Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirecting to Happili and "Welcome to nginx!"


  • This topic is locked This topic is locked
16 replies to this topic

#1 HomesickTexan

HomesickTexan

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 05 April 2012 - 04:59 PM

A few days ago I was doing research for a college class and clicked on a link to a page that had a popup. A few minutes after that my computer slowed to a crawl. As soon as I launched a browser, the mouse would freeze for 30 seconds at a time and continue that until the browser was closed. The display would blank out for 5-10 seconds, and I would get a warning message in the system tray about the display problem. Music would freeze up and get stuck in a loop with Winamp also.

I tried to do a system restore to 4 different dates and Windows gave me an error message each time after rebooting that the restore failed.

I would get random redirects to happili.com when I clicked on a link. I ran scans with Ad-Aware 10 Pro trial, AVG Free 2012, Malwarebytes (latest version)and nothing was found other than tracking cookies. I also ran super antispyware and it found a bunch of tracking cookies but it wanted me to pay to fix it so I didn't do anything with that.

Now we are in day 3 of the problem, the mouse and slowness problem has mysteriously disappeared, but now Google, Yahoo Search and Bing are hijacked. Google redirects to a "Welcome to nginx!" screen whether in IE, Firefox or even Opera. When clicking on some of the links for searches from Yahoo, Malwarebytes blocks access to the address 74.118.192.152, if it gets through the Malwarebytes block, then it goes to a random website with links based on my search. Typing in the URL's from the search manually, instead of clicking on the links, will take me to the site I want to go to.

Also, before I got the nginx error, when I tried to go to Google.com, I was redirected to google.lt or google.co.uk

PC Stats: Windows 7 Ultimate 32 bit w/ SP1, Intel built in HD Graphics, 4GB memory, Intel i5-2500k processor

Here is the DDS.txt info:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Will at 11:58:45 on 2012-04-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3235.1672 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Program Files\Second Copy 8\SCVSSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Second Copy 8\SecCopy.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intuit\QuickBooks 2011\QBHelp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Second Copy] "c:\program files\second copy 8\SecCopy.exe" /InitialWait=10
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "c:\program files\bluetooth suite\AthBtTray.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pervas~1.lnk - c:\pvsw\bin\w3dbsmgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
Trusted Zone: blueearth.net\graderdev
Trusted Zone: blueearth.net\snapdev2010
Trusted Zone: blueearth.net\snappreview2010
Trusted Zone: blueearth.net\snapstage
Trusted Zone: emcp.com\snap2010
Trusted Zone: blueearth.net\graderdev
Trusted Zone: blueearth.net\snapdev2010
Trusted Zone: blueearth.net\snappreview2010
Trusted Zone: blueearth.net\snapstage
Trusted Zone: emcp.com\snap2010
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{CA9D93AB-7FE1-4F46-AD16-8EF7D7904494} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\will\appdata\roaming\mozilla\firefox\profiles\6obgsh41.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\will\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [2011-12-23 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2012-1-21 77696]
R0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-8-27 261160]
R0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\drivers\vsflt61.sys [2012-1-21 84544]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-2-22 299472]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-4 221784]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-4 78936]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-3-13 68768]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-2-14 5104992]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2012-1-10 13592]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-1-10 87712]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-4 652360]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
R2 SCVSSService;Second Copy VSS Service;c:\program files\second copy 8\SCVSSSvc.exe [2012-1-22 968448]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-9-14 102376]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-9-14 311784]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-3-13 34976]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-3-13 259232]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-3-13 24736]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-3-13 175776]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-3-13 49312]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-3-13 141088]
R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-3-13 242336]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2012-1-10 238248]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-1-10 269824]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-2 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-2 12184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-4 20464]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-1-10 41088]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-4 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-4 94040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [2011-3-13 43680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-1-13 15872]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-4 69208]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-13 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-13 1343400]
.
=============== Created Last 30 ================
.
2012-04-05 10:59:20 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-04-04 12:39:43 388096 ----a-r- c:\users\will\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-04-04 12:39:43 -------- d-----w- c:\program files\Trend Micro
2012-04-04 12:35:37 -------- d-----w- c:\users\will\appdata\local\adaware
2012-04-04 12:35:37 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-04 12:35:32 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-04 12:35:32 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-04 12:35:28 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-04 12:35:28 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-04 12:35:27 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-04 12:34:42 -------- d-----w- c:\users\will\appdata\roaming\Ad-Aware Antivirus
2012-04-04 05:43:30 -------- d-----w- c:\users\will\appdata\roaming\Malwarebytes
2012-04-04 05:43:25 -------- d-----w- c:\programdata\Malwarebytes
2012-04-04 05:43:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 05:43:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-04 04:28:25 -------- d-----w- c:\users\will\appdata\roaming\AVG2012
2012-04-04 04:27:50 -------- d--h--w- C:\$AVG
2012-04-04 04:27:50 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-04 04:27:50 -------- d-----w- c:\programdata\AVG2012
2012-04-04 04:27:26 -------- d-----w- c:\program files\AVG
2012-04-04 04:23:32 -------- d-----w- c:\programdata\MFAData
2012-04-04 04:15:04 -------- d-----w- c:\users\will\appdata\local\Opera
2012-04-04 04:04:07 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9d8599b9-6f2d-4fc9-ada4-7e8d0674781f}\mpengine.dll
2012-04-01 15:33:41 -------- d-----w- c:\users\will\appdata\roaming\TotalRecorder
2012-04-01 15:25:21 -------- d-----w- c:\program files\HighCriteria
2012-03-22 00:46:21 -------- d-----w- c:\users\will\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-18 22:31:59 49152 ----a-r- c:\users\will\appdata\roaming\microsoft\installer\{d2fcc1ae-6311-47c5-8130-c6c66d77dd71}\ARPPRODUCTICON.exe
2012-03-18 22:31:48 335872 ----a-r- c:\users\will\appdata\roaming\microsoft\installer\{237cd223-1b9d-47e8-a76c-e478b83ccea2}\ARPPRODUCTICON.exe
2012-03-18 22:31:04 -------- d-----w- c:\program files\common files\muvee Technologies
2012-03-18 22:31:02 -------- d-----w- c:\program files\common files\Nikon
2012-03-18 22:30:57 -------- d-----w- c:\program files\Nikon
2012-03-14 07:00:51 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 07:00:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 21:07:47 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:07:45 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:07:05 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 21:07:05 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 21:07:05 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 21:07:04 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 21:07:04 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 21:07:04 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 21:07:04 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-04-05 10:59:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-18 22:29:26 106496 ----a-w- c:\windows\system32\ATL71.DLL
2012-03-07 10:26:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 13:18:36 237072 ----a-w- c:\windows\system32\MpSigStub.exe
2012-02-22 09:25:52 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-13 23:19:37 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-01-31 08:46:50 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-01-21 17:38:55 766496 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-01-21 17:38:54 609760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-01-21 17:38:53 126144 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-01-21 17:38:52 84544 ----a-w- c:\windows\system32\drivers\vsflt61.sys
2012-01-21 17:38:51 77696 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-01-21 17:38:51 170752 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-01-14 01:14:31 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-11 03:09:30 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2012-01-11 02:59:10 16896 ----a-w- c:\windows\AsTaskSched.dll
.
============= FINISH: 12:00:23.97 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 07 April 2012 - 11:47 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 HomesickTexan

HomesickTexan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 08 April 2012 - 12:39 PM

Here is the combofix log. Also, since my first post, I have been getting a blue screen sometimes, only when I have Internet Explorer or Firefox open. Code is IRQ_NOT_LESS_OR_EQUAL, 0X83041853

I've started getting some popup ads too, in the lower right corner of my screen.

ComboFix 12-04-07.04 - Will 04/08/2012 12:13:03.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3235.2019 [GMT -4:00]
Running from: g:\general data\BACKUPS\Free Unrestricted Software\!Malware - BleepingComputerProcess\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 16:19 . 2012-04-08 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-08 16:19 . 2012-04-08 16:19 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-05 10:59 . 2012-04-05 10:59 -------- d-----w- c:\program files\Common Files\Java
2012-04-05 10:59 . 2012-04-05 10:59 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-04 12:39 . 2012-04-04 12:39 388096 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-04 12:39 . 2012-04-04 12:39 -------- d-----w- c:\program files\Trend Micro
2012-04-04 12:35 . 2012-04-04 12:35 -------- d-----w- c:\users\Will\AppData\Local\adaware
2012-04-04 12:35 . 2012-04-04 12:35 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-04 12:35 . 2011-04-05 21:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-04 12:35 . 2011-04-05 21:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-04 12:35 . 2011-04-05 21:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-04 12:35 . 2011-02-08 13:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-04 12:35 . 2012-04-04 12:35 -------- d-----w- c:\programdata\Lavasoft
2012-04-04 12:35 . 2012-04-04 12:35 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-04 12:34 . 2012-04-08 16:02 -------- d-----w- c:\users\Will\AppData\Roaming\Ad-Aware Antivirus
2012-04-04 05:43 . 2012-04-04 05:43 -------- d-----w- c:\users\Will\AppData\Roaming\Malwarebytes
2012-04-04 05:43 . 2012-04-04 05:43 -------- d-----w- c:\programdata\Malwarebytes
2012-04-04 05:43 . 2012-04-04 05:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-04 05:43 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 04:28 . 2012-04-04 04:28 -------- d-----w- c:\users\Will\AppData\Roaming\AVG2012
2012-04-04 04:27 . 2012-04-08 15:48 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-04 04:27 . 2012-04-04 04:36 -------- d-----w- c:\programdata\AVG2012
2012-04-04 04:27 . 2012-04-04 04:27 -------- d-----w- C:\$AVG
2012-04-04 04:27 . 2012-04-04 04:27 -------- d-----w- c:\program files\AVG
2012-04-04 04:23 . 2012-04-08 15:49 -------- d-----w- c:\programdata\MFAData
2012-04-04 04:15 . 2012-04-04 04:15 -------- d-----w- c:\users\Will\AppData\Local\Opera
2012-04-04 04:14 . 2012-04-04 04:15 -------- d-----w- c:\program files\Opera
2012-04-04 04:04 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D8599B9-6F2D-4FC9-ADA4-7E8D0674781F}\mpengine.dll
2012-04-01 15:33 . 2012-04-01 15:38 -------- d-----w- c:\users\Will\AppData\Roaming\TotalRecorder
2012-04-01 15:25 . 2012-04-01 15:25 -------- d-----w- c:\program files\HighCriteria
2012-03-22 00:46 . 2012-03-22 00:46 -------- d-----w- c:\users\Will\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-14 07:00 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 07:00 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 21:07 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:07 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:07 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 21:07 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 21:07 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 21:07 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 21:07 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 21:07 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:07 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 10:59 . 2012-01-17 00:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-18 22:29 . 2010-10-25 20:13 106496 ----a-w- c:\windows\system32\ATL71.DLL
2012-03-07 10:26 . 2012-01-11 03:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 08:02 . 2012-03-07 08:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-07 08:02 . 2012-03-07 08:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-07 08:02 . 2012-03-07 08:02 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-07 08:02 . 2012-03-07 08:02 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-07 08:02 . 2012-03-07 08:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-07 08:02 . 2012-03-07 08:02 367104 ----a-w- c:\windows\system32\html.iec
2012-03-07 08:02 . 2012-03-07 08:02 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-07 08:02 . 2012-03-07 08:02 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-03-07 08:02 . 2012-03-07 08:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-07 08:02 . 2012-03-07 08:02 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-07 08:02 . 2012-03-07 08:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-07 08:02 . 2012-03-07 08:02 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-07 08:02 . 2012-03-07 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-07 08:02 . 2012-03-07 08:02 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-07 08:02 . 2012-03-07 08:02 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-03-07 08:02 . 2012-03-07 08:02 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-07 08:02 . 2012-03-07 08:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-07 08:02 . 2012-03-07 08:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-07 08:02 . 2012-03-07 08:02 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-07 08:02 . 2012-03-07 08:02 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-07 08:02 . 2012-03-07 08:02 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-23 13:18 . 2012-01-13 23:22 237072 ----a-w- c:\windows\system32\MpSigStub.exe
2012-02-22 09:25 . 2012-02-22 09:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-13 23:19 . 2012-02-04 01:26 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-04 01:26 . 2012-02-04 01:26 53248 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-01-31 08:46 . 2012-01-31 08:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-01-21 17:38 . 2012-01-21 17:38 766496 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-01-21 17:38 . 2012-01-21 17:38 609760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-01-21 17:38 . 2012-01-21 17:38 126144 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-01-21 17:38 . 2012-01-21 17:38 84544 ----a-w- c:\windows\system32\drivers\vsflt61.sys
2012-01-21 17:38 . 2012-01-21 17:38 77696 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-01-21 17:38 . 2012-01-21 17:38 170752 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-01-14 01:14 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-11 03:09 . 2011-03-13 15:53 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2012-01-11 02:59 . 2012-01-11 02:59 16896 ----a-w- c:\windows\AsTaskSched.dll
2012-02-26 20:38 . 2012-01-14 21:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
"Second Copy"="c:\program files\Second Copy 8\SecCopy.exe" [2011-06-01 2999592]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-02-07 107000]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 176920]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 178456]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-13 490656]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-13 302240]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-08-09 1394440]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-8-25 5965656]
Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\bin\w3dbsmgr.exe [2012-1-21 106546]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-8-25 1156384]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-8-25 1178400]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2012-1-17 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 101720]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 43680]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-14 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidsehx.sys [2011-12-23 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-01-21 77696]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 261160]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [2012-01-21 84544]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-02-22 299472]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-03-13 68768]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 87712]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-05-11 74968]
S2 SCVSSService;Second Copy VSS Service;c:\program files\Second Copy 8\SCVSSSvc.exe [2010-04-13 968448]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 102376]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 311784]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 34976]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 259232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 141088]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 242336]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2010-09-21 238248]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2011-09-02 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2011-09-02 12184]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 16:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 16:44]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: blueearth.net\graderdev
Trusted Zone: blueearth.net\snapdev2010
Trusted Zone: blueearth.net\snappreview2010
Trusted Zone: blueearth.net\snapstage
Trusted Zone: emcp.com\snap2010
Trusted Zone: blueearth.net\graderdev
Trusted Zone: blueearth.net\snapdev2010
Trusted Zone: blueearth.net\snappreview2010
Trusted Zone: blueearth.net\snapstage
Trusted Zone: emcp.com\snap2010
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\6obgsh41.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-08 12:20:48
ComboFix-quarantined-files.txt 2012-04-08 16:20
.
Pre-Run: 108,464,680,960 bytes free
Post-Run: 108,664,156,160 bytes free
.
- - End Of File - - C2B2D62C59E1C293F407AF996FCE64FB

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 08 April 2012 - 02:18 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 HomesickTexan

HomesickTexan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 08 April 2012 - 08:34 PM

TDSSKiller found virus.win32.Rloader.a
Service: Wdf01000

Here are the logs:
TDSKILLER LOG:
17:40:39.0161 4236 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
17:40:39.0418 4236 ============================================================
17:40:39.0418 4236 Current date / time: 2012/04/08 17:40:39.0418
17:40:39.0418 4236 SystemInfo:
17:40:39.0418 4236
17:40:39.0419 4236 OS Version: 6.1.7601 ServicePack: 1.0
17:40:39.0419 4236 Product type: Workstation
17:40:39.0419 4236 ComputerName: ASUS-MAIN
17:40:39.0419 4236 UserName: Will
17:40:39.0419 4236 Windows directory: C:\Windows
17:40:39.0419 4236 System windows directory: C:\Windows
17:40:39.0419 4236 Processor architecture: Intel x86
17:40:39.0419 4236 Number of processors: 4
17:40:39.0419 4236 Page size: 0x1000
17:40:39.0419 4236 Boot type: Normal boot
17:40:39.0419 4236 ============================================================
17:40:52.0030 4236 Drive \Device\Harddisk0\DR0 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:40:52.0043 4236 Drive \Device\Harddisk1\DR1 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:40:52.0043 4236 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:40:52.0047 4236 Drive \Device\Harddisk3\DR3 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:40:52.0061 4236 Drive \Device\Harddisk8\DR8 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:40:52.0811 4236 \Device\Harddisk0\DR0:
17:40:52.0858 4236 GPT used
17:40:52.0859 4236 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C9601C11-91E0-4241-9A64-3B4FAF1E6B47}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
17:40:52.0859 4236 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5BB3D1E2-6EBA-4828-9679-6F678E4E8321}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800
17:40:52.0859 4236 \Device\Harddisk1\DR1:
17:40:52.0859 4236 MBR used
17:40:52.0859 4236 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3AA9C76
17:40:52.0859 4236 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3AA9CB5, BlocksNum 0x12970056
17:40:52.0859 4236 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x16419D0B, BlocksNum 0x4741C6B
17:40:52.0874 4236 \Device\Harddisk2\DR2:
17:40:52.0874 4236 MBR used
17:40:52.0874 4236 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x782AA677
17:40:52.0874 4236 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x782AA6B6, BlocksNum 0x367DC08B
17:40:52.0874 4236 \Device\Harddisk3\DR3:
17:40:52.0880 4236 MBR used
17:40:52.0880 4236 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5753D540
17:40:52.0880 4236 \Device\Harddisk8\DR8:
17:40:52.0880 4236 MBR used
17:40:52.0880 4236 \Device\Harddisk8\DR8\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E035C1
17:40:53.0133 4236 Initialize success
17:40:53.0133 4236 ============================================================
17:41:01.0298 4252 ============================================================
17:41:01.0298 4252 Scan started
17:41:01.0298 4252 Mode: Manual;
17:41:01.0298 4252 ============================================================
17:41:03.0333 4252 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:41:03.0336 4252 1394ohci - ok
17:41:03.0388 4252 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:41:03.0391 4252 ACPI - ok
17:41:03.0435 4252 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:41:03.0436 4252 AcpiPmi - ok
17:41:03.0507 4252 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
17:41:03.0513 4252 Ad-Aware Service - ok
17:41:03.0628 4252 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:41:03.0629 4252 AdobeARMservice - ok
17:41:03.0731 4252 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:41:03.0737 4252 adp94xx - ok
17:41:03.0761 4252 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:41:03.0765 4252 adpahci - ok
17:41:03.0788 4252 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:41:03.0790 4252 adpu320 - ok
17:41:03.0817 4252 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
17:41:03.0818 4252 AeLookupSvc - ok
17:41:03.0861 4252 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:41:03.0866 4252 AFD - ok
17:41:03.0909 4252 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:41:03.0910 4252 agp440 - ok
17:41:03.0958 4252 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:41:03.0960 4252 aic78xx - ok
17:41:04.0002 4252 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
17:41:04.0004 4252 ALG - ok
17:41:04.0049 4252 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:41:04.0050 4252 aliide - ok
17:41:04.0101 4252 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:41:04.0102 4252 amdagp - ok
17:41:04.0127 4252 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:41:04.0128 4252 amdide - ok
17:41:04.0160 4252 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:41:04.0162 4252 AmdK8 - ok
17:41:04.0174 4252 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:41:04.0176 4252 AmdPPM - ok
17:41:04.0204 4252 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:41:04.0206 4252 amdsata - ok
17:41:04.0220 4252 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:41:04.0222 4252 amdsbs - ok
17:41:04.0253 4252 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:41:04.0254 4252 amdxata - ok
17:41:04.0307 4252 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:41:04.0308 4252 AppID - ok
17:41:04.0350 4252 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
17:41:04.0351 4252 AppIDSvc - ok
17:41:04.0388 4252 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
17:41:04.0389 4252 Appinfo - ok
17:41:04.0452 4252 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:41:04.0453 4252 Apple Mobile Device - ok
17:41:04.0484 4252 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
17:41:04.0487 4252 AppMgmt - ok
17:41:04.0532 4252 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:41:04.0533 4252 arc - ok
17:41:04.0546 4252 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:41:04.0547 4252 arcsas - ok
17:41:04.0582 4252 asmthub3 (0a0fea9d64cca930e5aae8e1458330d4) C:\Windows\system32\DRIVERS\asmthub3.sys
17:41:04.0584 4252 asmthub3 - ok
17:41:04.0613 4252 asmtxhci (68064f1baac47dfae494895026ca5776) C:\Windows\system32\DRIVERS\asmtxhci.sys
17:41:04.0618 4252 asmtxhci - ok
17:41:04.0638 4252 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:41:04.0639 4252 AsyncMac - ok
17:41:04.0689 4252 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:41:04.0689 4252 atapi - ok
17:41:04.0724 4252 AthBTPort (882edbafcc227852c9dca23ea48d2e78) C:\Windows\system32\DRIVERS\btath_flt.sys
17:41:04.0725 4252 AthBTPort - ok
17:41:04.0754 4252 ATHDFU (99925b8ec4fccdb3992292fbcb31069e) C:\Windows\system32\Drivers\AthDfu.sys
17:41:04.0756 4252 ATHDFU - ok
17:41:04.0801 4252 AtherosSvc (92758ed60f8134e3b844808413f25530) C:\Program Files\Bluetooth Suite\adminservice.exe
17:41:04.0802 4252 AtherosSvc - ok
17:41:04.0857 4252 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:41:04.0873 4252 AudioEndpointBuilder - ok
17:41:04.0890 4252 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:41:04.0892 4252 Audiosrv - ok
17:41:05.0081 4252 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe
17:41:05.0216 4252 AVGIDSAgent - ok
17:41:05.0301 4252 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
17:41:05.0304 4252 AVGIDSDriver - ok
17:41:05.0326 4252 AVGIDSEH (f4050c31e6a83cf1e4cdc80d165f7f08) C:\Windows\system32\DRIVERS\avgidsehx.sys
17:41:05.0327 4252 AVGIDSEH - ok
17:41:05.0350 4252 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
17:41:05.0351 4252 AVGIDSFilter - ok
17:41:05.0366 4252 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
17:41:05.0367 4252 AVGIDSShim - ok
17:41:05.0405 4252 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
17:41:05.0409 4252 Avgldx86 - ok
17:41:05.0425 4252 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
17:41:05.0426 4252 Avgmfx86 - ok
17:41:05.0476 4252 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
17:41:05.0478 4252 Avgrkx86 - ok
17:41:05.0521 4252 Avgtdix (b2fc9d4de6a2e57a4dfb5a11440c5b85) C:\Windows\system32\DRIVERS\avgtdix.sys
17:41:05.0526 4252 Avgtdix - ok
17:41:05.0614 4252 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
17:41:05.0617 4252 avgwd - ok
17:41:05.0708 4252 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
17:41:05.0710 4252 AxInstSV - ok
17:41:05.0758 4252 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:41:05.0764 4252 b06bdrv - ok
17:41:05.0803 4252 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:41:05.0807 4252 b57nd60x - ok
17:41:05.0843 4252 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
17:41:05.0845 4252 BDESVC - ok
17:41:05.0877 4252 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:41:05.0877 4252 Beep - ok
17:41:05.0956 4252 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
17:41:05.0963 4252 BFE - ok
17:41:06.0008 4252 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
17:41:06.0042 4252 BITS - ok
17:41:06.0111 4252 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:41:06.0112 4252 blbdrive - ok
17:41:06.0187 4252 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:41:06.0191 4252 Bonjour Service - ok
17:41:06.0288 4252 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:41:06.0290 4252 bowser - ok
17:41:06.0329 4252 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:41:06.0330 4252 BrFiltLo - ok
17:41:06.0347 4252 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:41:06.0348 4252 BrFiltUp - ok
17:41:06.0365 4252 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
17:41:06.0367 4252 BridgeMP - ok
17:41:06.0424 4252 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
17:41:06.0426 4252 Browser - ok
17:41:06.0450 4252 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:41:06.0454 4252 Brserid - ok
17:41:06.0466 4252 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:41:06.0468 4252 BrSerWdm - ok
17:41:06.0487 4252 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:41:06.0488 4252 BrUsbMdm - ok
17:41:06.0507 4252 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:41:06.0508 4252 BrUsbSer - ok
17:41:06.0538 4252 BTATH_A2DP (e5b321f18a1d8b6b8dd397d92ba5946a) C:\Windows\system32\drivers\btath_a2dp.sys
17:41:06.0542 4252 BTATH_A2DP - ok
17:41:06.0579 4252 BTATH_BUS (f60e0c722442ea91f0c253b7814d8192) C:\Windows\system32\DRIVERS\btath_bus.sys
17:41:06.0579 4252 BTATH_BUS - ok
17:41:06.0603 4252 BTATH_HCRP (f31e369db8258b28e3dcf66705aea9e9) C:\Windows\system32\DRIVERS\btath_hcrp.sys
17:41:06.0606 4252 BTATH_HCRP - ok
17:41:06.0632 4252 BTATH_LWFLT (6651798266fde23159d961463a63a77d) C:\Windows\system32\DRIVERS\btath_lwflt.sys
17:41:06.0633 4252 BTATH_LWFLT - ok
17:41:06.0656 4252 BTATH_RCP (08ef5298df80bc136523bcd2ed8b9c37) C:\Windows\system32\DRIVERS\btath_rcp.sys
17:41:06.0659 4252 BTATH_RCP - ok
17:41:06.0691 4252 BtFilter (ef6269eab772989e338ba4c833093bac) C:\Windows\system32\DRIVERS\btfilter.sys
17:41:06.0694 4252 BtFilter - ok
17:41:06.0735 4252 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
17:41:06.0736 4252 BthEnum - ok
17:41:06.0765 4252 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:41:06.0766 4252 BTHMODEM - ok
17:41:06.0801 4252 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
17:41:06.0802 4252 BthPan - ok
17:41:06.0835 4252 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
17:41:06.0841 4252 BTHPORT - ok
17:41:06.0885 4252 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
17:41:06.0886 4252 bthserv - ok
17:41:06.0932 4252 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
17:41:06.0933 4252 BTHUSB - ok
17:41:06.0984 4252 catchme - ok
17:41:07.0019 4252 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:41:07.0021 4252 cdfs - ok
17:41:07.0074 4252 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
17:41:07.0076 4252 cdrom - ok
17:41:07.0122 4252 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:41:07.0123 4252 CertPropSvc - ok
17:41:07.0157 4252 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:41:07.0158 4252 circlass - ok
17:41:07.0194 4252 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:41:07.0198 4252 CLFS - ok
17:41:07.0250 4252 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:41:07.0251 4252 clr_optimization_v2.0.50727_32 - ok
17:41:07.0328 4252 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:41:07.0330 4252 clr_optimization_v4.0.30319_32 - ok
17:41:07.0378 4252 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:41:07.0379 4252 CmBatt - ok
17:41:07.0409 4252 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:41:07.0410 4252 cmdide - ok
17:41:07.0466 4252 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
17:41:07.0471 4252 CNG - ok
17:41:07.0482 4252 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:41:07.0482 4252 Compbatt - ok
17:41:07.0522 4252 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:41:07.0523 4252 CompositeBus - ok
17:41:07.0539 4252 COMSysApp - ok
17:41:07.0558 4252 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:41:07.0559 4252 crcdisk - ok
17:41:07.0616 4252 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
17:41:07.0618 4252 CryptSvc - ok
17:41:07.0676 4252 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
17:41:07.0681 4252 CSC - ok
17:41:07.0733 4252 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
17:41:07.0739 4252 CscService - ok
17:41:07.0789 4252 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:41:07.0794 4252 DcomLaunch - ok
17:41:07.0824 4252 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
17:41:07.0828 4252 defragsvc - ok
17:41:07.0869 4252 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:41:07.0871 4252 DfsC - ok
17:41:07.0930 4252 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
17:41:07.0933 4252 Dhcp - ok
17:41:07.0960 4252 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:41:07.0961 4252 discache - ok
17:41:08.0006 4252 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:41:08.0007 4252 Disk - ok
17:41:08.0034 4252 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
17:41:08.0037 4252 Dnscache - ok
17:41:08.0075 4252 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
17:41:08.0079 4252 dot3svc - ok
17:41:08.0114 4252 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
17:41:08.0117 4252 DPS - ok
17:41:08.0158 4252 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:41:08.0158 4252 drmkaud - ok
17:41:08.0204 4252 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:41:08.0229 4252 DXGKrnl - ok
17:41:08.0262 4252 e1cexpress (137482f0afa288a9e0b563c23facb4cd) C:\Windows\system32\DRIVERS\e1c6232.sys
17:41:08.0266 4252 e1cexpress - ok
17:41:08.0299 4252 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
17:41:08.0301 4252 EapHost - ok
17:41:08.0401 4252 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:41:08.0469 4252 ebdrv - ok
17:41:08.0513 4252 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
17:41:08.0514 4252 EFS - ok
17:41:08.0565 4252 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
17:41:08.0573 4252 ehRecvr - ok
17:41:08.0598 4252 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
17:41:08.0600 4252 ehSched - ok
17:41:08.0656 4252 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:41:08.0662 4252 elxstor - ok
17:41:08.0692 4252 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:41:08.0693 4252 ErrDev - ok
17:41:08.0730 4252 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
17:41:08.0734 4252 EventSystem - ok
17:41:08.0770 4252 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:41:08.0773 4252 exfat - ok
17:41:08.0786 4252 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:41:08.0788 4252 fastfat - ok
17:41:08.0839 4252 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
17:41:08.0881 4252 Fax - ok
17:41:08.0902 4252 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:41:08.0903 4252 fdc - ok
17:41:08.0924 4252 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
17:41:08.0925 4252 fdPHost - ok
17:41:08.0942 4252 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
17:41:08.0943 4252 FDResPub - ok
17:41:08.0958 4252 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:41:08.0959 4252 FileInfo - ok
17:41:08.0980 4252 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:41:08.0981 4252 Filetrace - ok
17:41:09.0057 4252 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:41:09.0074 4252 FLEXnet Licensing Service - ok
17:41:09.0100 4252 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:41:09.0101 4252 flpydisk - ok
17:41:09.0133 4252 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:41:09.0136 4252 FltMgr - ok
17:41:09.0194 4252 fltsrv (d85453baf5de7e55cb13441452a4e2d3) C:\Windows\system32\DRIVERS\fltsrv.sys
17:41:09.0196 4252 fltsrv - ok
17:41:09.0254 4252 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
17:41:09.0257 4252 FontCache - ok
17:41:09.0317 4252 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:41:09.0318 4252 FontCache3.0.0.0 - ok
17:41:09.0362 4252 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:41:09.0364 4252 FsDepends - ok
17:41:09.0387 4252 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
17:41:09.0388 4252 Fs_Rec - ok
17:41:09.0425 4252 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:41:09.0428 4252 fvevol - ok
17:41:09.0461 4252 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:41:09.0462 4252 gagp30kx - ok
17:41:09.0513 4252 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:41:09.0514 4252 GEARAspiWDM - ok
17:41:09.0565 4252 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
17:41:09.0568 4252 gpsvc - ok
17:41:09.0605 4252 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:41:09.0606 4252 hcw85cir - ok
17:41:09.0686 4252 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
17:41:09.0691 4252 HdAudAddService - ok
17:41:09.0731 4252 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:41:09.0733 4252 HDAudBus - ok
17:41:09.0760 4252 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:41:09.0761 4252 HidBatt - ok
17:41:09.0792 4252 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:41:09.0793 4252 HidBth - ok
17:41:09.0824 4252 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:41:09.0825 4252 HidIr - ok
17:41:09.0857 4252 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
17:41:09.0859 4252 hidserv - ok
17:41:09.0906 4252 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
17:41:09.0907 4252 HidUsb - ok
17:41:09.0942 4252 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
17:41:09.0944 4252 hkmsvc - ok
17:41:09.0988 4252 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
17:41:09.0992 4252 HomeGroupListener - ok
17:41:10.0023 4252 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
17:41:10.0026 4252 HomeGroupProvider - ok
17:41:10.0080 4252 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:41:10.0081 4252 HpSAMD - ok
17:41:10.0132 4252 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:41:10.0138 4252 HTTP - ok
17:41:10.0170 4252 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:41:10.0171 4252 hwpolicy - ok
17:41:10.0216 4252 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
17:41:10.0218 4252 i8042prt - ok
17:41:10.0262 4252 iaStor (db81f413fa4e3f328cad7b5d59ef3f21) C:\Windows\system32\DRIVERS\iaStor.sys
17:41:10.0264 4252 iaStor - ok
17:41:10.0332 4252 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
17:41:10.0333 4252 IAStorDataMgrSvc - ok
17:41:10.0432 4252 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:41:10.0437 4252 iaStorV - ok
17:41:10.0522 4252 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:41:10.0524 4252 IDriverT - ok
17:41:10.0609 4252 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:41:10.0620 4252 idsvc - ok
17:41:10.0908 4252 igfx (696d41b94fb11f425e6f730f8dbeae7a) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:41:11.0119 4252 igfx - ok
17:41:11.0156 4252 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:41:11.0158 4252 iirsp - ok
17:41:11.0210 4252 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
17:41:11.0244 4252 IKEEXT - ok
17:41:11.0366 4252 IntcAzAudAddService (5294f1c52a6d8c2a15ffd2945c552736) C:\Windows\system32\drivers\RTKVHDA.sys
17:41:11.0433 4252 IntcAzAudAddService - ok
17:41:11.0474 4252 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:41:11.0478 4252 IntcDAud - ok
17:41:11.0526 4252 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:41:11.0527 4252 intelide - ok
17:41:11.0571 4252 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:41:11.0572 4252 intelppm - ok
17:41:11.0610 4252 Intel® PROSet Monitoring Service (269af0b4cb88ada418ef92138686b910) C:\Windows\system32\IProsetMonitor.exe
17:41:11.0612 4252 Intel® PROSet Monitoring Service - ok
17:41:11.0639 4252 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
17:41:11.0641 4252 IPBusEnum - ok
17:41:11.0695 4252 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:41:11.0696 4252 IpFilterDriver - ok
17:41:11.0738 4252 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
17:41:11.0745 4252 iphlpsvc - ok
17:41:11.0773 4252 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:41:11.0775 4252 IPMIDRV - ok
17:41:11.0811 4252 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:41:11.0814 4252 IPNAT - ok
17:41:11.0864 4252 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
17:41:11.0889 4252 iPod Service - ok
17:41:11.0960 4252 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:41:11.0961 4252 IRENUM - ok
17:41:11.0997 4252 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:41:11.0998 4252 isapnp - ok
17:41:12.0048 4252 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:41:12.0052 4252 iScsiPrt - ok
17:41:12.0096 4252 JRAID (fe40c1ba67ec92490fce065016806aa6) C:\Windows\system32\DRIVERS\jraid.sys
17:41:12.0098 4252 JRAID - ok
17:41:12.0158 4252 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:41:12.0159 4252 kbdclass - ok
17:41:12.0197 4252 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
17:41:12.0198 4252 kbdhid - ok
17:41:12.0236 4252 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:41:12.0237 4252 KeyIso - ok
17:41:12.0260 4252 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
17:41:12.0261 4252 KSecDD - ok
17:41:12.0299 4252 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
17:41:12.0301 4252 KSecPkg - ok
17:41:12.0337 4252 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
17:41:12.0343 4252 KtmRm - ok
17:41:12.0396 4252 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
17:41:12.0400 4252 LanmanServer - ok
17:41:12.0458 4252 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
17:41:12.0460 4252 LanmanWorkstation - ok
17:41:12.0561 4252 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:41:12.0566 4252 LBTServ - ok
17:41:12.0660 4252 LEqdUsb (717e6714bca808f2a372e636aff3d15a) C:\Windows\system32\Drivers\LEqdUsb.Sys
17:41:12.0660 4252 LEqdUsb - ok
17:41:12.0705 4252 LHidEqd (2786f7b4003adff88ce28bc1800b5407) C:\Windows\system32\Drivers\LHidEqd.Sys
17:41:12.0705 4252 LHidEqd - ok
17:41:12.0762 4252 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:41:12.0763 4252 LHidFilt - ok
17:41:12.0852 4252 LightScribeService (ac2e68e3421af857b8d438414e7ae31c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:41:12.0853 4252 LightScribeService - ok
17:41:12.0920 4252 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:41:12.0921 4252 lltdio - ok
17:41:12.0977 4252 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
17:41:12.0981 4252 lltdsvc - ok
17:41:12.0996 4252 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
17:41:12.0998 4252 lmhosts - ok
17:41:13.0044 4252 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:41:13.0045 4252 LMouFilt - ok
17:41:13.0081 4252 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:41:13.0083 4252 LSI_FC - ok
17:41:13.0100 4252 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:41:13.0102 4252 LSI_SAS - ok
17:41:13.0125 4252 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:41:13.0126 4252 LSI_SAS2 - ok
17:41:13.0148 4252 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:41:13.0150 4252 LSI_SCSI - ok
17:41:13.0180 4252 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:41:13.0181 4252 luafv - ok
17:41:13.0217 4252 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
17:41:13.0218 4252 MBAMProtector - ok
17:41:13.0303 4252 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:41:13.0336 4252 MBAMService - ok
17:41:13.0406 4252 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
17:41:13.0408 4252 Mcx2Svc - ok
17:41:13.0466 4252 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:41:13.0467 4252 megasas - ok
17:41:13.0495 4252 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:41:13.0498 4252 MegaSR - ok
17:41:13.0523 4252 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys
17:41:13.0524 4252 MEI - ok
17:41:13.0589 4252 Microsoft SharePoint Workspace Audit Service - ok
17:41:13.0635 4252 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:41:13.0637 4252 MMCSS - ok
17:41:13.0694 4252 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:41:13.0696 4252 Modem - ok
17:41:13.0731 4252 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:41:13.0731 4252 monitor - ok
17:41:13.0779 4252 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:41:13.0780 4252 mouclass - ok
17:41:13.0815 4252 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:41:13.0816 4252 mouhid - ok
17:41:13.0875 4252 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:41:13.0877 4252 mountmgr - ok
17:41:13.0920 4252 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:41:13.0922 4252 mpio - ok
17:41:13.0944 4252 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:41:13.0945 4252 mpsdrv - ok
17:41:13.0995 4252 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
17:41:14.0003 4252 MpsSvc - ok
17:41:14.0042 4252 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:41:14.0044 4252 MRxDAV - ok
17:41:14.0092 4252 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:41:14.0095 4252 mrxsmb - ok
17:41:14.0119 4252 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:41:14.0122 4252 mrxsmb10 - ok
17:41:14.0142 4252 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:41:14.0144 4252 mrxsmb20 - ok
17:41:14.0178 4252 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:41:14.0179 4252 msahci - ok
17:41:14.0227 4252 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:41:14.0229 4252 msdsm - ok
17:41:14.0263 4252 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
17:41:14.0266 4252 MSDTC - ok
17:41:14.0293 4252 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:41:14.0294 4252 Msfs - ok
17:41:14.0318 4252 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:41:14.0319 4252 mshidkmdf - ok
17:41:14.0364 4252 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:41:14.0365 4252 msisadrv - ok
17:41:14.0408 4252 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
17:41:14.0411 4252 MSiSCSI - ok
17:41:14.0421 4252 msiserver - ok
17:41:14.0469 4252 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:41:14.0469 4252 MSKSSRV - ok
17:41:14.0499 4252 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:41:14.0500 4252 MSPCLOCK - ok
17:41:14.0522 4252 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:41:14.0523 4252 MSPQM - ok
17:41:14.0543 4252 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:41:14.0546 4252 MsRPC - ok
17:41:14.0586 4252 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:41:14.0586 4252 mssmbios - ok
17:41:14.0617 4252 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:41:14.0618 4252 MSTEE - ok
17:41:14.0639 4252 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:41:14.0640 4252 MTConfig - ok
17:41:14.0664 4252 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:41:14.0665 4252 Mup - ok
17:41:14.0707 4252 mv91xx (19aab6a158bc8a16e756c010776a5546) C:\Windows\system32\DRIVERS\mv91xx.sys
17:41:14.0711 4252 mv91xx - ok
17:41:14.0748 4252 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
17:41:14.0754 4252 napagent - ok
17:41:14.0799 4252 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:41:14.0803 4252 NativeWifiP - ok
17:41:14.0862 4252 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:41:14.0879 4252 NDIS - ok
17:41:14.0922 4252 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:41:14.0923 4252 NdisCap - ok
17:41:14.0948 4252 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:41:14.0949 4252 NdisTapi - ok
17:41:14.0997 4252 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:41:14.0998 4252 Ndisuio - ok
17:41:15.0031 4252 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:41:15.0033 4252 NdisWan - ok
17:41:15.0077 4252 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:41:15.0079 4252 NDProxy - ok
17:41:15.0220 4252 Nero BackItUp Scheduler 4.0 (0ff3c6aa3e0fe0eb316df5449b569463) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
17:41:15.0270 4252 Nero BackItUp Scheduler 4.0 - ok
17:41:15.0348 4252 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:41:15.0349 4252 NetBIOS - ok
17:41:15.0394 4252 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:41:15.0397 4252 NetBT - ok
17:41:15.0426 4252 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:41:15.0427 4252 Netlogon - ok
17:41:15.0486 4252 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
17:41:15.0491 4252 Netman - ok
17:41:15.0516 4252 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
17:41:15.0521 4252 netprofm - ok
17:41:15.0578 4252 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:41:15.0581 4252 NetTcpPortSharing - ok
17:41:15.0652 4252 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:41:15.0653 4252 nfrd960 - ok
17:41:15.0694 4252 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
17:41:15.0698 4252 NlaSvc - ok
17:41:15.0718 4252 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:41:15.0719 4252 Npfs - ok
17:41:15.0746 4252 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
17:41:15.0748 4252 nsi - ok
17:41:15.0773 4252 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:41:15.0774 4252 nsiproxy - ok
17:41:15.0842 4252 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:41:15.0867 4252 Ntfs - ok
17:41:15.0891 4252 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:41:15.0892 4252 Null - ok
17:41:15.0941 4252 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:41:15.0944 4252 nvraid - ok
17:41:15.0964 4252 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:41:15.0966 4252 nvstor - ok
17:41:16.0004 4252 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:41:16.0006 4252 nv_agp - ok
17:41:16.0042 4252 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:41:16.0044 4252 ohci1394 - ok
17:41:16.0111 4252 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:41:16.0114 4252 ose - ok
17:41:16.0242 4252 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:41:16.0335 4252 osppsvc - ok
17:41:16.0410 4252 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:41:16.0414 4252 p2pimsvc - ok
17:41:16.0462 4252 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
17:41:16.0468 4252 p2psvc - ok
17:41:16.0508 4252 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:41:16.0510 4252 Parport - ok
17:41:16.0550 4252 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
17:41:16.0552 4252 partmgr - ok
17:41:16.0571 4252 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:41:16.0572 4252 Parvdm - ok
17:41:16.0591 4252 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
17:41:16.0595 4252 PcaSvc - ok
17:41:16.0633 4252 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:41:16.0636 4252 pci - ok
17:41:16.0676 4252 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:41:16.0676 4252 pciide - ok
17:41:16.0710 4252 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:41:16.0713 4252 pcmcia - ok
17:41:16.0738 4252 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:41:16.0740 4252 pcw - ok
17:41:16.0771 4252 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:41:16.0778 4252 PEAUTH - ok
17:41:16.0854 4252 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
17:41:16.0879 4252 PeerDistSvc - ok
17:41:16.0947 4252 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
17:41:16.0989 4252 pla - ok
17:41:17.0032 4252 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
17:41:17.0038 4252 PlugPlay - ok
17:41:17.0075 4252 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
17:41:17.0077 4252 PNRPAutoReg - ok
17:41:17.0109 4252 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:41:17.0111 4252 PNRPsvc - ok
17:41:17.0160 4252 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
17:41:17.0166 4252 PolicyAgent - ok
17:41:17.0200 4252 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
17:41:17.0203 4252 Power - ok
17:41:17.0238 4252 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:41:17.0240 4252 PptpMiniport - ok
17:41:17.0265 4252 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:41:17.0266 4252 Processor - ok
17:41:17.0306 4252 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
17:41:17.0309 4252 ProfSvc - ok
17:41:17.0351 4252 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:41:17.0352 4252 ProtectedStorage - ok
17:41:17.0389 4252 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:41:17.0391 4252 Psched - ok
17:41:17.0477 4252 QBCFMonitorService (de050f20f541c3731c2cca1f8224c9b2) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
17:41:17.0478 4252 QBCFMonitorService - ok
17:41:17.0517 4252 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
17:41:17.0518 4252 QBFCService - ok
17:41:17.0619 4252 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:41:17.0669 4252 ql2300 - ok
17:41:17.0702 4252 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:41:17.0704 4252 ql40xx - ok
17:41:17.0734 4252 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
17:41:17.0739 4252 QWAVE - ok
17:41:17.0760 4252 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:41:17.0762 4252 QWAVEdrv - ok
17:41:17.0783 4252 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:41:17.0784 4252 RasAcd - ok
17:41:17.0821 4252 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:41:17.0822 4252 RasAgileVpn - ok
17:41:17.0855 4252 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
17:41:17.0858 4252 RasAuto - ok
17:41:17.0895 4252 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:41:17.0897 4252 Rasl2tp - ok
17:41:17.0949 4252 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
17:41:17.0954 4252 RasMan - ok
17:41:17.0993 4252 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:41:17.0995 4252 RasPppoe - ok
17:41:18.0017 4252 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:41:18.0019 4252 RasSstp - ok
17:41:18.0061 4252 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:41:18.0065 4252 rdbss - ok
17:41:18.0083 4252 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:41:18.0084 4252 rdpbus - ok
17:41:18.0114 4252 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:41:18.0115 4252 RDPCDD - ok
17:41:18.0168 4252 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
17:41:18.0171 4252 RDPDR - ok
17:41:18.0216 4252 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:41:18.0218 4252 RDPENCDD - ok
17:41:18.0235 4252 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:41:18.0236 4252 RDPREFMP - ok
17:41:18.0289 4252 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
17:41:18.0290 4252 RdpVideoMiniport - ok
17:41:18.0326 4252 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
17:41:18.0329 4252 RDPWD - ok
17:41:18.0385 4252 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:41:18.0388 4252 rdyboost - ok
17:41:18.0425 4252 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
17:41:18.0427 4252 RemoteAccess - ok
17:41:18.0465 4252 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
17:41:18.0467 4252 RemoteRegistry - ok
17:41:18.0503 4252 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
17:41:18.0505 4252 RFCOMM - ok
17:41:18.0527 4252 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
17:41:18.0529 4252 RpcEptMapper - ok
17:41:18.0558 4252 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
17:41:18.0559 4252 RpcLocator - ok
17:41:18.0601 4252 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:41:18.0604 4252 RpcSs - ok
17:41:18.0650 4252 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:41:18.0652 4252 rspndr - ok
17:41:18.0691 4252 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
17:41:18.0691 4252 s3cap - ok
17:41:18.0742 4252 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:41:18.0743 4252 SamSs - ok
17:41:18.0852 4252 SBAMSvc (c7d53053541a448febb1373abbaf79ef) C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
17:41:18.0911 4252 SBAMSvc - ok
17:41:18.0965 4252 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\Windows\system32\DRIVERS\sbapifs.sys
17:41:18.0966 4252 sbapifs - ok
17:41:19.0022 4252 SbFw (9c9bcc79aef0aa97f16766c498002d36) C:\Windows\system32\drivers\SbFw.sys
17:41:19.0025 4252 SbFw - ok
17:41:19.0064 4252 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\sbfwim.sys
17:41:19.0066 4252 SBFWIMCL - ok
17:41:19.0089 4252 SBFWIMCLMP (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\SBFWIM.sys
17:41:19.0090 4252 SBFWIMCLMP - ok
17:41:19.0143 4252 sbhips (53e5e7dc26bb920b97f258bbd52abfdc) C:\Windows\system32\drivers\sbhips.sys
17:41:19.0145 4252 sbhips - ok
17:41:19.0186 4252 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\DRIVERS\sbp2port.sys
17:41:19.0188 4252 sbp2port - ok
17:41:19.0247 4252 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREdrv.sys
17:41:19.0249 4252 SBRE - ok
17:41:19.0303 4252 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
17:41:19.0304 4252 SbTis - ok
17:41:19.0348 4252 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
17:41:19.0351 4252 SCardSvr - ok
17:41:19.0383 4252 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:41:19.0384 4252 scfilter - ok
17:41:19.0429 4252 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
17:41:19.0432 4252 Schedule - ok
17:41:19.0467 4252 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:41:19.0468 4252 SCPolicySvc - ok
17:41:19.0556 4252 SCVSSService (1f2e666ac4e0cd295c303fa9f19a9b0e) C:\Program Files\Second Copy 8\SCVSSSvc.exe
17:41:19.0614 4252 SCVSSService - ok
17:41:19.0644 4252 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
17:41:19.0647 4252 SDRSVC - ok
17:41:19.0695 4252 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:41:19.0696 4252 secdrv - ok
17:41:19.0729 4252 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
17:41:19.0731 4252 seclogon - ok
17:41:19.0753 4252 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
17:41:19.0755 4252 SENS - ok
17:41:19.0783 4252 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
17:41:19.0785 4252 SensrSvc - ok
17:41:19.0834 4252 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:41:19.0835 4252 Serenum - ok
17:41:19.0851 4252 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:41:19.0853 4252 Serial - ok
17:41:19.0901 4252 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:41:19.0902 4252 sermouse - ok
17:41:19.0937 4252 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
17:41:19.0940 4252 SessionEnv - ok
17:41:19.0969 4252 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:41:19.0970 4252 sffdisk - ok
17:41:19.0984 4252 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:41:19.0985 4252 sffp_mmc - ok
17:41:20.0006 4252 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
17:41:20.0007 4252 sffp_sd - ok
17:41:20.0038 4252 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:41:20.0039 4252 sfloppy - ok
17:41:20.0076 4252 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
17:41:20.0081 4252 SharedAccess - ok
17:41:20.0132 4252 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
17:41:20.0138 4252 ShellHWDetection - ok
17:41:20.0194 4252 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:41:20.0195 4252 sisagp - ok
17:41:20.0228 4252 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:41:20.0229 4252 SiSRaid2 - ok
17:41:20.0254 4252 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:41:20.0255 4252 SiSRaid4 - ok
17:41:20.0289 4252 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:41:20.0291 4252 Smb - ok
17:41:20.0330 4252 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
17:41:20.0331 4252 SNMPTRAP - ok
17:41:20.0356 4252 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:41:20.0357 4252 spldr - ok
17:41:20.0400 4252 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
17:41:20.0402 4252 Spooler - ok
17:41:20.0492 4252 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
17:41:20.0505 4252 sppsvc - ok
17:41:20.0552 4252 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
17:41:20.0555 4252 sppuinotify - ok
17:41:20.0605 4252 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:41:20.0609 4252 srv - ok
17:41:20.0631 4252 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:41:20.0636 4252 srv2 - ok
17:41:20.0659 4252 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:41:20.0661 4252 srvnet - ok
17:41:20.0688 4252 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
17:41:20.0692 4252 SSDPSRV - ok
17:41:20.0719 4252 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
17:41:20.0722 4252 SstpSvc - ok
17:41:20.0760 4252 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:41:20.0761 4252 stexstor - ok
17:41:20.0817 4252 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
17:41:20.0820 4252 StiSvc - ok
17:41:20.0878 4252 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
17:41:20.0879 4252 storflt - ok
17:41:20.0908 4252 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
17:41:20.0909 4252 storvsc - ok
17:41:20.0943 4252 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:41:20.0944 4252 swenum - ok
17:41:21.0066 4252 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:41:21.0073 4252 SwitchBoard - ok
17:41:21.0116 4252 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
17:41:21.0122 4252 swprv - ok
17:41:21.0143 4252 Synth3dVsc - ok
17:41:21.0198 4252 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
17:41:21.0203 4252 SysMain - ok
17:41:21.0233 4252 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
17:41:21.0236 4252 TabletInputService - ok
17:41:21.0269 4252 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
17:41:21.0274 4252 TapiSrv - ok
17:41:21.0294 4252 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
17:41:21.0297 4252 TBS - ok
17:41:21.0361 4252 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
17:41:21.0386 4252 Tcpip - ok
17:41:21.0444 4252 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
17:41:21.0449 4252 TCPIP6 - ok
17:41:21.0484 4252 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:41:21.0485 4252 tcpipreg - ok
17:41:21.0524 4252 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:41:21.0525 4252 TDPIPE - ok
17:41:21.0565 4252 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
17:41:21.0566 4252 TDTCP - ok
17:41:21.0604 4252 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:41:21.0606 4252 tdx - ok
17:41:21.0638 4252 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:41:21.0639 4252 TermDD - ok
17:41:21.0678 4252 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
17:41:21.0687 4252 TermService - ok
17:41:21.0716 4252 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
17:41:21.0718 4252 Themes - ok
17:41:21.0753 4252 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:41:21.0754 4252 THREADORDER - ok
17:41:21.0781 4252 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
17:41:21.0784 4252 TrkWks - ok
17:41:21.0821 4252 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
17:41:21.0824 4252 TrustedInstaller - ok
17:41:21.0849 4252 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:41:21.0850 4252 tssecsrv - ok
17:41:21.0891 4252 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:41:21.0892 4252 TsUsbFlt - ok
17:41:21.0904 4252 tsusbhub - ok
17:41:21.0958 4252 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:41:21.0960 4252 tunnel - ok
17:41:21.0984 4252 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:41:21.0985 4252 uagp35 - ok
17:41:22.0028 4252 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:41:22.0031 4252 udfs - ok
17:41:22.0066 4252 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
17:41:22.0068 4252 UI0Detect - ok
17:41:22.0101 4252 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:41:22.0103 4252 uliagpkx - ok
17:41:22.0147 4252 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
17:41:22.0148 4252 umbus - ok
17:41:22.0175 4252 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:41:22.0176 4252 UmPass - ok
17:41:22.0219 4252 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
17:41:22.0223 4252 UmRdpService - ok
17:41:22.0254 4252 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
17:41:22.0256 4252 upnphost - ok
17:41:22.0313 4252 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
17:41:22.0314 4252 USBAAPL - ok
17:41:22.0356 4252 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
17:41:22.0358 4252 usbaudio - ok
17:41:22.0403 4252 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:41:22.0403 4252 usbccgp - ok
17:41:22.0451 4252 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:41:22.0453 4252 usbcir - ok
17:41:22.0478 4252 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
17:41:22.0479 4252 usbehci - ok
17:41:22.0514 4252 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:41:22.0518 4252 usbhub - ok
17:41:22.0553 4252 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
17:41:22.0554 4252 usbohci - ok
17:41:22.0581 4252 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:41:22.0582 4252 usbprint - ok
17:41:22.0618 4252 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:41:22.0620 4252 USBSTOR - ok
17:41:22.0639 4252 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
17:41:22.0640 4252 usbuhci - ok
17:41:22.0666 4252 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
17:41:22.0668 4252 UxSms - ok
17:41:22.0716 4252 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:41:22.0717 4252 VaultSvc - ok
17:41:22.0746 4252 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:41:22.0747 4252 vdrvroot - ok
17:41:22.0795 4252 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
17:41:22.0812 4252 vds - ok
17:41:22.0843 4252 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:41:22.0844 4252 vga - ok
17:41:22.0874 4252 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:41:22.0875 4252 VgaSave - ok
17:41:22.0887 4252 VGPU - ok
17:41:22.0924 4252 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:41:22.0927 4252 vhdmp - ok
17:41:22.0983 4252 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:41:22.0984 4252 viaagp - ok
17:41:23.0020 4252 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:41:23.0021 4252 ViaC7 - ok
17:41:23.0040 4252 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:41:23.0041 4252 viaide - ok
17:41:23.0101 4252 vidsflt61 (7140e9ea599c2e5ffca0e783af9ede2e) C:\Windows\system32\DRIVERS\vsflt61.sys
17:41:23.0103 4252 vidsflt61 - ok
17:41:23.0140 4252 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
17:41:23.0143 4252 vmbus - ok
17:41:23.0189 4252 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
17:41:23.0189 4252 VMBusHID - ok
17:41:23.0227 4252 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:41:23.0228 4252 volmgr - ok
17:41:23.0263 4252 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:41:23.0267 4252 volmgrx - ok
17:41:23.0310 4252 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:41:23.0313 4252 volsnap - ok
17:41:23.0361 4252 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
17:41:23.0364 4252 vpcbus - ok
17:41:23.0404 4252 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
17:41:23.0406 4252 vpcnfltr - ok
17:41:23.0421 4252 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
17:41:23.0423 4252 vpcusb - ok
17:41:23.0470 4252 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
17:41:23.0474 4252 vpcvmm - ok
17:41:23.0526 4252 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:41:23.0528 4252 vsmraid - ok
17:41:23.0579 4252 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
17:41:23.0638 4252 VSS - ok
17:41:23.0656 4252 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
17:41:23.0657 4252 vwifibus - ok
17:41:23.0692 4252 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
17:41:23.0697 4252 W32Time - ok
17:41:23.0716 4252 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:41:23.0717 4252 WacomPen - ok
17:41:23.0745 4252 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:41:23.0747 4252 WANARP - ok
17:41:23.0749 4252 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:41:23.0750 4252 Wanarpv6 - ok
17:41:23.0836 4252 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
17:41:23.0870 4252 WatAdminSvc - ok
17:41:23.0964 4252 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
17:41:24.0006 4252 wbengine - ok
17:41:24.0039 4252 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
17:41:24.0043 4252 WbioSrvc - ok
17:41:24.0078 4252 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
17:41:24.0083 4252 wcncsvc - ok
17:41:24.0103 4252 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
17:41:24.0106 4252 WcsPlugInService - ok
17:41:24.0149 4252 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:41:24.0150 4252 Wd - ok
17:41:24.0184 4252 Wdf01000 (77d80469dd64dfddf3f2b881c68dcbe1) C:\Windows\system32\drivers\Wdf01000.sys
17:41:24.0191 4252 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 77d80469dd64dfddf3f2b881c68dcbe1, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73
17:41:24.0192 4252 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
17:41:24.0192 4252 Wdf01000 - detected Virus.Win32.Rloader.a (0)
17:41:24.0220 4252 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:41:24.0223 4252 WdiServiceHost - ok
17:41:24.0226 4252 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:41:24.0228 4252 WdiSystemHost - ok
17:41:24.0263 4252 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
17:41:24.0268 4252 WebClient - ok
17:41:24.0307 4252 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
17:41:24.0311 4252 Wecsvc - ok
17:41:24.0330 4252 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
17:41:24.0333 4252 wercplsupport - ok
17:41:24.0359 4252 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
17:41:24.0362 4252 WerSvc - ok
17:41:24.0406 4252 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:41:24.0407 4252 WfpLwf - ok
17:41:24.0424 4252 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:41:24.0425 4252 WIMMount - ok
17:41:24.0487 4252 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
17:41:24.0490 4252 WinDefend - ok
17:41:24.0492 4252 WinHttpAutoProxySvc - ok
17:41:24.0542 4252 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
17:41:24.0545 4252 Winmgmt - ok
17:41:24.0596 4252 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
17:41:24.0621 4252 WinRM - ok
17:41:24.0676 4252 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
17:41:24.0688 4252 Wlansvc - ok
17:41:24.0748 4252 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:41:24.0749 4252 WmiAcpi - ok
17:41:24.0800 4252 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
17:41:24.0803 4252 wmiApSrv - ok
17:41:24.0873 4252 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:41:24.0877 4252 WMPNetworkSvc - ok
17:41:24.0905 4252 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
17:41:24.0908 4252 WPCSvc - ok
17:41:24.0950 4252 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
17:41:24.0952 4252 WPDBusEnum - ok
17:41:24.0985 4252 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:41:24.0986 4252 ws2ifsl - ok
17:41:25.0010 4252 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
17:41:25.0012 4252 wscsvc - ok
17:41:25.0023 4252 WSearch - ok
17:41:25.0102 4252 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
17:41:25.0144 4252 wuauserv - ok
17:41:25.0184 4252 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:41:25.0186 4252 WudfPf - ok
17:41:25.0242 4252 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:41:25.0245 4252 WUDFRd - ok
17:41:25.0284 4252 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
17:41:25.0286 4252 wudfsvc - ok
17:41:25.0315 4252 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
17:41:25.0320 4252 WwanSvc - ok
17:41:25.0343 4252 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:41:25.0345 4252 \Device\Harddisk0\DR0 - ok
17:41:25.0363 4252 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:41:25.0401 4252 \Device\Harddisk1\DR1 - ok
17:41:25.0403 4252 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
17:41:25.0405 4252 \Device\Harddisk2\DR2 - ok
17:41:25.0416 4252 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
17:41:25.0418 4252 \Device\Harddisk3\DR3 - ok
17:41:25.0421 4252 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk8\DR8
17:41:25.0445 4252 \Device\Harddisk8\DR8 - ok
17:41:25.0447 4252 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition0
17:41:25.0447 4252 \Device\Harddisk0\DR0\Partition0 - ok
17:41:25.0453 4252 Boot (0x1200) (2930b3211a4ee4c78de48cb934ef90d6) \Device\Harddisk0\DR0\Partition1
17:41:25.0454 4252 \Device\Harddisk0\DR0\Partition1 - ok
17:41:25.0455 4252 Boot (0x1200) (7dcf84771169e0204629af4416cf17f4) \Device\Harddisk1\DR1\Partition0
17:41:25.0456 4252 \Device\Harddisk1\DR1\Partition0 - ok
17:41:25.0457 4252 Boot (0x1200) (482ec072124a279ac51b8e128af0ac1e) \Device\Harddisk1\DR1\Partition1
17:41:25.0458 4252 \Device\Harddisk1\DR1\Partition1 - ok
17:41:25.0459 4252 Boot (0x1200) (6881dcd4b4e78dc549d4b62e166586a4) \Device\Harddisk1\DR1\Partition2
17:41:25.0460 4252 \Device\Harddisk1\DR1\Partition2 - ok
17:41:25.0462 4252 Boot (0x1200) (f537d06eb2c73b43eca75a1de6e05133) \Device\Harddisk2\DR2\Partition0
17:41:25.0463 4252 \Device\Harddisk2\DR2\Partition0 - ok
17:41:25.0478 4252 Boot (0x1200) (255eb7c43194fef78b908e4ca6d4ab46) \Device\Harddisk2\DR2\Partition1
17:41:25.0479 4252 \Device\Harddisk2\DR2\Partition1 - ok
17:41:25.0481 4252 Boot (0x1200) (1b745422eb762cd77bf527e97f71dc8c) \Device\Harddisk3\DR3\Partition0
17:41:25.0482 4252 \Device\Harddisk3\DR3\Partition0 - ok
17:41:25.0484 4252 Boot (0x1200) (2bf8cccd05d37cdca0d50ffe4db32ec8) \Device\Harddisk8\DR8\Partition0
17:41:25.0485 4252 \Device\Harddisk8\DR8\Partition0 - ok
17:41:25.0486 4252 ============================================================
17:41:25.0486 4252 Scan finished
17:41:25.0486 4252 ============================================================
17:41:25.0490 3712 Detected object count: 1
17:41:25.0490 3712 Actual detected object count: 1
17:42:14.0784 3712 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
17:42:15.0128 3712 Backup copy found, using it..
17:42:15.0152 3712 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
17:42:15.0152 3712 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
17:43:28.0784 4408 Deinitialize success

****************************************************************************************************************************

aswMBR LOG:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-08 20:35:56
-----------------------------
20:35:56.942 OS Version: Windows 6.1.7601 Service Pack 1
20:35:56.942 Number of processors: 4 586 0x2A07
20:35:56.944 ComputerName: ASUS-MAIN UserName: Will
20:36:10.495 Initialize success
20:37:37.095 AVAST engine defs: 12040801
20:38:27.594 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:38:27.595 Disk 0 Vendor: Hitachi_ MEAO Size: 2861588MB BusType: 3
20:38:27.597 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
20:38:27.598 Disk 1 Vendor: ST330083 3.01 Size: 286168MB BusType: 3
20:38:27.599 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
20:38:27.601 Disk 2 Vendor: ST315003 CC1H Size: 1430799MB BusType: 3
20:38:27.602 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-4
20:38:27.604 Disk 3 Vendor: ST375064 3.AE Size: 715404MB BusType: 3
20:38:27.620 Disk 1 MBR read successfully
20:38:27.623 Disk 1 MBR scan
20:38:27.626 Disk 1 Windows 7 default MBR code
20:38:27.628 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 30035 MB offset 63
20:38:27.640 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 152288 MB offset 61512885
20:38:27.674 Disk 1 Partition 3 80 (A) 07 HPFS/NTFS NTFS 36483 MB offset 373398795
20:38:27.698 Disk 1 Partition - 00 0F Extended LBA 67358 MB offset 448117110
20:38:27.717 Disk 1 Partition - 00 05 Extended 67358 MB offset 448117172
20:38:27.721 Disk 1 Partition 4 00 07 HPFS/NTFS NTFS 67358 MB offset 448117173
20:38:27.749 Disk 1 scanning sectors +586067265
20:38:27.803 Disk 1 scanning C:\Windows\system32\drivers
20:38:51.224 Service scanning
20:39:20.621 Modules scanning
20:39:26.575 Disk 1 trace - called modules:
20:39:26.587 ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt61.sys halmacpi.dll iaStor.sys
20:39:26.591 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x89323ac8]
20:39:26.593 3 CLASSPNP.SYS[843d559e] -> nt!IofCallDriver -> [0x89322b28]
20:39:26.596 5 vsflt61.sys[84153f9b] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x86ac3028]
20:39:27.417 AVAST engine scan C:\Windows
20:39:30.951 AVAST engine scan C:\Windows\system32
20:43:34.952 AVAST engine scan C:\Windows\system32\drivers
20:43:58.402 AVAST engine scan C:\Users\Will
20:48:39.996 AVAST engine scan C:\ProgramData
20:50:21.234 Scan finished successfully
21:31:15.431 Disk 1 MBR has been saved successfully to "G:\General Data\BACKUPS\Free Unrestricted Software\!Malware - BleepingComputerProcess\MBR.dat"
21:31:15.434 The log file has been saved successfully to "G:\General Data\BACKUPS\Free Unrestricted Software\!Malware - BleepingComputerProcess\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 08 April 2012 - 08:41 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 HomesickTexan

HomesickTexan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 08 April 2012 - 09:27 PM

Hello Gringo, I am trying to drag and drop the cfscript.txt file into the image on your post but all that happens is that a new window pops up in my browser listing the ClearJavaCache:: command. I do not see combofix starting up. For the image I am supposed to drag and drop into, are you referring to the animated image showing the file and the arrow pointing to the red combofix.exe icon, on a black background?

Thank You.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 08 April 2012 - 09:46 PM

hello


you need to drag it into the combofix icon on YOUR DESKTOP not here on the web page


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 HomesickTexan

HomesickTexan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 08 April 2012 - 10:18 PM

Oops, sorry, experienced a dumb moment.


Computer appears to be working well for now. No popups with the characteristic I was seeing, no redirects so far, and Google is loading ok.

I will post back if I have more problems show up after further testing over the next few days.

THANK YOU! I will get a PayPal donation to you in the next couple of days. --Will

Here's the combofix log.

ComboFix 12-04-07.04 - Will 04/08/2012 22:57:44.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3235.1636 [GMT -4:00]
Running from: c:\users\Will\Desktop\ComboFix.exe
Command switches used :: c:\users\Will\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 03:03 . 2012-04-09 03:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-09 03:03 . 2012-04-09 03:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-08 21:42 . 2012-04-08 21:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 10:59 . 2012-04-05 10:59 -------- d-----w- c:\program files\Common Files\Java
2012-04-05 10:59 . 2012-04-05 10:59 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-04 12:39 . 2012-04-04 12:39 388096 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-04 12:39 . 2012-04-04 12:39 -------- d-----w- c:\program files\Trend Micro
2012-04-04 12:35 . 2012-04-04 12:35 -------- d-----w- c:\users\Will\AppData\Local\adaware
2012-04-04 12:35 . 2012-04-04 12:35 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-04 12:35 . 2011-04-05 21:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-04 12:35 . 2011-04-05 21:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-04 12:35 . 2011-04-05 21:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-04 12:35 . 2011-02-08 13:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-04 12:35 . 2012-04-04 12:35 -------- d-----w- c:\programdata\Lavasoft
2012-04-04 12:35 . 2012-04-04 12:35 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-04 12:34 . 2012-04-08 16:02 -------- d-----w- c:\users\Will\AppData\Roaming\Ad-Aware Antivirus
2012-04-04 05:43 . 2012-04-04 05:43 -------- d-----w- c:\users\Will\AppData\Roaming\Malwarebytes
2012-04-04 05:43 . 2012-04-04 05:43 -------- d-----w- c:\programdata\Malwarebytes
2012-04-04 05:43 . 2012-04-04 05:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-04 05:43 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 04:28 . 2012-04-04 04:28 -------- d-----w- c:\users\Will\AppData\Roaming\AVG2012
2012-04-04 04:27 . 2012-04-08 22:49 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-04 04:27 . 2012-04-04 04:36 -------- d-----w- c:\programdata\AVG2012
2012-04-04 04:27 . 2012-04-04 04:27 -------- d-----w- C:\$AVG
2012-04-04 04:27 . 2012-04-04 04:27 -------- d-----w- c:\program files\AVG
2012-04-04 04:23 . 2012-04-08 22:49 -------- d-----w- c:\programdata\MFAData
2012-04-04 04:15 . 2012-04-04 04:15 -------- d-----w- c:\users\Will\AppData\Local\Opera
2012-04-04 04:14 . 2012-04-04 04:15 -------- d-----w- c:\program files\Opera
2012-04-04 04:04 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D8599B9-6F2D-4FC9-ADA4-7E8D0674781F}\mpengine.dll
2012-04-01 15:33 . 2012-04-01 15:38 -------- d-----w- c:\users\Will\AppData\Roaming\TotalRecorder
2012-04-01 15:25 . 2012-04-01 15:25 -------- d-----w- c:\program files\HighCriteria
2012-03-22 00:46 . 2012-03-22 00:46 -------- d-----w- c:\users\Will\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-14 07:00 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 07:00 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 21:07 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:07 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:07 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 21:07 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 21:07 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 21:07 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 21:07 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 21:07 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:07 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 21:45 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-04-05 10:59 . 2012-01-17 00:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-18 22:29 . 2010-10-25 20:13 106496 ----a-w- c:\windows\system32\ATL71.DLL
2012-03-07 10:26 . 2012-01-11 03:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 08:02 . 2012-03-07 08:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-07 08:02 . 2012-03-07 08:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-07 08:02 . 2012-03-07 08:02 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-07 08:02 . 2012-03-07 08:02 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-07 08:02 . 2012-03-07 08:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-07 08:02 . 2012-03-07 08:02 367104 ----a-w- c:\windows\system32\html.iec
2012-03-07 08:02 . 2012-03-07 08:02 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-07 08:02 . 2012-03-07 08:02 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-03-07 08:02 . 2012-03-07 08:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-07 08:02 . 2012-03-07 08:02 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-07 08:02 . 2012-03-07 08:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-07 08:02 . 2012-03-07 08:02 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-07 08:02 . 2012-03-07 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-07 08:02 . 2012-03-07 08:02 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-07 08:02 . 2012-03-07 08:02 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-03-07 08:02 . 2012-03-07 08:02 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-07 08:02 . 2012-03-07 08:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-07 08:02 . 2012-03-07 08:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-07 08:02 . 2012-03-07 08:02 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-07 08:02 . 2012-03-07 08:02 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-07 08:02 . 2012-03-07 08:02 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-23 13:18 . 2012-01-13 23:22 237072 ----a-w- c:\windows\system32\MpSigStub.exe
2012-02-22 09:25 . 2012-02-22 09:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-13 23:19 . 2012-02-04 01:26 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-04 01:26 . 2012-02-04 01:26 53248 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-01-31 08:46 . 2012-01-31 08:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-01-21 17:38 . 2012-01-21 17:38 766496 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-01-21 17:38 . 2012-01-21 17:38 609760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-01-21 17:38 . 2012-01-21 17:38 126144 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-01-21 17:38 . 2012-01-21 17:38 84544 ----a-w- c:\windows\system32\drivers\vsflt61.sys
2012-01-21 17:38 . 2012-01-21 17:38 77696 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-01-21 17:38 . 2012-01-21 17:38 170752 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-01-14 01:14 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-11 03:09 . 2011-03-13 15:53 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2012-01-11 02:59 . 2012-01-11 02:59 16896 ----a-w- c:\windows\AsTaskSched.dll
2012-02-26 20:38 . 2012-01-14 21:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
"Second Copy"="c:\program files\Second Copy 8\SecCopy.exe" [2011-06-01 2999592]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-02-07 107000]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 176920]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 178456]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-13 490656]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-13 302240]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-08-09 1394440]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-8-25 5965656]
Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\bin\w3dbsmgr.exe [2012-1-21 106546]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-8-25 1156384]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-8-25 1178400]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2012-1-17 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 101720]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 43680]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-14 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidsehx.sys [2011-12-23 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-01-21 77696]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 261160]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [2012-01-21 84544]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-02-22 299472]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-03-13 68768]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 87712]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-05-11 74968]
S2 SCVSSService;Second Copy VSS Service;c:\program files\Second Copy 8\SCVSSSvc.exe [2010-04-13 968448]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 102376]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 311784]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 34976]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 259232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 141088]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 242336]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2010-09-21 238248]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2011-09-02 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2011-09-02 12184]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 50434312
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - 50434312
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 16:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 16:44]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: blueearth.net\graderdev
Trusted Zone: blueearth.net\snapdev2010
Trusted Zone: blueearth.net\snappreview2010
Trusted Zone: blueearth.net\snapstage
Trusted Zone: emcp.com\snap2010
Trusted Zone: blueearth.net\graderdev
Trusted Zone: blueearth.net\snapdev2010
Trusted Zone: blueearth.net\snappreview2010
Trusted Zone: blueearth.net\snapstage
Trusted Zone: emcp.com\snap2010
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\6obgsh41.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-50434312.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-08 23:04:13
ComboFix-quarantined-files.txt 2012-04-09 03:04
ComboFix2.txt 2012-04-08 16:20
.
Pre-Run: 108,230,889,472 bytes free
Post-Run: 108,049,391,616 bytes free
.
- - End Of File - - C5A04C7352E1AE2D7A5E4F5ADE6E1673

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 08 April 2012 - 10:31 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Advertising Center
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 HomesickTexan

HomesickTexan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 10 April 2012 - 10:35 PM

Thank you. Computer appears to be running much better now. BTW, I sent a donation to you. PayPal said the transaction failed. I have had this happen before and got a double payment to someone. If I don't get confirmation by tomorrow morning I will resend it. Once this is finished will you make recommendations to me for the best AV software and anti-malware software to use and the proper setup? For AV software I prefer thorough over anything else but don't want a resource hog either. Thanks again for your help. --Will


Here is the MBAM Log:
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Will :: ASUS-MAIN [administrator]

Protection: Enabled

4/10/2012 11:19:20 PM
mbam-log-2012-04-10 (23-19-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214297
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


***************************************************************************************************************
Here is the HiJack This Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:33 PM, on 4/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Second Copy 8\SecCopy.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Intuit\QuickBooks 2011\QBHelp.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\Second Copy 8\SecCopy.exe" /InitialWait=10
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\pvsw\bin\w3dbsmgr.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://graderdev.blueearth.net
O15 - Trusted Zone: http://snapdev2010.blueearth.net
O15 - Trusted Zone: http://snappreview2010.blueearth.net
O15 - Trusted Zone: http://snapstage.blueearth.net
O15 - Trusted Zone: http://snap2010.emcp.com
O15 - Trusted Zone: http://graderdev.blueearth.net (HKLM)
O15 - Trusted Zone: http://snapdev2010.blueearth.net (HKLM)
O15 - Trusted Zone: http://snappreview2010.blueearth.net (HKLM)
O15 - Trusted Zone: http://snapstage.blueearth.net (HKLM)
O15 - Trusted Zone: http://snap2010.emcp.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Ad-Aware (SBAMSvc) - Sunbelt Software - C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
O23 - Service: Second Copy VSS Service (SCVSSService) - Unknown owner - C:\Program Files\Second Copy 8\SCVSSSvc.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 15069 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 10 April 2012 - 10:43 PM

Hello


yes i received it and it was very nice!!


These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
      O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\Second Copy 8\SecCopy.exe" /InitialWait=10
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
      O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
      O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo

Edited by gringo_pr, 10 April 2012 - 10:44 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 HomesickTexan

HomesickTexan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 11 April 2012 - 02:34 PM

Here is the log from the ESET scanner. Several problems were found. However, please note that the problems found on drives U:, V: and W: are from separate installs of Windows on a multi-boot drive. I do not boot into those partitions anymore, I just have them until I ensure I have relocated all my data over to the Windows 7 partition with a new motherboard I installed about 3 months ago.

C:\Documents and Settings\Will\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application
C:\TDSSKiller_Quarantine\08.04.2012_17.40.39\rtkt0000\svc0000\tsk0000.dta Win32/Agent.SUC.Gen trojan
C:\Users\Will\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application
E:\Graphics\Fun Stuff\Mona Lisa.EXE Joke.Mona.A application
F:\MP3\FTP\Clinton\TEST FILE.ZIP multiple threats
U:\Documents and Settings\Will\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application
U:\Users\Public\Computer Setup\Winamp\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy application
U:\Users\Will\AppData\Local\Temp\2yl4yY3S.exe.part a variant of Win32/AdInstaller application
U:\Users\Will\AppData\Local\Temp\ICReinstall\cnet_EasyBCD 2_1_exe.exe a variant of Win32/InstallCore.D application
U:\Users\Will\AppData\Local\Temp\is1598539481\zgInstaller.exe Win32/Toolbar.Zugo application
U:\Users\Will\Documents\Computer Setup\Winamp\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy application
V:\Documents and Settings\Will\Application Data\Sun\Java\Deployment\cache\6.0\11\3d726d4b-48861eb3 a variant of Java/Agent.BR trojan
V:\Documents and Settings\Will\Application Data\Sun\Java\Deployment\cache\6.0\19\713bb693-293964e1 Java/TrojanDownloader.OpenStream.NCA trojan
V:\Documents and Settings\Will\Application Data\Sun\Java\Deployment\cache\6.0\32\31cee7a0-5ef523b6 probably a variant of Java/Agent.BR trojan
V:\Documents and Settings\Will\Application Data\Sun\Java\Deployment\cache\6.0\34\5fc5a262-6c35c923 a variant of Java/Agent.BR trojan
V:\Documents and Settings\Will\Application Data\Sun\Java\Deployment\cache\6.0\36\1ffc5a4-5fcf8e99 probably a variant of Java/Agent.BR trojan
V:\Documents and Settings\Will\Application Data\Sun\Java\Deployment\cache\6.0\38\27ff64e6-22f9246f multiple threats
V:\Documents and Settings\Will\Application Data\Sun\Java\Deployment\cache\6.0\51\.INFECTED a variant of Win32/Injector.FVQ trojan
V:\Documents and Settings\Will\Start Menu\eBay.lnk Win32/Adware.ADON application
V:\Program Files\Unlocker\eBay_shortcuts_1016.exe Win32/Adware.ADON application
W:\Documents and Settings\Will\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application
W:\Users\Will\AppData\Local\Temp\ICReinstall\cnet2_FileRenamerBasic_exe.exe a variant of Win32/InstallCore.D application
W:\Users\Will\AppData\Local\Temp\ICReinstall\cnet2_renameit305-setup_exe.exe a variant of Win32/InstallCore.D application
W:\Users\Will\AppData\Local\Temp\ICReinstall\cnet_fkeylogger_zip.exe a variant of Win32/InstallCore.D application
W:\Users\Will\AppData\Local\Temp\ICReinstall\cnet_K-Lite_Codec_Pack_760_Mega_exe.exe a variant of Win32/InstallCore.D application
W:\Users\Will\AppData\Local\Temp\ICReinstall\cnet_nl_v130_exe.exe a variant of Win32/InstallCore.D application
W:\Users\Will\AppData\Local\Temp\is1598539481\zgInstaller.exe Win32/Toolbar.Zugo application
W:\Users\Will\AppData\Local\Temp\NERO1002626\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar application
W:\Users\Will\Desktop\cnet_K-Lite_Codec_Pack_760_Mega_exe.exe a variant of Win32/InstallCore.D application

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 11 April 2012 - 04:12 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Documents and Settings\Will\Downloads\winamp5623_full_emusic-7plus_en-us.exe"
    del /f /s /q "C:\Users\Will\Downloads\winamp5623_full_emusic-7plus_en-us.exe"
    del /f /s /q "E:\Graphics\Fun Stuff\Mona Lisa.EXE"
    del /f /s /q "F:\MP3\FTP\Clinton\TEST FILE.ZIP"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 HomesickTexan

HomesickTexan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 11 April 2012 - 07:49 PM

Ahh, you had me run a batch file. Some good memories there. A few years ago I actually wrote scripts in .bat format to perform some file sharing and management at the company I worked for between their servers in the U.S. and Germany. Some of these batch files could be around 500 lines of code - pretty good size for a batch file :)

Thanks so much for all your help. I will take your advice and run the same security setup as you recommend, including the paid version of MBAM. As far as a firewall, do I need to do anything about that or is that included in the MS SE or other software you recommended?

Kind Regards,
Will




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users