Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan in svchost


  • This topic is locked This topic is locked
18 replies to this topic

#1 psu2014

psu2014

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 25 March 2012 - 04:46 PM

I have been getting pop up windows telling me that avg blocked threats and I have been getting redirected to Happili from google. I decided to run malwarebytes and it detected two threats, one is "trojan.agent" located in svchost.exe-file. The other one is "trojan.agent" located in svchost.exe-memory process.

I also noticed that my clock is set to military time which it wasn't before, and when I tell my computer to wake up from hibernation the start-up repair program starts up--not sure if these are because of the trojans, but I thought I'd mention it.

I ran defogger and disabled the disk emulation and I also ran DDS. I didn't run GMER because I have the 64bit windows.

Please help,
psu2014

DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Susan at 17:33:39 on 2012-03-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1205 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\DllHost.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\notepad.exe
C:\Users\Susan\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 158.136.1.154 158.136.1.92 158.136.1.101 158.136.64.54
TCP: Interfaces\{3BA691E3-BE4B-4B92-9274-5974FE1A274D} : DhcpNameServer = 158.136.1.154 158.136.1.92 158.136.1.101 158.136.64.54
TCP: Interfaces\{3BA691E3-BE4B-4B92-9274-5974FE1A274D}\05355502355434552554027455543545 : DhcpNameServer = 158.136.1.154 158.136.1.92 158.136.1.101 158.136.64.54
TCP: Interfaces\{3BA691E3-BE4B-4B92-9274-5974FE1A274D}\14A7271656C6 : DhcpNameServer = 192.168.2.1 8.8.8.8 156.154.129.11
TCP: Interfaces\{3BA691E3-BE4B-4B92-9274-5974FE1A274D}\7486F63747 : DhcpNameServer = 192.168.2.1 8.8.8.8 156.154.129.11
TCP: Interfaces\{D5E2E399-4221-4B5B-91E8-87B0741BC82D} : DhcpNameServer = 158.136.1.154 158.136.1.92 158.136.1.101 158.136.64.54
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\7136meei.default\
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-2-28 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 BNPagent;Bradford Persistent Agent Service;C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [2011-10-28 3079960]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-1-29 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-1-29 128512]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-5-14 514232]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-3-30 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-7 1751656]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-25 21:13:06 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-25 21:13:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-24 15:05:09 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-24 03:37:48 20480 ----a-w- C:\Windows\svchost.exe
2012-03-24 03:26:53 691 ----a-w- C:\Users\Susan\AppData\Roaming\GetValue.vbs
2012-03-24 03:26:53 35 ----a-w- C:\Users\Susan\AppData\Roaming\SetValue.bat
2012-03-24 03:26:52 4242 ----a-w- C:\Windows\SysWow64\tmp.reg
2012-03-24 02:26:24 -------- d-----w- C:\$RECYCLE.BIN
2012-03-24 02:10:20 98816 ----a-w- C:\Windows\sed.exe
2012-03-24 02:10:20 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-24 02:10:20 256000 ----a-w- C:\Windows\PEV.exe
2012-03-24 02:10:20 208896 ----a-w- C:\Windows\MBR.exe
2012-03-24 01:08:20 -------- d-----w- C:\Users\Susan\AppData\Roaming\Malwarebytes
2012-03-24 01:08:07 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-21 13:41:53 -------- d-----w- C:\Users\Susan\AppData\Roaming\AVG
2012-03-21 13:21:33 -------- d-----w- C:\Users\Susan\AppData\Roaming\PCPro
2012-03-21 13:21:33 -------- d-----w- C:\Users\Susan\AppData\Roaming\PC Cleaners
2012-03-21 13:21:29 -------- d-----w- C:\ProgramData\PC1Data
2012-03-18 21:17:14 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\C5F1.tmp
2012-02-29 01:08:20 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-02-29 01:08:09 -------- d-----w- C:\Users\Susan\AppData\Local\Origin
2012-02-29 00:55:09 -------- d-----w- C:\ProgramData\EA Core
2012-02-29 00:11:01 -------- d-----w- C:\Users\Susan\AppData\Roaming\Origin
2012-02-29 00:10:21 -------- d-----w- C:\ProgramData\Origin
2012-02-29 00:08:57 -------- d-----w- C:\Program Files (x86)\Origin
2012-02-28 23:59:26 -------- d-----w- C:\ProgramData\Electronic Arts
2012-02-28 23:14:24 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll
2012-02-28 23:14:24 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2012-02-25 01:05:46 -------- d-----w- C:\Users\Susan\AppData\Local\{A0896B50-B84A-493D-B4B5-2AE87CE65D10}
.
==================== Find3M ====================
.
2012-01-23 04:20:44 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 17:36:28.12 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 26 March 2012 - 08:39 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 psu2014

psu2014
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 26 March 2012 - 01:21 PM

ComboFix 12-03-26.02 - Susan 03/25/2012 13:58:00.7.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2909 [GMT -4:00]
Running from: c:\users\Susan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
---- Previous Run -------
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-25 21:13 . 2012-03-25 21:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-25 21:13 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 18:02 . 2012-03-25 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-25 13:39 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-03-24 15:05 . 2012-03-25 15:51 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-24 03:26 . 2012-03-24 03:30 691 ----a-w- c:\users\Susan\AppData\Roaming\GetValue.vbs
2012-03-24 03:26 . 2012-03-24 03:30 35 ----a-w- c:\users\Susan\AppData\Roaming\SetValue.bat
2012-03-24 01:08 . 2012-03-25 07:33 -------- d-----w- c:\users\Susan\AppData\Roaming\Malwarebytes
2012-03-24 01:08 . 2012-03-25 07:31 -------- d-----w- c:\programdata\Malwarebytes
2012-03-21 13:41 . 2012-03-21 13:43 -------- d-----w- c:\users\Susan\AppData\Roaming\AVG
2012-03-21 13:21 . 2012-03-21 13:31 -------- d-----w- c:\users\Susan\AppData\Roaming\PCPro
2012-03-21 13:21 . 2012-03-21 13:21 -------- d-----w- c:\users\Susan\AppData\Roaming\PC Cleaners
2012-03-21 13:21 . 2012-03-21 13:21 -------- d-----w- c:\programdata\PC1Data
2012-03-18 21:17 . 2012-03-18 21:17 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\C5F1.tmp
2012-02-29 01:08 . 2012-02-29 01:08 -------- d-----w- c:\program files (x86)\Origin Games
2012-02-29 01:08 . 2012-02-29 01:08 -------- d-----w- c:\users\Susan\AppData\Local\Origin
2012-02-29 00:55 . 2012-03-19 17:46 -------- d-----w- c:\programdata\EA Core
2012-02-29 00:11 . 2012-02-29 01:08 -------- d-----w- c:\users\Susan\AppData\Roaming\Origin
2012-02-29 00:10 . 2012-02-29 01:08 -------- d-----w- c:\programdata\Origin
2012-02-29 00:08 . 2012-03-19 17:46 -------- d-----w- c:\program files (x86)\Origin
2012-02-28 23:59 . 2012-03-19 17:46 -------- d-----w- c:\programdata\Electronic Arts
2012-02-28 23:14 . 2006-09-28 21:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-02-28 23:14 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-02-28 22:55 . 2012-03-21 16:53 -------- d-----w- c:\program files (x86)\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 04:20 . 2012-01-23 04:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-20 13:54 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-17 09:39 . 2012-01-22 20:07 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47859939-AF99-41BE-9585-058DABE6DC9E}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-24_02.26.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-25 02:55 . 2012-03-25 17:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-25 13:14 . 2012-03-25 15:51 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032520120326\index.dat
+ 2012-03-24 15:07 . 2012-03-25 02:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032420120325\index.dat
+ 2012-03-23 21:29 . 2012-03-24 03:37 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032320120324\index.dat
+ 2012-03-19 14:02 . 2012-03-25 15:51 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-03-19 14:02 . 2012-03-24 01:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:24 . 2010-11-21 03:24 37376 c:\windows\system32\wups2(7).dll
+ 2010-11-21 03:09 . 2012-03-25 17:38 40576 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-25 17:38 49408 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-20 13:54 . 2012-03-25 17:38 10674 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-62563193-1554576102-3946920395-1002_UserData.bin
+ 2009-07-14 00:17 . 2009-07-14 01:40 24576 c:\windows\system32\drprov(2).dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 58880 c:\windows\system32\browcli(1).dll
+ 2009-07-14 04:46 . 2012-03-25 03:07 97496 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-31 13:43 . 2012-03-24 02:58 3234 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-25 18:03 . 2012-03-25 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-24 02:25 . 2012-03-24 02:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-25 18:03 . 2012-03-25 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-24 02:25 . 2012-03-24 02:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-25 02:55 . 2012-03-25 17:37 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-22 22:04 . 2012-03-25 16:27 267284 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-03-24 01:47 627082 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-25 17:40 627082 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-24 01:47 107366 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-25 17:40 107366 c:\windows\system32\perfc009.dat
+ 2009-07-14 00:09 . 2009-07-14 01:40 324096 c:\windows\system32\FWPUCLNT(5).DLL
+ 2009-07-14 00:08 . 2009-07-14 01:40 748032 c:\windows\system32\FirewallAPI(4).dll
+ 2009-07-14 00:08 . 2009-07-14 01:40 101376 c:\windows\system32\fdWCN(3).dll
- 2009-07-14 05:38 . 2012-03-24 01:22 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2012-03-25 07:36 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:01 . 2012-03-24 02:25 456352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-25 17:15 456352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-25 14:00 . 2012-03-25 14:00 584192 c:\windows\Installer\2f8319.msi
+ 2012-03-25 02:52 . 2012-03-25 17:37 3686400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-21 03:24 . 2010-11-21 03:24 2621952 c:\windows\system32\wucltux(6).dll
+ 2009-07-14 02:34 . 2012-03-25 18:03 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-01-29 22:49 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-11-07 19:11 . 2012-03-25 17:15 1508768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-11-07 19:11 . 2012-03-24 01:19 1508768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-01-20 17:07 . 2012-03-24 02:25 4178424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-62563193-1554576102-3946920395-1002-12288.dat
+ 2012-01-20 17:07 . 2012-03-24 02:58 4178424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-62563193-1554576102-3946920395-1002-12288.dat
- 2012-03-19 00:35 . 2012-03-24 02:25 2263620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-03-19 00:35 . 2012-03-25 13:51 2263620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-03-25 17:37 10076160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-24 02:26 10076160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-20 17:07 . 2012-03-25 17:16 31459108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-62563193-1554576102-3946920395-1002-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-28 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-03-30 586808]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-03-30 319544]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"bncsaui.exe"="c:\program files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe" [2011-10-28 2625304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-28 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 BNPagent;Bradford Persistent Agent Service;c:\program files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [2011-10-28 3079960]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-03-30 26680]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-01-14 1751656]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\HPCeeScheduleForSUSAN-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-03-19 c:\windows\Tasks\HPCeeScheduleForSusan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-17 525312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 158.136.1.154 158.136.1.92 158.136.1.101 158.136.64.54
FF - ProfilePath - c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\7136meei.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WT087395 - c:\program files (x86)\HP Games\Poker Superstars III\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-25 14:08:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-25 18:08
ComboFix2.txt 2012-03-24 02:35
.
Pre-Run: 402,789,707,776 bytes free
Post-Run: 402,473,267,200 bytes free
.
- - End Of File - - 7A847CF9BDB2E7508D412A45AD0F0A1C



When I first tried to run combofix my computer blue screened around stage 4 or 5, so I tried it in safe mode and it worked fine.

My computer doesn't seem to be redirecting me to Happili or any other sites when using firefox and I haven't been getting any pop ups from AVG about viruses. Overall it appears to be running good, but I'm still a little leery that something's hiding someplace.

-psu2014

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 26 March 2012 - 02:36 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 psu2014

psu2014
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 26 March 2012 - 03:04 PM

15:50:46.0217 5684 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
15:50:46.0627 5684 ============================================================
15:50:46.0627 5684 Current date / time: 2012/03/25 15:50:46.0627
15:50:46.0627 5684 SystemInfo:
15:50:46.0627 5684
15:50:46.0627 5684 OS Version: 6.1.7601 ServicePack: 1.0
15:50:46.0627 5684 Product type: Workstation
15:50:46.0627 5684 ComputerName: SUSAN-HP
15:50:46.0627 5684 UserName: Susan
15:50:46.0627 5684 Windows directory: C:\Windows
15:50:46.0627 5684 System windows directory: C:\Windows
15:50:46.0627 5684 Running under WOW64
15:50:46.0627 5684 Processor architecture: Intel x64
15:50:46.0627 5684 Number of processors: 2
15:50:46.0627 5684 Page size: 0x1000
15:50:46.0627 5684 Boot type: Normal boot
15:50:46.0627 5684 ============================================================
15:50:47.0727 5684 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:50:47.0727 5684 \Device\Harddisk0\DR0:
15:50:47.0727 5684 MBR used
15:50:47.0727 5684 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:50:47.0727 5684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x387E9800
15:50:47.0727 5684 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3884D800, BlocksNum 0x1B04800
15:50:47.0727 5684 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
15:50:47.0817 5684 Initialize success
15:50:47.0817 5684 ============================================================
15:50:50.0278 5772 ============================================================
15:50:50.0278 5772 Scan started
15:50:50.0278 5772 Mode: Manual;
15:50:50.0278 5772 ============================================================
15:50:52.0119 5772 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:50:52.0129 5772 1394ohci - ok
15:50:52.0199 5772 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:50:52.0209 5772 ACPI - ok
15:50:52.0249 5772 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:50:52.0249 5772 AcpiPmi - ok
15:50:52.0319 5772 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:50:52.0329 5772 adp94xx - ok
15:50:52.0419 5772 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:50:52.0429 5772 adpahci - ok
15:50:52.0539 5772 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:50:52.0549 5772 adpu320 - ok
15:50:52.0579 5772 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:50:52.0589 5772 AeLookupSvc - ok
15:50:52.0689 5772 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:50:52.0699 5772 AFD - ok
15:50:52.0779 5772 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:50:52.0779 5772 agp440 - ok
15:50:52.0869 5772 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:50:52.0869 5772 ALG - ok
15:50:52.0949 5772 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:50:52.0959 5772 aliide - ok
15:50:53.0049 5772 AMD External Events Utility (7842f4961f28022a881f85bb7494ac6d) C:\Windows\system32\atiesrxx.exe
15:50:53.0059 5772 AMD External Events Utility - ok
15:50:53.0119 5772 AMD FUEL Service - ok
15:50:53.0169 5772 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
15:50:53.0179 5772 AMD Reservation Manager - ok
15:50:53.0269 5772 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:50:53.0269 5772 amdide - ok
15:50:53.0329 5772 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
15:50:53.0329 5772 amdiox64 - ok
15:50:53.0419 5772 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:50:53.0429 5772 AmdK8 - ok
15:50:53.0860 5772 amdkmdag (cf5fc8d37f10c9c374ae6d990c9d2cd7) C:\Windows\system32\DRIVERS\atikmdag.sys
15:50:54.0110 5772 amdkmdag - ok
15:50:54.0270 5772 amdkmdap (2bd89cb34b67edc64e741aa3864d8c1a) C:\Windows\system32\DRIVERS\atikmpag.sys
15:50:54.0270 5772 amdkmdap - ok
15:50:54.0340 5772 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:50:54.0340 5772 AmdPPM - ok
15:50:54.0410 5772 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:50:54.0410 5772 amdsata - ok
15:50:54.0460 5772 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:50:54.0470 5772 amdsbs - ok
15:50:54.0560 5772 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:50:54.0560 5772 amdxata - ok
15:50:54.0660 5772 amd_sata (6363014d5e4ccd280fb4902ec3c2ccfe) C:\Windows\system32\DRIVERS\amd_sata.sys
15:50:54.0670 5772 amd_sata - ok
15:50:54.0720 5772 amd_xata (51a5aed2a4cceda6addcf3194c9b29eb) C:\Windows\system32\DRIVERS\amd_xata.sys
15:50:54.0750 5772 amd_xata - ok
15:50:54.0910 5772 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:50:54.0910 5772 AppID - ok
15:50:54.0960 5772 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:50:54.0960 5772 AppIDSvc - ok
15:50:55.0030 5772 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:50:55.0040 5772 Appinfo - ok
15:50:55.0160 5772 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:50:55.0160 5772 Apple Mobile Device - ok
15:50:55.0420 5772 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:50:55.0450 5772 arc - ok
15:50:55.0580 5772 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:50:55.0610 5772 arcsas - ok
15:50:55.0710 5772 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:50:55.0720 5772 AsyncMac - ok
15:50:55.0830 5772 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:50:55.0850 5772 atapi - ok
15:50:55.0990 5772 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
15:50:55.0990 5772 AtiHdmiService - ok
15:50:56.0120 5772 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
15:50:56.0120 5772 AtiPcie - ok
15:50:56.0230 5772 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:50:56.0240 5772 AudioEndpointBuilder - ok
15:50:56.0260 5772 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:50:56.0270 5772 AudioSrv - ok
15:50:56.0470 5772 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
15:50:56.0560 5772 AVGIDSAgent - ok
15:50:56.0780 5772 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:50:56.0790 5772 AVGIDSDriver - ok
15:50:56.0970 5772 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:50:56.0980 5772 AVGIDSEH - ok
15:50:57.0200 5772 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:50:57.0210 5772 AVGIDSFilter - ok
15:50:57.0380 5772 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
15:50:57.0390 5772 Avgldx64 - ok
15:50:57.0460 5772 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:50:57.0460 5772 Avgmfx64 - ok
15:50:57.0570 5772 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:50:57.0570 5772 Avgrkx64 - ok
15:50:57.0620 5772 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
15:50:57.0630 5772 Avgtdia - ok
15:50:57.0710 5772 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:50:57.0720 5772 avgwd - ok
15:50:57.0810 5772 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:50:57.0810 5772 AxInstSV - ok
15:50:58.0020 5772 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:50:58.0080 5772 b06bdrv - ok
15:50:58.0200 5772 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:50:58.0200 5772 b57nd60a - ok
15:50:58.0340 5772 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:50:58.0370 5772 BCM43XX - ok
15:50:58.0440 5772 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:50:58.0440 5772 BDESVC - ok
15:50:58.0550 5772 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:50:58.0550 5772 Beep - ok
15:50:58.0721 5772 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:50:58.0731 5772 BFE - ok
15:50:58.0791 5772 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:50:58.0841 5772 BITS - ok
15:50:58.0971 5772 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
15:50:58.0971 5772 blbdrive - ok
15:50:59.0171 5772 BNPagent (10ec619daca7951f4e5aefa63158a064) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
15:50:59.0261 5772 BNPagent - ok
15:50:59.0371 5772 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:50:59.0381 5772 Bonjour Service - ok
15:50:59.0491 5772 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:50:59.0491 5772 bowser - ok
15:50:59.0591 5772 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:50:59.0591 5772 BrFiltLo - ok
15:50:59.0671 5772 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:50:59.0671 5772 BrFiltUp - ok
15:50:59.0781 5772 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:50:59.0791 5772 BridgeMP - ok
15:50:59.0871 5772 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:50:59.0871 5772 Browser - ok
15:50:59.0921 5772 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:50:59.0931 5772 Brserid - ok
15:50:59.0961 5772 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:50:59.0961 5772 BrSerWdm - ok
15:51:00.0051 5772 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:51:00.0051 5772 BrUsbMdm - ok
15:51:00.0101 5772 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:51:00.0101 5772 BrUsbSer - ok
15:51:00.0181 5772 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:51:00.0191 5772 BTHMODEM - ok
15:51:00.0261 5772 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:51:00.0271 5772 bthserv - ok
15:51:00.0311 5772 catchme - ok
15:51:00.0411 5772 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:51:00.0411 5772 cdfs - ok
15:51:00.0491 5772 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:51:00.0501 5772 cdrom - ok
15:51:00.0641 5772 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:51:00.0641 5772 CertPropSvc - ok
15:51:00.0761 5772 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:51:00.0761 5772 circlass - ok
15:51:00.0811 5772 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:51:00.0821 5772 CLFS - ok
15:51:00.0891 5772 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:51:00.0891 5772 clr_optimization_v2.0.50727_32 - ok
15:51:00.0941 5772 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:51:00.0941 5772 clr_optimization_v2.0.50727_64 - ok
15:51:01.0041 5772 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:51:01.0051 5772 clr_optimization_v4.0.30319_32 - ok
15:51:01.0081 5772 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:51:01.0091 5772 clr_optimization_v4.0.30319_64 - ok
15:51:01.0191 5772 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
15:51:01.0191 5772 clwvd - ok
15:51:01.0261 5772 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:51:01.0261 5772 CmBatt - ok
15:51:01.0301 5772 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:51:01.0301 5772 cmdide - ok
15:51:01.0361 5772 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:51:01.0381 5772 CNG - ok
15:51:01.0481 5772 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:51:01.0481 5772 Compbatt - ok
15:51:01.0521 5772 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:51:01.0531 5772 CompositeBus - ok
15:51:01.0601 5772 COMSysApp - ok
15:51:01.0661 5772 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:51:01.0661 5772 crcdisk - ok
15:51:01.0771 5772 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:51:01.0781 5772 CryptSvc - ok
15:51:01.0851 5772 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:51:01.0861 5772 DcomLaunch - ok
15:51:01.0951 5772 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:51:01.0951 5772 defragsvc - ok
15:51:02.0021 5772 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:51:02.0031 5772 DfsC - ok
15:51:02.0141 5772 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:51:02.0151 5772 Dhcp - ok
15:51:02.0201 5772 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:51:02.0211 5772 discache - ok
15:51:02.0341 5772 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:51:02.0381 5772 Disk - ok
15:51:02.0421 5772 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:51:02.0431 5772 Dnscache - ok
15:51:02.0541 5772 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:51:02.0551 5772 dot3svc - ok
15:51:02.0581 5772 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:51:02.0581 5772 DPS - ok
15:51:02.0682 5772 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:51:02.0682 5772 drmkaud - ok
15:51:02.0802 5772 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:51:02.0812 5772 DXGKrnl - ok
15:51:02.0892 5772 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:51:02.0892 5772 EapHost - ok
15:51:03.0032 5772 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:51:03.0092 5772 ebdrv - ok
15:51:03.0172 5772 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:51:03.0172 5772 EFS - ok
15:51:03.0262 5772 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:51:03.0282 5772 ehRecvr - ok
15:51:03.0292 5772 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:51:03.0312 5772 ehSched - ok
15:51:03.0392 5772 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:51:03.0412 5772 elxstor - ok
15:51:03.0482 5772 EPSON_EB_RPCV4_04 (7db097f4f6786307168c0dddec43a565) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
15:51:03.0482 5772 EPSON_EB_RPCV4_04 - ok
15:51:03.0512 5772 EPSON_PM_RPCV4_04 (258aa65a0862e19b7de6981fda3758ad) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
15:51:03.0512 5772 EPSON_PM_RPCV4_04 - ok
15:51:03.0592 5772 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:51:03.0592 5772 ErrDev - ok
15:51:03.0692 5772 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:51:03.0702 5772 EventSystem - ok
15:51:03.0772 5772 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:51:03.0772 5772 exfat - ok
15:51:03.0862 5772 ezSharedSvc - ok
15:51:03.0912 5772 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:51:03.0912 5772 fastfat - ok
15:51:04.0022 5772 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:51:04.0032 5772 Fax - ok
15:51:04.0082 5772 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:51:04.0082 5772 fdc - ok
15:51:04.0162 5772 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:51:04.0162 5772 fdPHost - ok
15:51:04.0192 5772 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:51:04.0202 5772 FDResPub - ok
15:51:04.0252 5772 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:51:04.0252 5772 FileInfo - ok
15:51:04.0322 5772 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:51:04.0322 5772 Filetrace - ok
15:51:04.0432 5772 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:51:04.0442 5772 FLEXnet Licensing Service - ok
15:51:04.0542 5772 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:51:04.0542 5772 flpydisk - ok
15:51:04.0592 5772 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:51:04.0602 5772 FltMgr - ok
15:51:04.0652 5772 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:51:04.0682 5772 FontCache - ok
15:51:04.0773 5772 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:51:04.0773 5772 FontCache3.0.0.0 - ok
15:51:04.0843 5772 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:51:04.0843 5772 FsDepends - ok
15:51:04.0863 5772 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:51:04.0873 5772 Fs_Rec - ok
15:51:04.0963 5772 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:51:04.0963 5772 fvevol - ok
15:51:05.0063 5772 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:51:05.0063 5772 gagp30kx - ok
15:51:05.0163 5772 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:51:05.0173 5772 GamesAppService - ok
15:51:05.0263 5772 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:51:05.0263 5772 GEARAspiWDM - ok
15:51:05.0333 5772 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:51:05.0343 5772 gpsvc - ok
15:51:05.0433 5772 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:51:05.0433 5772 hcw85cir - ok
15:51:05.0483 5772 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:51:05.0483 5772 HdAudAddService - ok
15:51:05.0583 5772 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:51:05.0593 5772 HDAudBus - ok
15:51:05.0613 5772 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:51:05.0623 5772 HidBatt - ok
15:51:05.0753 5772 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:51:05.0773 5772 HidBth - ok
15:51:05.0853 5772 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:51:05.0853 5772 HidIr - ok
15:51:05.0883 5772 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:51:05.0893 5772 hidserv - ok
15:51:05.0993 5772 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:51:05.0993 5772 HidUsb - ok
15:51:06.0023 5772 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:51:06.0033 5772 hkmsvc - ok
15:51:06.0093 5772 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:51:06.0103 5772 HomeGroupListener - ok
15:51:06.0133 5772 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:51:06.0143 5772 HomeGroupProvider - ok
15:51:06.0223 5772 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:51:06.0223 5772 HP Health Check Service - ok
15:51:06.0273 5772 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
15:51:06.0283 5772 HPClientSvc - ok
15:51:06.0403 5772 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
15:51:06.0423 5772 hpCMSrv - ok
15:51:06.0453 5772 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:51:06.0463 5772 HPDrvMntSvc.exe - ok
15:51:06.0543 5772 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:51:06.0553 5772 hpqwmiex - ok
15:51:06.0673 5772 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:51:06.0683 5772 HpSAMD - ok
15:51:06.0774 5772 HPWMISVC (ead185acdcfd81bf2172cd6f36277d50) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
15:51:06.0774 5772 HPWMISVC - ok
15:51:06.0894 5772 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:51:06.0904 5772 HTTP - ok
15:51:06.0994 5772 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:51:06.0994 5772 hwpolicy - ok
15:51:07.0034 5772 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:51:07.0044 5772 i8042prt - ok
15:51:07.0164 5772 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:51:07.0174 5772 iaStorV - ok
15:51:07.0314 5772 IconMan_R (2c3cc41fefcb77e2826886e6b7ef93ae) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
15:51:07.0354 5772 IconMan_R - ok
15:51:07.0444 5772 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:51:07.0464 5772 idsvc - ok
15:51:07.0574 5772 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:51:07.0574 5772 iirsp - ok
15:51:07.0634 5772 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:51:07.0654 5772 IKEEXT - ok
15:51:07.0744 5772 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:51:07.0744 5772 intelide - ok
15:51:07.0764 5772 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
15:51:07.0774 5772 intelppm - ok
15:51:07.0814 5772 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:51:07.0814 5772 IPBusEnum - ok
15:51:07.0904 5772 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:51:07.0904 5772 IpFilterDriver - ok
15:51:07.0944 5772 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:51:07.0964 5772 iphlpsvc - ok
15:51:08.0034 5772 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:51:08.0034 5772 IPMIDRV - ok
15:51:08.0054 5772 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:51:08.0064 5772 IPNAT - ok
15:51:08.0144 5772 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
15:51:08.0154 5772 iPod Service - ok
15:51:08.0244 5772 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:51:08.0254 5772 IRENUM - ok
15:51:08.0264 5772 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:51:08.0274 5772 isapnp - ok
15:51:08.0324 5772 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:51:08.0344 5772 iScsiPrt - ok
15:51:08.0444 5772 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:51:08.0454 5772 kbdclass - ok
15:51:08.0564 5772 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:51:08.0564 5772 kbdhid - ok
15:51:08.0604 5772 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:51:08.0604 5772 KeyIso - ok
15:51:08.0684 5772 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:51:08.0694 5772 KSecDD - ok
15:51:08.0774 5772 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:51:08.0784 5772 KSecPkg - ok
15:51:08.0884 5772 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:51:08.0884 5772 ksthunk - ok
15:51:08.0924 5772 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:51:08.0934 5772 KtmRm - ok
15:51:09.0044 5772 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:51:09.0054 5772 LanmanServer - ok
15:51:09.0114 5772 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:51:09.0114 5772 LanmanWorkstation - ok
15:51:09.0234 5772 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:51:09.0234 5772 lltdio - ok
15:51:09.0274 5772 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:51:09.0284 5772 lltdsvc - ok
15:51:09.0354 5772 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:51:09.0354 5772 lmhosts - ok
15:51:09.0414 5772 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:51:09.0414 5772 LSI_FC - ok
15:51:09.0464 5772 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:51:09.0474 5772 LSI_SAS - ok
15:51:09.0484 5772 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:51:09.0504 5772 LSI_SAS2 - ok
15:51:09.0534 5772 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:51:09.0534 5772 LSI_SCSI - ok
15:51:09.0614 5772 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:51:09.0614 5772 luafv - ok
15:51:09.0724 5772 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
15:51:09.0724 5772 MBAMProtector - ok
15:51:09.0824 5772 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:51:09.0834 5772 MBAMService - ok
15:51:09.0924 5772 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:51:09.0934 5772 Mcx2Svc - ok
15:51:09.0964 5772 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:51:09.0974 5772 megasas - ok
15:51:10.0064 5772 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:51:10.0064 5772 MegaSR - ok
15:51:10.0174 5772 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:51:10.0174 5772 Microsoft Office Groove Audit Service - ok
15:51:10.0244 5772 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:51:10.0254 5772 MMCSS - ok
15:51:10.0294 5772 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:51:10.0304 5772 Modem - ok
15:51:10.0424 5772 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:51:10.0434 5772 monitor - ok
15:51:10.0474 5772 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:51:10.0484 5772 mouclass - ok
15:51:10.0634 5772 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
15:51:10.0634 5772 mouhid - ok
15:51:10.0704 5772 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:51:10.0704 5772 mountmgr - ok
15:51:10.0744 5772 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:51:10.0744 5772 mpio - ok
15:51:10.0764 5772 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:51:10.0784 5772 mpsdrv - ok
15:51:10.0854 5772 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:51:10.0884 5772 MpsSvc - ok
15:51:10.0934 5772 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:51:10.0934 5772 MRxDAV - ok
15:51:10.0994 5772 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:51:11.0004 5772 mrxsmb - ok
15:51:11.0054 5772 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:51:11.0064 5772 mrxsmb10 - ok
15:51:11.0114 5772 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:51:11.0124 5772 mrxsmb20 - ok
15:51:11.0184 5772 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:51:11.0184 5772 msahci - ok
15:51:11.0234 5772 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:51:11.0244 5772 msdsm - ok
15:51:11.0294 5772 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:51:11.0304 5772 MSDTC - ok
15:51:11.0364 5772 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:51:11.0374 5772 Msfs - ok
15:51:11.0424 5772 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:51:11.0434 5772 mshidkmdf - ok
15:51:11.0484 5772 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:51:11.0484 5772 msisadrv - ok
15:51:11.0534 5772 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:51:11.0534 5772 MSiSCSI - ok
15:51:11.0574 5772 msiserver - ok
15:51:11.0624 5772 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:51:11.0624 5772 MSKSSRV - ok
15:51:11.0654 5772 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:51:11.0654 5772 MSPCLOCK - ok
15:51:11.0674 5772 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:51:11.0674 5772 MSPQM - ok
15:51:11.0694 5772 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:51:11.0714 5772 MsRPC - ok
15:51:11.0764 5772 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:51:11.0764 5772 mssmbios - ok
15:51:11.0804 5772 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:51:11.0814 5772 MSTEE - ok
15:51:11.0834 5772 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:51:11.0844 5772 MTConfig - ok
15:51:11.0964 5772 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:51:11.0994 5772 Mup - ok
15:51:12.0104 5772 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:51:12.0134 5772 napagent - ok
15:51:12.0314 5772 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:51:12.0324 5772 NativeWifiP - ok
15:51:12.0544 5772 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
15:51:12.0564 5772 NDIS - ok
15:51:12.0704 5772 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:51:12.0714 5772 NdisCap - ok
15:51:12.0934 5772 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:51:12.0934 5772 NdisTapi - ok
15:51:13.0044 5772 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:51:13.0044 5772 Ndisuio - ok
15:51:13.0124 5772 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:51:13.0124 5772 NdisWan - ok
15:51:13.0234 5772 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:51:13.0234 5772 NDProxy - ok
15:51:13.0364 5772 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:51:13.0394 5772 NetBIOS - ok
15:51:13.0524 5772 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:51:13.0564 5772 NetBT - ok
15:51:13.0654 5772 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:51:13.0664 5772 Netlogon - ok
15:51:13.0765 5772 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:51:13.0775 5772 Netman - ok
15:51:13.0975 5772 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:51:13.0995 5772 netprofm - ok
15:51:14.0085 5772 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:51:14.0085 5772 NetTcpPortSharing - ok
15:51:14.0205 5772 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:51:14.0205 5772 nfrd960 - ok
15:51:14.0295 5772 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:51:14.0315 5772 NlaSvc - ok
15:51:14.0375 5772 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:51:14.0375 5772 Npfs - ok
15:51:14.0455 5772 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:51:14.0465 5772 nsi - ok
15:51:14.0515 5772 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:51:14.0515 5772 nsiproxy - ok
15:51:14.0725 5772 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:51:14.0755 5772 Ntfs - ok
15:51:14.0825 5772 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:51:14.0835 5772 Null - ok
15:51:14.0885 5772 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
15:51:14.0905 5772 NVENETFD - ok
15:51:14.0975 5772 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:51:14.0985 5772 nvraid - ok
15:51:15.0035 5772 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:51:15.0035 5772 nvstor - ok
15:51:15.0095 5772 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:51:15.0105 5772 nv_agp - ok
15:51:15.0225 5772 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:51:15.0245 5772 odserv - ok
15:51:15.0325 5772 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:51:15.0325 5772 ohci1394 - ok
15:51:15.0445 5772 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:51:15.0445 5772 ose - ok
15:51:15.0545 5772 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:51:15.0545 5772 p2pimsvc - ok
15:51:15.0575 5772 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:51:15.0585 5772 p2psvc - ok
15:51:15.0655 5772 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:51:15.0655 5772 Parport - ok
15:51:15.0675 5772 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:51:15.0685 5772 partmgr - ok
15:51:15.0775 5772 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:51:15.0785 5772 PcaSvc - ok
15:51:15.0825 5772 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:51:15.0835 5772 pci - ok
15:51:15.0895 5772 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:51:15.0895 5772 pciide - ok
15:51:15.0925 5772 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:51:15.0935 5772 pcmcia - ok
15:51:15.0965 5772 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:51:15.0965 5772 pcw - ok
15:51:16.0035 5772 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:51:16.0055 5772 PEAUTH - ok
15:51:16.0115 5772 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:51:16.0115 5772 PerfHost - ok
15:51:16.0215 5772 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:51:16.0265 5772 pla - ok
15:51:16.0335 5772 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:51:16.0355 5772 PlugPlay - ok
15:51:16.0375 5772 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:51:16.0385 5772 PNRPAutoReg - ok
15:51:16.0405 5772 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:51:16.0415 5772 PNRPsvc - ok
15:51:16.0505 5772 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:51:16.0515 5772 PolicyAgent - ok
15:51:16.0565 5772 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:51:16.0575 5772 Power - ok
15:51:16.0755 5772 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:51:16.0755 5772 PptpMiniport - ok
15:51:16.0795 5772 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:51:16.0795 5772 Processor - ok
15:51:16.0835 5772 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:51:16.0845 5772 ProfSvc - ok
15:51:16.0915 5772 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:51:16.0915 5772 ProtectedStorage - ok
15:51:16.0965 5772 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:51:16.0975 5772 Psched - ok
15:51:17.0095 5772 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:51:17.0125 5772 ql2300 - ok
15:51:17.0205 5772 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:51:17.0215 5772 ql40xx - ok
15:51:17.0255 5772 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:51:17.0265 5772 QWAVE - ok
15:51:17.0355 5772 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:51:17.0355 5772 QWAVEdrv - ok
15:51:17.0365 5772 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:51:17.0375 5772 RasAcd - ok
15:51:17.0445 5772 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:51:17.0445 5772 RasAgileVpn - ok
15:51:17.0495 5772 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:51:17.0495 5772 RasAuto - ok
15:51:17.0575 5772 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:51:17.0575 5772 Rasl2tp - ok
15:51:17.0635 5772 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:51:17.0645 5772 RasMan - ok
15:51:17.0715 5772 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:51:17.0725 5772 RasPppoe - ok
15:51:17.0775 5772 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:51:17.0785 5772 RasSstp - ok
15:51:17.0805 5772 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:51:17.0805 5772 rdbss - ok
15:51:17.0825 5772 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:51:17.0825 5772 rdpbus - ok
15:51:17.0895 5772 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:51:17.0895 5772 RDPCDD - ok
15:51:17.0945 5772 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:51:17.0945 5772 RDPENCDD - ok
15:51:18.0025 5772 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:51:18.0035 5772 RDPREFMP - ok
15:51:18.0075 5772 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:51:18.0085 5772 RDPWD - ok
15:51:18.0175 5772 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:51:18.0185 5772 rdyboost - ok
15:51:18.0235 5772 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:51:18.0245 5772 RemoteAccess - ok
15:51:18.0315 5772 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:51:18.0315 5772 RemoteRegistry - ok
15:51:18.0405 5772 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
15:51:18.0415 5772 RoxioNow Service - ok
15:51:18.0515 5772 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:51:18.0515 5772 RpcEptMapper - ok
15:51:18.0555 5772 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:51:18.0565 5772 RpcLocator - ok
15:51:18.0595 5772 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:51:18.0615 5772 RpcSs - ok
15:51:18.0735 5772 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys
15:51:18.0745 5772 RSPCIESTOR - ok
15:51:18.0815 5772 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:51:18.0815 5772 rspndr - ok
15:51:18.0925 5772 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:51:18.0945 5772 RTL8167 - ok
15:51:19.0035 5772 RTL8192Ce (5fa2f4f658fca7816a5ff6980b95c5f9) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
15:51:19.0065 5772 RTL8192Ce - ok
15:51:19.0105 5772 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:51:19.0105 5772 SamSs - ok
15:51:19.0165 5772 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:51:19.0165 5772 sbp2port - ok
15:51:19.0245 5772 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:51:19.0255 5772 SCardSvr - ok
15:51:19.0315 5772 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:51:19.0325 5772 scfilter - ok
15:51:19.0405 5772 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:51:19.0445 5772 Schedule - ok
15:51:19.0505 5772 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:51:19.0505 5772 SCPolicySvc - ok
15:51:19.0555 5772 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
15:51:19.0565 5772 sdbus - ok
15:51:19.0625 5772 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:51:19.0635 5772 SDRSVC - ok
15:51:19.0695 5772 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:51:19.0705 5772 secdrv - ok
15:51:19.0755 5772 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:51:19.0765 5772 seclogon - ok
15:51:19.0805 5772 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:51:19.0815 5772 SENS - ok
15:51:19.0855 5772 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:51:19.0855 5772 SensrSvc - ok
15:51:19.0915 5772 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:51:19.0915 5772 Serenum - ok
15:51:19.0965 5772 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:51:19.0975 5772 Serial - ok
15:51:20.0055 5772 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:51:20.0055 5772 sermouse - ok
15:51:20.0115 5772 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:51:20.0115 5772 SessionEnv - ok
15:51:20.0175 5772 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:51:20.0185 5772 sffdisk - ok
15:51:20.0215 5772 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:51:20.0235 5772 sffp_mmc - ok
15:51:20.0245 5772 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:51:20.0245 5772 sffp_sd - ok
15:51:20.0265 5772 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:51:20.0275 5772 sfloppy - ok
15:51:20.0315 5772 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:51:20.0325 5772 SharedAccess - ok
15:51:20.0385 5772 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:51:20.0405 5772 ShellHWDetection - ok
15:51:20.0475 5772 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:51:20.0495 5772 SiSRaid2 - ok
15:51:20.0545 5772 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:51:20.0555 5772 SiSRaid4 - ok
15:51:20.0675 5772 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:51:20.0685 5772 SkypeUpdate - ok
15:51:20.0785 5772 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:51:20.0785 5772 Smb - ok
15:51:20.0855 5772 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:51:20.0855 5772 SNMPTRAP - ok
15:51:20.0925 5772 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:51:20.0925 5772 spldr - ok
15:51:20.0965 5772 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:51:20.0975 5772 Spooler - ok
15:51:21.0085 5772 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:51:21.0145 5772 sppsvc - ok
15:51:21.0235 5772 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:51:21.0245 5772 sppuinotify - ok
15:51:21.0305 5772 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:51:21.0315 5772 srv - ok
15:51:21.0395 5772 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:51:21.0415 5772 srv2 - ok
15:51:21.0495 5772 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:51:21.0505 5772 SrvHsfHDA - ok
15:51:21.0555 5772 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:51:21.0595 5772 SrvHsfV92 - ok
15:51:21.0705 5772 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:51:21.0715 5772 SrvHsfWinac - ok
15:51:21.0785 5772 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:51:21.0785 5772 srvnet - ok
15:51:21.0855 5772 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:51:21.0865 5772 SSDPSRV - ok
15:51:21.0905 5772 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:51:21.0915 5772 SstpSvc - ok
15:51:22.0015 5772 STacSV (293a556e04f815477ae93e07b35065e6) C:\Program Files\IDT\WDM\STacSV64.exe
15:51:22.0025 5772 STacSV - ok
15:51:22.0115 5772 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:51:22.0115 5772 stexstor - ok
15:51:22.0265 5772 STHDA (aa3c0336514c239a171f00a6902b59b8) C:\Windows\system32\DRIVERS\stwrt64.sys
15:51:22.0275 5772 STHDA - ok
15:51:22.0385 5772 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:51:22.0395 5772 stisvc - ok
15:51:22.0445 5772 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:51:22.0445 5772 swenum - ok
15:51:22.0585 5772 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:51:22.0605 5772 swprv - ok
15:51:22.0825 5772 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
15:51:22.0865 5772 SynTP - ok
15:51:22.0995 5772 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:51:23.0025 5772 SysMain - ok
15:51:23.0095 5772 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:51:23.0105 5772 TabletInputService - ok
15:51:23.0125 5772 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:51:23.0135 5772 TapiSrv - ok
15:51:23.0175 5772 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:51:23.0175 5772 TBS - ok
15:51:23.0355 5772 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:51:23.0405 5772 Tcpip - ok
15:51:23.0545 5772 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:51:23.0575 5772 TCPIP6 - ok
15:51:23.0665 5772 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:51:23.0665 5772 tcpipreg - ok
15:51:23.0715 5772 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:51:23.0715 5772 TDPIPE - ok
15:51:23.0795 5772 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:51:23.0805 5772 TDTCP - ok
15:51:23.0835 5772 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:51:23.0835 5772 tdx - ok
15:51:23.0895 5772 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:51:23.0905 5772 TermDD - ok
15:51:23.0945 5772 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:51:23.0975 5772 TermService - ok
15:51:24.0015 5772 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:51:24.0015 5772 Themes - ok
15:51:24.0065 5772 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:51:24.0075 5772 THREADORDER - ok
15:51:24.0105 5772 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:51:24.0115 5772 TrkWks - ok
15:51:24.0155 5772 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:51:24.0155 5772 TrustedInstaller - ok
15:51:24.0225 5772 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:51:24.0235 5772 tssecsrv - ok
15:51:24.0285 5772 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:51:24.0295 5772 TsUsbFlt - ok
15:51:24.0365 5772 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:51:24.0365 5772 TsUsbGD - ok
15:51:24.0405 5772 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:51:24.0405 5772 tunnel - ok
15:51:24.0505 5772 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:51:24.0515 5772 uagp35 - ok
15:51:24.0575 5772 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:51:24.0585 5772 udfs - ok
15:51:24.0675 5772 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:51:24.0675 5772 UI0Detect - ok
15:51:24.0775 5772 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:51:24.0785 5772 uliagpkx - ok
15:51:24.0835 5772 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:51:24.0835 5772 umbus - ok
15:51:24.0885 5772 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:51:24.0905 5772 UmPass - ok
15:51:24.0965 5772 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:51:24.0975 5772 upnphost - ok
15:51:25.0085 5772 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:51:25.0105 5772 USBAAPL64 - ok
15:51:25.0155 5772 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:51:25.0155 5772 usbccgp - ok
15:51:25.0225 5772 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:51:25.0235 5772 usbcir - ok
15:51:25.0285 5772 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:51:25.0285 5772 usbehci - ok
15:51:25.0345 5772 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys
15:51:25.0345 5772 usbfilter - ok
15:51:25.0425 5772 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:51:25.0435 5772 usbhub - ok
15:51:25.0475 5772 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:51:25.0485 5772 usbohci - ok
15:51:25.0555 5772 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:51:25.0555 5772 usbprint - ok
15:51:25.0615 5772 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:51:25.0615 5772 usbscan - ok
15:51:25.0675 5772 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:51:25.0675 5772 USBSTOR - ok
15:51:25.0725 5772 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:51:25.0735 5772 usbuhci - ok
15:51:25.0806 5772 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:51:25.0816 5772 usbvideo - ok
15:51:25.0856 5772 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:51:25.0866 5772 UxSms - ok
15:51:25.0926 5772 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:51:25.0926 5772 VaultSvc - ok
15:51:25.0956 5772 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:51:25.0976 5772 vdrvroot - ok
15:51:26.0036 5772 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:51:26.0046 5772 vds - ok
15:51:26.0116 5772 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:51:26.0116 5772 vga - ok
15:51:26.0156 5772 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:51:26.0166 5772 VgaSave - ok
15:51:26.0236 5772 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:51:26.0246 5772 vhdmp - ok
15:51:26.0266 5772 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:51:26.0286 5772 viaide - ok
15:51:26.0306 5772 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:51:26.0316 5772 volmgr - ok
15:51:26.0376 5772 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:51:26.0386 5772 volmgrx - ok
15:51:26.0406 5772 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:51:26.0416 5772 volsnap - ok
15:51:26.0536 5772 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:51:26.0546 5772 vsmraid - ok
15:51:26.0716 5772 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:51:26.0766 5772 VSS - ok
15:51:26.0886 5772 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:51:26.0886 5772 vwifibus - ok
15:51:26.0956 5772 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:51:26.0956 5772 vwififlt - ok
15:51:27.0006 5772 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:51:27.0036 5772 W32Time - ok
15:51:27.0106 5772 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:51:27.0106 5772 WacomPen - ok
15:51:27.0206 5772 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:51:27.0226 5772 WANARP - ok
15:51:27.0266 5772 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:51:27.0266 5772 Wanarpv6 - ok
15:51:27.0426 5772 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:51:27.0456 5772 WatAdminSvc - ok
15:51:27.0606 5772 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:51:27.0706 5772 wbengine - ok
15:51:27.0766 5772 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:51:27.0776 5772 WbioSrvc - ok
15:51:27.0796 5772 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:51:27.0811 5772 wcncsvc - ok
15:51:27.0821 5772 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:51:27.0821 5772 WcsPlugInService - ok
15:51:27.0861 5772 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:51:27.0861 5772 Wd - ok
15:51:27.0931 5772 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:51:27.0941 5772 Wdf01000 - ok
15:51:27.0971 5772 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:51:27.0971 5772 WdiServiceHost - ok
15:51:27.0981 5772 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:51:27.0981 5772 WdiSystemHost - ok
15:51:28.0041 5772 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:51:28.0051 5772 WebClient - ok
15:51:28.0071 5772 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:51:28.0081 5772 Wecsvc - ok
15:51:28.0111 5772 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:51:28.0111 5772 wercplsupport - ok
15:51:28.0181 5772 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:51:28.0191 5772 WerSvc - ok
15:51:28.0241 5772 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:51:28.0241 5772 WfpLwf - ok
15:51:28.0301 5772 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:51:28.0301 5772 WIMMount - ok
15:51:28.0381 5772 WinDefend - ok
15:51:28.0391 5772 WinHttpAutoProxySvc - ok
15:51:28.0491 5772 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:51:28.0491 5772 Winmgmt - ok
15:51:28.0571 5772 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:51:28.0621 5772 WinRM - ok
15:51:28.0751 5772 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:51:28.0761 5772 WinUsb - ok
15:51:28.0831 5772 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:51:28.0851 5772 Wlansvc - ok
15:51:28.0903 5772 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:51:28.0903 5772 wlcrasvc - ok
15:51:29.0003 5772 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:51:29.0033 5772 wlidsvc - ok
15:51:29.0113 5772 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:51:29.0113 5772 WmiAcpi - ok
15:51:29.0223 5772 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:51:29.0223 5772 wmiApSrv - ok
15:51:29.0313 5772 WMPNetworkSvc - ok
15:51:29.0393 5772 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:51:29.0393 5772 WPCSvc - ok
15:51:29.0413 5772 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:51:29.0413 5772 WPDBusEnum - ok
15:51:29.0453 5772 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:51:29.0453 5772 ws2ifsl - ok
15:51:29.0523 5772 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:51:29.0523 5772 wscsvc - ok
15:51:29.0533 5772 WSearch - ok
15:51:29.0603 5772 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:51:29.0633 5772 wuauserv - ok
15:51:29.0723 5772 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:51:29.0733 5772 WudfPf - ok
15:51:29.0843 5772 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:51:29.0853 5772 WUDFRd - ok
15:51:29.0953 5772 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:51:29.0963 5772 wudfsvc - ok
15:51:30.0043 5772 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:51:30.0053 5772 WwanSvc - ok
15:51:30.0093 5772 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
15:51:30.0133 5772 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:51:30.0133 5772 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:51:30.0163 5772 Boot (0x1200) (1dc9370e5575e97dd513e5dac0ebc22b) \Device\Harddisk0\DR0\Partition0
15:51:30.0173 5772 \Device\Harddisk0\DR0\Partition0 - ok
15:51:30.0203 5772 Boot (0x1200) (bcec5e64fd8e471e3663d10c782439da) \Device\Harddisk0\DR0\Partition1
15:51:30.0223 5772 \Device\Harddisk0\DR0\Partition1 - ok
15:51:30.0253 5772 Boot (0x1200) (a407d68d22f89f5c62b13a6b96d09720) \Device\Harddisk0\DR0\Partition2
15:51:30.0323 5772 \Device\Harddisk0\DR0\Partition2 - ok
15:51:30.0353 5772 Boot (0x1200) (fe725fef31ceced69d261689c941fc9c) \Device\Harddisk0\DR0\Partition3
15:51:30.0383 5772 \Device\Harddisk0\DR0\Partition3 - ok
15:51:30.0383 5772 ============================================================
15:51:30.0383 5772 Scan finished
15:51:30.0383 5772 ============================================================
15:51:30.0413 1888 Detected object count: 1
15:51:30.0413 1888 Actual detected object count: 1
15:51:38.0805 1888 \Device\Harddisk0\DR0\# - copied to quarantine
15:51:38.0805 1888 \Device\Harddisk0\DR0 - copied to quarantine
15:51:38.0875 1888 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:51:38.0885 1888 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
15:51:38.0895 1888 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:51:38.0895 1888 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:51:38.0915 1888 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
15:51:38.0925 1888 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
15:51:38.0925 1888 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
15:51:38.0935 1888 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
15:51:38.0935 1888 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
15:51:38.0935 1888 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
15:51:38.0945 1888 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
15:51:38.0945 1888 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
15:51:38.0975 1888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
15:51:39.0025 1888 \Device\Harddisk0\DR0 - ok
15:51:39.0955 1888 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
15:51:45.0822 5212 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-25 15:58:22
-----------------------------
15:58:22.814 OS Version: Windows x64 6.1.7601 Service Pack 1
15:58:22.814 Number of processors: 2 586 0x603
15:58:22.814 ComputerName: SUSAN-HP UserName: Susan
15:58:24.935 Initialize success
15:58:39.176 AVAST engine download error: 0
15:58:46.430 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
15:58:46.445 Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 11
15:58:46.461 Disk 0 MBR read successfully
15:58:46.461 Disk 0 MBR scan
15:58:46.461 Disk 0 Windows 7 default MBR code
15:58:46.477 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
15:58:46.492 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 462803 MB offset 409600
15:58:46.523 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13833 MB offset 948230144
15:58:46.539 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
15:58:46.570 Disk 0 scanning C:\Windows\system32\drivers
15:58:55.649 Service scanning
15:59:18.207 Modules scanning
15:59:18.223 Disk 0 trace - called modules:
15:59:18.238 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
15:59:18.254 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042dd060]
15:59:18.269 3 CLASSPNP.SYS[fffff8800195143f] -> nt!IofCallDriver -> [0xfffffa800426b040]
15:59:18.285 5 amd_xata.sys[fffff880010a2900] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa8004266190]
15:59:18.301 Scan finished successfully
16:00:02.683 Disk 0 MBR has been saved successfully to "C:\Users\Susan\Desktop\MBR.dat"
16:00:02.698 The log file has been saved successfully to "C:\Users\Susan\Desktop\aswMBR.txt"


I ran both scans and there was no problem with either of them, but when running the aswMBR scan a Malwarebytes pop up came up asking to quarantine a virus which I did do.

-psu2014

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 26 March 2012 - 03:09 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 psu2014

psu2014
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 26 March 2012 - 03:45 PM

ComboFix 12-03-26.02 - Susan 03/25/2012 16:17:29.8.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2540 [GMT -4:00]
Running from: c:\users\Susan\Desktop\ComboFix.exe
Command switches used :: c:\users\Susan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-25 21:13 . 2012-03-25 21:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-25 21:13 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 20:25 . 2012-03-25 20:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-25 19:51 . 2012-03-25 19:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-24 15:05 . 2012-03-25 20:26 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-24 03:26 . 2012-03-24 03:30 691 ----a-w- c:\users\Susan\AppData\Roaming\GetValue.vbs
2012-03-24 03:26 . 2012-03-24 03:30 35 ----a-w- c:\users\Susan\AppData\Roaming\SetValue.bat
2012-03-24 01:08 . 2012-03-25 07:33 -------- d-----w- c:\users\Susan\AppData\Roaming\Malwarebytes
2012-03-24 01:08 . 2012-03-25 07:31 -------- d-----w- c:\programdata\Malwarebytes
2012-03-21 13:41 . 2012-03-21 13:43 -------- d-----w- c:\users\Susan\AppData\Roaming\AVG
2012-03-21 13:21 . 2012-03-21 13:31 -------- d-----w- c:\users\Susan\AppData\Roaming\PCPro
2012-03-21 13:21 . 2012-03-21 13:21 -------- d-----w- c:\users\Susan\AppData\Roaming\PC Cleaners
2012-03-21 13:21 . 2012-03-21 13:21 -------- d-----w- c:\programdata\PC1Data
2012-03-18 21:17 . 2012-03-18 21:17 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\C5F1.tmp
2012-02-29 01:08 . 2012-02-29 01:08 -------- d-----w- c:\program files (x86)\Origin Games
2012-02-29 01:08 . 2012-02-29 01:08 -------- d-----w- c:\users\Susan\AppData\Local\Origin
2012-02-29 00:55 . 2012-03-19 17:46 -------- d-----w- c:\programdata\EA Core
2012-02-29 00:11 . 2012-02-29 01:08 -------- d-----w- c:\users\Susan\AppData\Roaming\Origin
2012-02-29 00:10 . 2012-02-29 01:08 -------- d-----w- c:\programdata\Origin
2012-02-29 00:08 . 2012-03-19 17:46 -------- d-----w- c:\program files (x86)\Origin
2012-02-28 23:59 . 2012-03-19 17:46 -------- d-----w- c:\programdata\Electronic Arts
2012-02-28 23:14 . 2006-09-28 21:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-02-28 23:14 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-02-28 22:55 . 2012-03-21 16:53 -------- d-----w- c:\program files (x86)\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 04:20 . 2012-01-23 04:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-20 13:54 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-17 09:39 . 2012-01-22 20:07 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47859939-AF99-41BE-9585-058DABE6DC9E}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-24_02.26.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-25 02:55 . 2012-03-25 18:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-25 13:14 . 2012-03-25 18:11 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032520120326\index.dat
+ 2012-03-24 15:07 . 2012-03-25 02:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032420120325\index.dat
+ 2012-03-23 21:29 . 2012-03-24 03:37 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032320120324\index.dat
+ 2012-03-19 14:02 . 2012-03-25 18:11 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-03-19 14:02 . 2012-03-24 01:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:24 . 2010-11-21 03:24 37376 c:\windows\system32\wups2(7).dll
+ 2010-11-21 03:09 . 2012-03-25 19:54 40672 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-25 19:54 49408 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-20 13:54 . 2012-03-25 19:54 10874 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-62563193-1554576102-3946920395-1002_UserData.bin
+ 2009-07-14 00:17 . 2009-07-14 01:40 24576 c:\windows\system32\drprov(2).dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 58880 c:\windows\system32\browcli(1).dll
+ 2009-07-14 04:46 . 2012-03-25 03:07 97496 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-31 13:43 . 2012-03-24 02:58 3234 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-25 20:26 . 2012-03-25 20:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-24 02:25 . 2012-03-24 02:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-25 20:26 . 2012-03-25 20:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-24 02:25 . 2012-03-24 02:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-25 02:55 . 2012-03-25 18:11 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-22 22:04 . 2012-03-25 16:27 267284 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-03-24 01:47 627082 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-25 19:57 627082 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-24 01:47 107366 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-25 19:57 107366 c:\windows\system32\perfc009.dat
+ 2009-07-14 00:09 . 2009-07-14 01:40 324096 c:\windows\system32\FWPUCLNT(5).DLL
+ 2009-07-14 00:08 . 2009-07-14 01:40 748032 c:\windows\system32\FirewallAPI(4).dll
+ 2009-07-14 00:08 . 2009-07-14 01:40 101376 c:\windows\system32\fdWCN(3).dll
- 2009-07-14 05:38 . 2012-03-24 01:22 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2012-03-25 07:36 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:01 . 2012-03-24 02:25 456352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-25 20:25 456352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-25 14:00 . 2012-03-25 14:00 584192 c:\windows\Installer\2f8319.msi
+ 2012-03-25 02:52 . 2012-03-25 18:11 3686400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-21 03:24 . 2010-11-21 03:24 2621952 c:\windows\system32\wucltux(6).dll
+ 2009-07-14 02:34 . 2012-03-25 18:03 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-01-29 22:49 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-11-07 19:11 . 2012-03-25 20:25 1508768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-11-07 19:11 . 2012-03-24 01:19 1508768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-01-20 17:07 . 2012-03-24 02:25 4178424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-62563193-1554576102-3946920395-1002-12288.dat
+ 2012-01-20 17:07 . 2012-03-24 02:58 4178424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-62563193-1554576102-3946920395-1002-12288.dat
- 2012-03-19 00:35 . 2012-03-24 02:25 2263620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-03-19 00:35 . 2012-03-25 19:52 2263620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-03-25 18:11 10076160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-24 02:26 10076160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-20 17:07 . 2012-03-25 20:25 31459108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-62563193-1554576102-3946920395-1002-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-28 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-03-30 586808]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-03-30 319544]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"bncsaui.exe"="c:\program files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe" [2011-10-28 2625304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-28 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BNPagent;Bradford Persistent Agent Service;c:\program files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [2011-10-28 3079960]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-03-30 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-01-14 1751656]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\HPCeeScheduleForSUSAN-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-03-19 c:\windows\Tasks\HPCeeScheduleForSusan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-17 525312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 158.136.1.154 158.136.1.92 158.136.1.101 158.136.64.54
FF - ProfilePath - c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\7136meei.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-03-25 16:31:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-25 20:31
ComboFix2.txt 2012-03-25 18:08
ComboFix3.txt 2012-03-24 02:35
.
Pre-Run: 402,402,885,632 bytes free
Post-Run: 402,324,774,912 bytes free
.
- - End Of File - - 176F30A2B4F47CF59DC7AE94FD9FD1A9

There were no problems when running the scan and the computer seems to be running pretty good. I have not been redirected from google to happili or any place else and I have not gotten any virus pop ups.

-psu2014

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 26 March 2012 - 03:56 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 psu2014

psu2014
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 26 March 2012 - 03:59 PM

Here's the report

Update for Microsoft Office 2007 (KB2508958)
ActiveCheck component for HP Active Support Library
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X MUI
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Bejeweled 3
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Bradford Persistent Agent
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
EPSON Scan
ESU for Microsoft Windows 7
Evernote v. 4.2.2
Farm Frenzy
FATE - The Traitor Soul
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
IDT Audio
Junk Mail filter update
Mah Jong Medley
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Origin
PDF Settings
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype™ 5.8
Slingo Supreme
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 Pets
The Sims™ 3 World Adventures
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Zuma Deluxe

-psu2014

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 26 March 2012 - 07:04 PM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 psu2014

psu2014
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 26 March 2012 - 08:24 PM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.26.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Susan :: SUSAN-HP [administrator]

Protection: Enabled

3/25/2012 8:42:36 PM
mbam-log-2012-03-25 (20-42-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194736
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:16:14 PM, on 3/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Susan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12020 bytes


I posted the two logs, malwarebytes ran without a problem, but hijackthis gave me issues when trying to get it to run as an administrator. I got it to work though!

The computer has been running great with no issues!

-psu2014

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 26 March 2012 - 08:40 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 psu2014

psu2014
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 27 March 2012 - 02:09 PM

The log as requested:

C:\Program Files (x86)\Mozilla Firefox\SmitfraudFix\Process.exe Win32/PrcView application
C:\Program Files (x86)\Mozilla Firefox\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
C:\ProgramData\Microsoft\Windows\DRM\C5F1.tmp Win64/Olmarik.AH trojan
C:\Qoobox\Quarantine\C\Windows\SysWOW64\Process.exe.vir Win32/PrcView application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Mozilla Firefox\SmitfraudFix\Process.exe Win32/PrcView application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Mozilla Firefox\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
C:\System Volume Information\SystemRestore\FRStaging\Users\Susan\Downloads\SmitfraudFix.exe multiple threats
C:\System Volume Information\SystemRestore\FRStaging\Users\Susan\Downloads\SmitfraudFix\Process.exe Win32/PrcView application
C:\System Volume Information\SystemRestore\FRStaging\Users\Susan\Downloads\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\Process.exe Win32/PrcView application
C:\TDSSKiller_Quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KB trojan
C:\TDSSKiller_Quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan
C:\Users\All Users\Microsoft\Windows\DRM\C5F1.tmp Win64/Olmarik.AH trojan
C:\Users\Susan\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120321094327331.rsc multiple threats

-psu2014

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 27 March 2012 - 05:39 PM

Greetings

There are somethings in the online scan I want to remove so run this scrript for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Program Files (x86)\Mozilla Firefox\SmitfraudFix
C:\ProgramData\Microsoft\Windows\DRM
C:\TDSSKiller_Quarantine
C:\Users\All Users\Microsoft\Windows\DRM


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer



"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 psu2014

psu2014
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 27 March 2012 - 07:05 PM

ComboFix 12-03-26.02 - Susan 03/26/2012 19:09:43.9.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2017 [GMT -4:00]
Running from: c:\users\Susan\Desktop\ComboFix.exe
Command switches used :: c:\users\Susan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\SmitfraudFix
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\404Fix.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\Agent.OMZ.Fix.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\beep_2K_original.sys
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\beep_XP_original.sys
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\dumphive.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\exit.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\GenericRenosFix.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\HostsChk.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\IEDFix.C.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\IEDFix.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\o4Patch.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\Policies.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\Process.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\ProxyDisable.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\Reboot.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\restart.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\SmitfraudFix.cmd
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\SmiUpdate.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\SrchSTS.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\swreg.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\swsc.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\swxcacls.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\UIFix.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\unzip.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\VACFix.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\VCCLSID.exe
c:\program files (x86)\Mozilla Firefox\SmitfraudFix\WS2Fix.exe
c:\programdata\Microsoft\Windows\DRM
c:\programdata\Microsoft\Windows\DRM\blackbox.bin
c:\programdata\Microsoft\Windows\DRM\C5F1.tmp
c:\programdata\Microsoft\Windows\DRM\drmstore.hds
c:\programdata\Microsoft\Windows\DRM\v3ks.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.sec
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\mbr0000\object.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\mbr0000\tsk0000.dta
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\mbr0000\tsk0000.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\mbr0000\tsk0001.dta
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\mbr0000\tsk0001.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\object.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\object.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0000.dta
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0000.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0001.dta
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0001.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0002.dta
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0002.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0003.dta
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0003.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0004.dta
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0004.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0005.dta
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0005.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0006.dta
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0006.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0007.dta
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0007.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0008.dta
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0008.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0009.dta
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0009.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0010.dta
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0010.ini
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0011.dta
c:\tdsskiller_quarantine\25.03.2012_15.50.46\mbr0000\tdlfs0000\tsk0011.ini
c:\users\All Users\Microsoft\Windows\DRM\blackbox.bin
c:\users\All Users\Microsoft\Windows\DRM\C5F1.tmp
c:\users\All Users\Microsoft\Windows\DRM\v3ks.bla
c:\users\All Users\Microsoft\Windows\DRM\v3ks.sec
.
.
((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-26 23:30 . 2012-03-26 23:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-26 16:04 . 2012-03-26 16:04 -------- d-----w- c:\program files (x86)\ESET
2012-03-26 01:04 . 2012-03-26 01:04 388096 ----a-r- c:\users\Susan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-26 01:04 . 2012-03-26 01:04 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-26 00:35 . 2012-03-26 00:35 -------- d-----w- c:\program files\CCleaner
2012-03-26 00:32 . 2012-03-26 00:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-26 00:32 . 2012-03-26 00:31 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-03-26 00:31 . 2012-03-26 00:31 -------- d-----w- c:\program files (x86)\Java
2012-03-25 21:13 . 2012-03-25 21:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-25 21:13 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 15:05 . 2012-03-26 00:42 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-24 03:26 . 2012-03-24 03:30 691 ----a-w- c:\users\Susan\AppData\Roaming\GetValue.vbs
2012-03-24 03:26 . 2012-03-24 03:30 35 ----a-w- c:\users\Susan\AppData\Roaming\SetValue.bat
2012-03-24 01:08 . 2012-03-25 07:33 -------- d-----w- c:\users\Susan\AppData\Roaming\Malwarebytes
2012-03-24 01:08 . 2012-03-25 07:31 -------- d-----w- c:\programdata\Malwarebytes
2012-03-21 13:41 . 2012-03-21 13:43 -------- d-----w- c:\users\Susan\AppData\Roaming\AVG
2012-03-21 13:21 . 2012-03-21 13:31 -------- d-----w- c:\users\Susan\AppData\Roaming\PCPro
2012-03-21 13:21 . 2012-03-21 13:21 -------- d-----w- c:\users\Susan\AppData\Roaming\PC Cleaners
2012-03-21 13:21 . 2012-03-21 13:21 -------- d-----w- c:\programdata\PC1Data
2012-02-29 01:08 . 2012-02-29 01:08 -------- d-----w- c:\program files (x86)\Origin Games
2012-02-29 01:08 . 2012-02-29 01:08 -------- d-----w- c:\users\Susan\AppData\Local\Origin
2012-02-29 00:55 . 2012-03-19 17:46 -------- d-----w- c:\programdata\EA Core
2012-02-29 00:11 . 2012-02-29 01:08 -------- d-----w- c:\users\Susan\AppData\Roaming\Origin
2012-02-29 00:10 . 2012-02-29 01:08 -------- d-----w- c:\programdata\Origin
2012-02-29 00:08 . 2012-03-19 17:46 -------- d-----w- c:\program files (x86)\Origin
2012-02-28 23:59 . 2012-03-19 17:46 -------- d-----w- c:\programdata\Electronic Arts
2012-02-28 23:14 . 2006-09-28 21:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-02-28 23:14 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-02-28 22:55 . 2012-03-21 16:53 -------- d-----w- c:\program files (x86)\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-26 00:31 . 2011-05-14 05:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-23 04:20 . 2012-01-23 04:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-20 13:54 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-17 09:39 . 2012-01-22 20:07 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47859939-AF99-41BE-9585-058DABE6DC9E}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-24_02.26.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-25 02:55 . 2012-03-25 18:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-25 13:14 . 2012-03-25 18:11 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032520120326\index.dat
+ 2012-03-24 15:07 . 2012-03-25 02:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032420120325\index.dat
+ 2012-03-23 21:29 . 2012-03-24 03:37 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032320120324\index.dat
+ 2012-03-19 14:02 . 2012-03-25 18:11 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-03-19 14:02 . 2012-03-24 01:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:24 . 2010-11-21 03:24 37376 c:\windows\system32\wups2(7).dll
+ 2010-11-21 03:09 . 2012-03-25 20:35 40964 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-25 20:35 49408 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-20 13:54 . 2012-03-25 20:35 11088 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-62563193-1554576102-3946920395-1002_UserData.bin
+ 2009-07-14 00:17 . 2009-07-14 01:40 24576 c:\windows\system32\drprov(2).dll
+ 2012-01-20 13:56 . 2012-03-26 22:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-20 13:56 . 2012-03-20 08:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-26 00:35 . 2012-03-26 22:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-20 13:56 . 2012-03-20 08:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-20 08:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-26 22:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:24 . 2010-11-21 03:24 58880 c:\windows\system32\browcli(1).dll
+ 2009-07-14 04:46 . 2012-03-25 03:07 97496 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-31 13:43 . 2012-03-25 20:33 3330 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-26 23:32 . 2012-03-26 23:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-24 02:25 . 2012-03-24 02:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-26 23:32 . 2012-03-26 23:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-24 02:25 . 2012-03-24 02:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-14 05:18 . 2011-05-14 05:18 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-03-26 00:32 . 2012-03-26 00:31 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-03-26 00:32 . 2012-03-26 00:31 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-03-26 00:32 . 2012-03-26 00:31 149280 c:\windows\SysWOW64\java.exe
+ 2012-03-25 02:55 . 2012-03-25 18:11 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-04 17:04 . 2012-03-25 20:47 202044 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-01-22 22:04 . 2012-03-26 21:51 267412 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-03-24 01:47 627082 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-25 20:40 627082 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-25 20:40 107366 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-24 01:47 107366 c:\windows\system32\perfc009.dat
+ 2009-07-14 00:09 . 2009-07-14 01:40 324096 c:\windows\system32\FWPUCLNT(5).DLL
+ 2009-07-14 00:08 . 2009-07-14 01:40 748032 c:\windows\system32\FirewallAPI(4).dll
+ 2009-07-14 00:08 . 2009-07-14 01:40 101376 c:\windows\system32\fdWCN(3).dll
- 2009-07-14 05:38 . 2012-03-24 01:22 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2012-03-25 07:36 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:01 . 2012-03-24 02:25 456352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-26 23:31 456352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-26 00:32 . 2012-03-26 00:32 207360 c:\windows\Installer\d9f88f.msi
+ 2012-03-25 14:00 . 2012-03-25 14:00 584192 c:\windows\Installer\2f8319.msi
+ 2012-03-25 02:52 . 2012-03-25 18:11 3686400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-21 03:24 . 2010-11-21 03:24 2621952 c:\windows\system32\wucltux(6).dll
- 2009-07-14 02:34 . 2012-01-29 22:49 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-25 18:03 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2011-11-07 19:11 . 2012-03-24 01:19 1508768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-07 19:11 . 2012-03-26 23:31 1508768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-20 17:07 . 2012-03-26 23:31 4178424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-62563193-1554576102-3946920395-1002-12288.dat
- 2012-01-20 17:07 . 2012-03-24 02:25 4178424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-62563193-1554576102-3946920395-1002-12288.dat
- 2012-03-19 00:35 . 2012-03-24 02:25 2263620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-03-19 00:35 . 2012-03-25 19:52 2263620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-03-26 00:48 . 2012-03-26 00:48 1402880 c:\windows\Installer\ed712c.msi
+ 2009-07-14 04:54 . 2012-03-25 18:11 10076160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-24 02:26 10076160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-20 17:07 . 2012-03-26 23:31 32213628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-62563193-1554576102-3946920395-1002-8192.dat
+ 2012-03-26 00:31 . 2012-03-26 00:31 12938752 c:\windows\Installer\d9f889.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-03-30 319544]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"bncsaui.exe"="c:\program files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe" [2011-10-28 2625304]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-28 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BNPagent;Bradford Persistent Agent Service;c:\program files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [2011-10-28 3079960]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-03-30 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-01-14 1751656]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\HPCeeScheduleForSUSAN-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-03-19 c:\windows\Tasks\HPCeeScheduleForSusan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-17 525312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 158.136.1.154 158.136.1.92 158.136.1.101 158.136.64.54
FF - ProfilePath - c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\7136meei.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-03-26 19:48:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-26 23:48
ComboFix2.txt 2012-03-25 20:31
ComboFix3.txt 2012-03-25 18:08
ComboFix4.txt 2012-03-24 02:35
.
Pre-Run: 400,429,920,256 bytes free
Post-Run: 400,284,545,024 bytes free
.
- - End Of File - - AD481CB3DF4F35A0811849ED4EBED05F


The computer has still been running really well and there have been no problems that I can see.

-psu2014




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users