335 5964 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:23:25.0366 5964 sisagp - ok
22:23:25.0423 5964 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:23:25.0427 5964 SiSRaid2 - ok
22:23:25.0454 5964 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:23:25.0458 5964 SiSRaid4 - ok
22:23:25.0510 5964 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:23:25.0534 5964 Smb - ok
22:23:25.0612 5964 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:23:25.0618 5964 SNMPTRAP - ok
22:23:25.0681 5964 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\Windows\system32\DRIVERS\sonypvs1.sys
22:23:25.0686 5964 sonypvs1 - ok
22:23:25.0710 5964 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:23:25.0713 5964 spldr - ok
22:23:25.0804 5964 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
22:23:25.0853 5964 Spooler - ok
22:23:25.0993 5964 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
22:23:26.0062 5964 sppsvc - ok
22:23:26.0107 5964 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
22:23:26.0125 5964 sppuinotify - ok
22:23:26.0179 5964 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:23:26.0189 5964 srv - ok
22:23:26.0210 5964 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:23:26.0226 5964 srv2 - ok
22:23:26.0251 5964 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:23:26.0258 5964 srvnet - ok
22:23:26.0296 5964 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:23:26.0301 5964 SSDPSRV - ok
22:23:26.0325 5964 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:23:26.0328 5964 SstpSvc - ok
22:23:26.0600 5964 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:23:26.0643 5964 stexstor - ok
22:23:26.0803 5964 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
22:23:26.0820 5964 StiSvc - ok
22:23:26.0854 5964 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:23:26.0856 5964 swenum - ok
22:23:26.0902 5964 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:23:26.0919 5964 swprv - ok
22:23:27.0001 5964 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:23:27.0028 5964 SysMain - ok
22:23:27.0069 5964 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:23:27.0074 5964 TabletInputService - ok
22:23:27.0116 5964 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:23:27.0133 5964 TapiSrv - ok
22:23:27.0199 5964 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:23:27.0206 5964 TBS - ok
22:23:27.0320 5964 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
22:23:27.0350 5964 Tcpip - ok
22:23:27.0412 5964 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
22:23:27.0420 5964 TCPIP6 - ok
22:23:27.0491 5964 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:23:27.0495 5964 tcpipreg - ok
22:23:27.0554 5964 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:23:27.0566 5964 TDPIPE - ok
22:23:27.0651 5964 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
22:23:27.0655 5964 TDTCP - ok
22:23:27.0708 5964 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:23:27.0735 5964 tdx - ok
22:23:27.0772 5964 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:23:27.0776 5964 TermDD - ok
22:23:27.0817 5964 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:23:27.0834 5964 TermService - ok
22:23:27.0865 5964 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:23:27.0868 5964 Themes - ok
22:23:27.0899 5964 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:23:27.0901 5964 THREADORDER - ok
22:23:27.0944 5964 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:23:27.0968 5964 TrkWks - ok
22:23:28.0029 5964 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:23:28.0032 5964 TrustedInstaller - ok
22:23:28.0057 5964 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:23:28.0059 5964 tssecsrv - ok
22:23:28.0131 5964 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:23:28.0136 5964 TsUsbFlt - ok
22:23:28.0227 5964 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:23:28.0232 5964 tunnel - ok
22:23:28.0326 5964 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:23:28.0330 5964 uagp35 - ok
22:23:28.0365 5964 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:23:28.0370 5964 udfs - ok
22:23:28.0419 5964 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:23:28.0422 5964 UI0Detect - ok
22:23:28.0454 5964 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:23:28.0457 5964 uliagpkx - ok
22:23:28.0510 5964 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
22:23:28.0527 5964 umbus - ok
22:23:28.0581 5964 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:23:28.0584 5964 UmPass - ok
22:23:28.0603 5964 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:23:28.0621 5964 upnphost - ok
22:23:28.0670 5964 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
22:23:28.0675 5964 usbaudio - ok
22:23:28.0693 5964 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:23:28.0713 5964 usbccgp - ok
22:23:28.0744 5964 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:23:28.0749 5964 usbcir - ok
22:23:28.0790 5964 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:23:28.0794 5964 usbehci - ok
22:23:28.0839 5964 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:23:28.0856 5964 usbhub - ok
22:23:28.0876 5964 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
22:23:28.0880 5964 usbohci - ok
22:23:28.0925 5964 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:23:28.0928 5964 usbprint - ok
22:23:28.0941 5964 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:23:28.0945 5964 USBSTOR - ok
22:23:28.0965 5964 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
22:23:28.0968 5964 usbuhci - ok
22:23:29.0003 5964 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:23:29.0035 5964 UxSms - ok
22:23:29.0072 5964 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:23:29.0075 5964 VaultSvc - ok
22:23:29.0122 5964 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:23:29.0125 5964 vdrvroot - ok
22:23:29.0175 5964 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:23:29.0190 5964 vds - ok
22:23:29.0215 5964 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:23:29.0217 5964 vga - ok
22:23:29.0285 5964 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:23:29.0302 5964 VgaSave - ok
22:23:29.0343 5964 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:23:29.0349 5964 vhdmp - ok
22:23:29.0401 5964 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:23:29.0405 5964 viaagp - ok
22:23:29.0442 5964 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:23:29.0444 5964 ViaC7 - ok
22:23:29.0465 5964 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:23:29.0467 5964 viaide - ok
22:23:29.0497 5964 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:23:29.0499 5964 volmgr - ok
22:23:29.0514 5964 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:23:29.0518 5964 volmgrx - ok
22:23:29.0575 5964 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:23:29.0582 5964 volsnap - ok
22:23:29.0628 5964 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:23:29.0633 5964 vsmraid - ok
22:23:29.0692 5964 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:23:29.0715 5964 VSS - ok
22:23:29.0930 5964 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
22:23:29.0956 5964 vToolbarUpdater10.2.0 - ok
22:23:30.0233 5964 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:23:30.0236 5964 vwifibus - ok
22:23:30.0291 5964 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:23:30.0308 5964 W32Time - ok
22:23:30.0381 5964 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:23:30.0526 5964 WacomPen - ok
22:23:30.0600 5964 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:23:30.0604 5964 WANARP - ok
22:23:30.0613 5964 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:23:30.0615 5964 Wanarpv6 - ok
22:23:30.0715 5964 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:23:30.0750 5964 WatAdminSvc - ok
22:23:30.0888 5964 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:23:30.0917 5964 wbengine - ok
22:23:30.0952 5964 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:23:30.0969 5964 WbioSrvc - ok
22:23:31.0015 5964 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:23:31.0023 5964 wcncsvc - ok
22:23:31.0038 5964 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:23:31.0043 5964 WcsPlugInService - ok
22:23:31.0116 5964 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:23:31.0128 5964 Wd - ok
22:23:31.0160 5964 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:23:31.0176 5964 Wdf01000 - ok
22:23:31.0193 5964 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:23:31.0197 5964 WdiServiceHost - ok
22:23:31.0201 5964 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:23:31.0204 5964 WdiSystemHost - ok
22:23:31.0246 5964 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:23:31.0263 5964 WebClient - ok
22:23:31.0288 5964 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:23:31.0296 5964 Wecsvc - ok
22:23:31.0315 5964 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:23:31.0320 5964 wercplsupport - ok
22:23:31.0386 5964 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:23:31.0392 5964 WerSvc - ok
22:23:31.0484 5964 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:23:31.0488 5964 WfpLwf - ok
22:23:31.0510 5964 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:23:31.0518 5964 WIMMount - ok
22:23:31.0657 5964 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:23:31.0685 5964 WinDefend - ok
22:23:31.0697 5964 WinHttpAutoProxySvc - ok
22:23:31.0826 5964 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:23:31.0843 5964 Winmgmt - ok
22:23:31.0933 5964 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:23:31.0950 5964 WinRM - ok
22:23:32.0026 5964 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:23:32.0050 5964 Wlansvc - ok
22:23:32.0200 5964 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:23:32.0237 5964 wlidsvc - ok
22:23:32.0375 5964 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:23:32.0378 5964 WmiAcpi - ok
22:23:32.0638 5964 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:23:32.0644 5964 wmiApSrv - ok
22:23:32.0824 5964 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:23:32.0850 5964 WMPNetworkSvc - ok
22:23:32.0964 5964 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:23:32.0970 5964 WPCSvc - ok
22:23:33.0021 5964 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:23:33.0033 5964 WPDBusEnum - ok
22:23:33.0096 5964 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:23:33.0097 5964 ws2ifsl - ok
22:23:33.0112 5964 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
22:23:33.0116 5964 wscsvc - ok
22:23:33.0123 5964 WSearch - ok
22:23:33.0190 5964 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
22:23:33.0224 5964 wuauserv - ok
22:23:33.0268 5964 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:23:33.0289 5964 WudfPf - ok
22:23:33.0375 5964 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:23:33.0380 5964 WUDFRd - ok
22:23:33.0414 5964 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:23:33.0420 5964 wudfsvc - ok
22:23:33.0468 5964 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:23:33.0486 5964 WwanSvc - ok
22:23:33.0537 5964 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
22:23:33.0575 5964 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
22:23:33.0575 5964 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
22:23:33.0595 5964 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:23:33.0600 5964 \Device\Harddisk1\DR1 - ok
22:23:33.0613 5964 Boot (0x1200) (a570c478435f927e1cc4213850068c36) \Device\Harddisk0\DR0\Partition0
22:23:33.0614 5964 \Device\Harddisk0\DR0\Partition0 - ok
22:23:33.0642 5964 Boot (0x1200) (fdfc5dd4054dae27c7bee6aa33eb6701) \Device\Harddisk0\DR0\Partition1
22:23:33.0643 5964 \Device\Harddisk0\DR0\Partition1 - ok
22:23:33.0648 5964 Boot (0x1200) (32db9dd320b7c0302f47330482866cc8) \Device\Harddisk1\DR1\Partition0
22:23:33.0651 5964 \Device\Harddisk1\DR1\Partition0 - ok
22:23:33.0652 5964 ============================================================
22:23:33.0652 5964 Scan finished
22:23:33.0652 5964 ============================================================
22:23:33.0667 8048 Detected object count: 1
22:23:33.0667 8048 Actual detected object count: 1
22:23:52.0730 8048 \Device\Harddisk0\DR0\# - copied to quarantine
22:23:52.0730 8048 \Device\Harddisk0\DR0 - copied to quarantine
22:23:52.0756 8048 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
22:23:52.0765 8048 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:23:52.0768 8048 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
22:23:52.0772 8048 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:23:52.0777 8048 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:23:52.0788 8048 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
22:23:52.0795 8048 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
22:23:52.0797 8048 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
22:23:52.0800 8048 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
22:23:52.0802 8048 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
22:23:52.0806 8048 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
22:23:52.0809 8048 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
22:23:52.0890 8048 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
22:23:52.0891 8048 \Device\Harddisk0\DR0 - ok
22:23:53.0690 8048 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
22:24:05.0528 8100 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-22 07:21:22
-----------------------------
07:21:22.261 OS Version: Windows 6.1.7601 Service Pack 1
07:21:22.261 Number of processors: 2 586 0x203
07:21:22.261 ComputerName: MOM_DAD-PC UserName: mom_dad
07:21:40.404 Initialize success
07:22:33.866 AVAST engine defs: 12032000
07:22:45.863 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
07:22:45.863 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
07:22:45.878 Disk 0 MBR read successfully
07:22:45.878 Disk 0 MBR scan
07:22:45.894 Disk 0 Windows 7 default MBR code
07:22:45.894 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 293696 MB offset 63
07:22:45.925 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11546 MB offset 601489665
07:22:45.941 Disk 0 scanning sectors +625137345
07:22:46.003 Disk 0 scanning C:\Windows\system32\drivers
07:22:58.452 Service scanning
07:23:23.015 Modules scanning
07:23:28.428 Disk 0 trace - called modules:
07:23:28.444 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
07:23:28.444 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862c8030]
07:23:28.459 3 CLASSPNP.SYS[8afa559e] -> nt!IofCallDriver -> [0x860cf488]
07:23:28.459 5 ACPI.sys[8aa1f3d4] -> nt!IofCallDriver -> \Device\0000005d[0x860cf030]
07:23:30.908 AVAST engine scan C:\Windows
07:23:33.389 AVAST engine scan C:\Windows\system32
07:26:43.858 AVAST engine scan C:\Windows\system32\drivers
07:26:57.056 AVAST engine scan C:\Users\mom_dad
07:32:45.998 AVAST engine scan C:\ProgramData
07:35:15.165 File: C:\ProgramData\Microsoft\Windows\DRM\8162.tmp **INFECTED** Win32:Alureon-ARF [Rtk]
07:35:54.306 Scan finished successfully
17:15:40.820 Disk 0 MBR has been saved successfully to "C:\Users\mom_dad\Desktop\MBR.dat"
17:15:40.836 The log file has been saved successfully to "C:\Users\mom_dad\Desktop\aswMBR.txt"


I did not select FixMBR on aswMBR

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 22 March 2012 - 08:37 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\ProgramData\Microsoft\Windows\DRM

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 nwbalddog

nwbalddog
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Snohomish, WA
  • Local time:06:45 PM

Posted 23 March 2012 - 08:31 AM

Iam seeinno report, I will run again

#10 nwbalddog

nwbalddog
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Snohomish, WA
  • Local time:06:45 PM

Posted 23 March 2012 - 08:54 AM

ComboFix 12-03-20.02 - mom_dad 03/23/2012 6:33.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1817 [GMT -7:00]
Running from: c:\users\mom_dad\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-23 to 2012-03-23 )))))))))))))))))))))))))))))))
.
.
2012-03-23 13:39 . 2012-03-23 13:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-23 13:39 . 2012-03-23 13:39 -------- d-----w- c:\users\Administrator2\AppData\Local\temp
2012-03-22 13:48 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-22 13:48 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-22 13:48 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-22 13:48 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-22 13:48 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-22 13:48 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-22 13:48 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-22 10:00 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-22 10:00 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-22 05:23 . 2012-03-22 05:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-21 04:33 . 2012-03-23 13:39 -------- d-----w- c:\users\mom_dad\AppData\Local\temp
2012-03-21 04:33 . 2009-07-13 23:12 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-19 02:08 . 2012-03-19 02:08 -------- d-----w- c:\users\Repair
2012-03-18 15:29 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-18 02:14 . 2012-03-18 02:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2012-03-12 07:11 . 2012-03-12 07:25 -------- d-----w- c:\users\Administrator2\AppData\Local\ID Vault
2012-03-04 22:05 . 2012-03-04 22:05 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 18:35 . 2011-05-25 06:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-13 23:59 . 2012-01-13 23:59 10 ----a-w- c:\windows\Fonts\wfonts.key
2012-01-04 08:58 . 2012-02-15 04:56 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-15 04:56 478720 ----a-w- c:\windows\system32\timedate.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 00:26 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-08 39408]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"TurboHddUsb"="c:\program files\TurboHddUsb\TurboHddUsb.exe" [2010-01-16 3327488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-3-20 6658120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-01-16 17792]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-01-16 7040]
S1 GIDv2;GIDv2; [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [2012-03-20 66632]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 18:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 03:00]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 03:00]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316481493-3646135646-4112620032-1001Core.job
- c:\users\mom_dad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 03:31]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316481493-3646135646-4112620032-1001UA.job
- c:\users\mom_dad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 03:31]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316481493-3646135646-4112620032-1004Core.job
- c:\users\Administrator2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-08 10:20]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316481493-3646135646-4112620032-1004UA.job
- c:\users\Administrator2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-08 10:20]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
- - - - - - - > 'Explorer.exe'(4428)
c:\windows\system32\GIDHook.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\EasyHook32.dll
c:\program files\Pure Networks\Network Magic\nmspce2.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\windows\System32\SyncCenter.dll
c:\windows\system32\fxsst.dll
.
Completion time: 2012-03-23 06:40:59
ComboFix-quarantined-files.txt 2012-03-23 13:40
ComboFix2.txt 2012-03-23 04:55
ComboFix3.txt 2012-03-21 13:15
.
Pre-Run: 133,713,186,816 bytes free
Post-Run: 133,306,978,304 bytes free
.
- - End Of File - - AC901BA2762D20E21528D9400DB3FB78

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 23 March 2012 - 11:15 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Bing Bar
Bing Rewards Client Installer
Java™ 6 Update 24
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 nwbalddog

nwbalddog
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Snohomish, WA
  • Local time:06:45 PM

Posted 24 March 2012 - 12:09 AM

alwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.23.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
mom_dad :: MOM_DAD-PC [administrator]

3/23/2012 9:59:40 PM
mbam-log-2012-03-23 (21-59-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220325
Time elapsed: 5 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:08:28 PM, on 3/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\TurboHddUsb\TurboHddUsb.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\SFT\GuardedID\GIDD.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\Explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Constant Guard Protection Suite (COM) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll
O2 - BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O3 - Toolbar: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [TurboHddUsb] C:\Program Files\TurboHddUsb\TurboHddUsb.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe /s
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKCU\..\RunOnce: [JavaInstallRetry] "C:\Users\mom_dad\AppData\LocalLow\Sun\Java\JRERunOnce.exe" RUNONCE=1 SPONSORS=0
O4 - Global Startup: Constant Guard.lnk = C:\Program Files\Constant Guard Protection Suite\IDVault.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://leagueathletics.com/XUpload.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

--
End of file - 8526 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 24 March 2012 - 12:12 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\RunOnce: [JavaInstallRetry] "C:\Users\mom_dad\AppData\LocalLow\Sun\Java\JRERunOnce.exe" RUNONCE=1 SPONSORS=0
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 nwbalddog

nwbalddog
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Snohomish, WA
  • Local time:06:45 PM

Posted 24 March 2012 - 09:05 AM

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\8162.tmp.vir a variant of Win32/Kryptik.ACMP trojan
C:\TDSSKiller_Quarantine\21.03.2012_22.22.41\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\21.03.2012_22.22.41\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\21.03.2012_22.22.41\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\21.03.2012_22.22.41\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\21.03.2012_22.22.41\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KB trojan
C:\TDSSKiller_Quarantine\21.03.2012_22.22.41\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\21.03.2012_22.22.41\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\21.03.2012_22.22.41\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan
C:\Users\Administrator2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE8DR0CY\19[1].htm HTML/Iframe.B.Gen virus
C:\Users\Administrator2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ODRDTH1K\3[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\All Users\Application Data\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan
C:\Windows.old\Documents and Settings\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan
C:\Windows.old\Program Files\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan
C:\Windows.old\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan
C:\Windows.old\Users\All Users\Application Data\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan
C:\Windows.old\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan
G:\MOM_DAD-PC\Backup Set 2010-02-01 174539\Backup Files 2010-06-01 170002\Backup files 1.zip Java/TrojanDownloader.Agent.AF trojan
G:\MOM_DAD-PC\Backup Set 2010-02-01 174539\Backup Files 2010-07-01 174354\Backup files 1.zip multiple threats
G:\MOM_DAD-PC\Backup Set 2010-02-01 174539\Backup Files 2011-01-01 130000\Backup files 1.zip multiple threats
G:\MOM_DAD-PC\Backup Set 2010-02-01 174539\Backup Files 2011-02-01 130000\Backup files 1.zip multiple threats
G:\MOM_DAD-PC\Backup Set 2011-03-01 130000\Backup Files 2011-03-01 130000\Backup files 4.zip multiple threats
G:\MOM_DAD-PC\Backup Set 2011-03-01 130000\Backup Files 2011-03-01 130000\Backup files 5.zip multiple threats
G:\MOM_DAD-PC\Backup Set 2011-03-01 130000\Backup Files 2011-06-01 130000\Backup files 1.zip Java/TrojanDownloader.OpenStream.NCA trojan
G:\MOM_DAD-PC\Backup Set 2011-03-01 130000\Backup Files 2011-12-01 130000\Backup files 1.zip multiple threats
G:\MOM_DAD-PC\Backup Set 2012-03-01 130002\Backup Files 2012-03-01 130002\Backup files 10.zip multiple threats
G:\MOM_DAD-PC\Backup Set 2012-03-01 130002\Backup Files 2012-03-01 130002\Backup files 8.zip multiple threats

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 24 March 2012 - 10:19 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Administrator2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE8DR0CY\19[1].htm"
    del /f /s /q "C:\Users\Administrator2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ODRDTH1K\3[1].htm"
    del /f /s /q "C:\Windows.old\Documents and Settings\All Users\Application Data\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe"
    del /f /s /q "C:\Windows.old\Documents and Settings\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe"
    del /f /s /q "C:\Windows.old\Program Files\HP Games\Farm Mania\Farm-WT.exe"
    del /f /s /q "C:\Windows.old\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe"
    del /f /s /q "C:\Windows.old\Users\All Users\Application Data\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe"
    del /f /s /q "C:\Windows.old\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop.

:DeFogger:

Note** This only needs to be run if it was run before - If not then skip it.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users