Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comcast Constant Guard says I'm infected with SDBot_Group_G


  • This topic is locked This topic is locked
24 replies to this topic

#1 BuBoh

BuBoh

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 09 April 2012 - 08:44 PM

I received a vague email last night from Comcast saying that one or more of my computers was infected with a bot. Upon visiting amibotted.comcast.net I was informed that it is SDBot_Group_G and it was seen 6 times even though I've only received one notice. I've run AVG anti-virus (full scan), Windows Malicious Software Removal Tool (Quick and Full scans), Malwarebytes' Anti-Malware (full scan), and Spybot S&D on both my Windows 7 x64 desktop and my Windows 7 x64 laptop. Nothing was found.

This is the report from desktop.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by XXX at 18:23:49 on 2012-04-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6134.4299 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\WMP12 maximize fix\wmp12fix.exe
C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\HijackThis\HijackThis2.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hauntedbay.com/cgi-bin/events/calendar_admin.pl
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [wmp12fix] C:\Program Files (x86)\WMP12 maximize fix\wmp12fix.exe
mRun: [<NO NAME>]
mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{6F65EA72-E874-49C4-9BE6-8822B22154BB} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [(Default)]
mRun-x64: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\m6zm9rpe.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: C:\Users\XXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\system32\Wacom_Tablet.exe --> C:\Windows\system32\Wacom_Tablet.exe [?]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-18 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 CYUSB;Cypress Generic USB Driver;C:\Windows\system32\Drivers\CYUSB.sys --> C:\Windows\system32\Drivers\CYUSB.sys [?]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
S3 EyeOneDisplay;EyeOneDisplay;C:\Windows\system32\Drivers\i1display_x64.sys --> C:\Windows\system32\Drivers\i1display_x64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-18 135664]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-5 90112]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-04-09 22:32:07 -------- d-----w- C:\Users\XXX\AppData\Local\{696E175A-5EB0-4AFC-9100-59CB00BED726}
2012-04-09 22:31:56 -------- d-----w- C:\Users\XXX\AppData\Local\{30A3365C-C45A-46C3-BB2E-C50CBB6FF59D}
2012-04-09 05:44:20 -------- d-----w- C:\Users\XXX\AppData\Local\{FAE67E17-D0C4-4E04-B1A8-1C3D5627B960}
2012-04-09 05:44:08 -------- d-----w- C:\Users\XXX\AppData\Local\{3D5FE66A-05D8-4AB6-9BD6-D514C21034BF}
2012-04-08 17:28:24 -------- d-----w- C:\Users\XXX\AppData\Local\{A3AAE24C-95F8-4B75-A1C0-CD08D46025AE}
2012-04-08 17:28:09 -------- d-----w- C:\Users\XXX\AppData\Local\{E990B7FE-1AA9-4A51-8766-79059D6B6031}
2012-04-07 20:06:58 -------- d-----w- C:\Users\XXX\AppData\Local\{9883DEC7-C58A-499F-B472-68CFCB61870B}
2012-04-07 20:06:44 -------- d-----w- C:\Users\XXX\AppData\Local\{C4E137CC-A8AE-433B-9791-67A00E2DBB7B}
2012-04-06 22:39:31 -------- d-----w- C:\Users\XXX\AppData\Local\{9DB9DF87-76E3-43C2-80D7-39C56CD609F9}
2012-04-06 22:39:19 -------- d-----w- C:\Users\XXX\AppData\Local\{DE78C791-0A37-48E4-9E4B-69E9A5D16B4E}
2012-04-05 22:15:20 -------- d-----w- C:\Users\XXX\AppData\Local\{2AED0B4C-C852-4AB2-B966-DEF8A61517AF}
2012-04-05 22:15:10 -------- d-----w- C:\Users\XXX\AppData\Local\{166B00D4-1FB1-4E06-9CBE-653B907099F5}
2012-04-04 16:54:35 -------- d-----w- C:\Users\XXX\AppData\Local\{A69FED98-09D6-4854-AEFF-1A2C61E5DBCF}
2012-04-04 16:54:25 -------- d-----w- C:\Users\XXX\AppData\Local\{C7BB4F0C-1502-4534-AA46-04B288A65E0B}
2012-04-04 03:11:14 -------- d-----w- C:\Users\XXX\AppData\Local\{717190B0-291E-4998-89E3-87FDB516E8FC}
2012-04-04 03:11:03 -------- d-----w- C:\Users\XXX\AppData\Local\{0EA78845-D261-4868-9000-2119D8E76C39}
2012-04-03 15:10:39 -------- d-----w- C:\Users\XXX\AppData\Local\{CD1BD9D5-73DD-40D0-B179-C6836BE194AF}
2012-04-03 15:10:26 -------- d-----w- C:\Users\XXX\AppData\Local\{3C40DFE8-DFDC-4884-B415-157FF3A6C3BB}
2012-04-03 00:47:47 -------- d-----w- C:\Users\XXX\AppData\Local\{A5BDE964-09A4-40BC-A9D3-B40E13ED2C1B}
2012-04-03 00:47:37 -------- d-----w- C:\Users\XXX\AppData\Local\{BD6F9F49-75E0-45BF-8AAE-BB891CAF5B33}
2012-04-02 12:20:35 -------- d-----w- C:\Users\XXX\AppData\Local\{6251654A-BB9A-4FBC-84A6-4F9271AB8FC4}
2012-04-02 12:20:25 -------- d-----w- C:\Users\XXX\AppData\Local\{56646087-865C-421D-A5D6-251591914194}
2012-04-01 19:28:11 -------- d-----w- C:\Users\XXX\AppData\Local\{499CC830-7804-46DC-911B-250A88BF668E}
2012-04-01 19:27:58 -------- d-----w- C:\Users\XXX\AppData\Local\{848CE262-BB44-4CD2-A8CB-30C577418C27}
2012-04-01 19:16:57 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-01 04:41:40 -------- d-----w- C:\Program Files\iTunes
2012-04-01 04:41:40 -------- d-----w- C:\Program Files\iPod
2012-04-01 04:41:40 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-31 20:25:17 -------- d-----w- C:\Users\XXX\AppData\Local\{D5D6C534-F098-4BDD-B079-1BD595AB6FF9}
2012-03-31 20:25:06 -------- d-----w- C:\Users\XXX\AppData\Local\{F9651828-B7A3-4765-AA57-7BE264A4765A}
2012-03-30 22:56:40 -------- d-----w- C:\Users\XXX\AppData\Local\{01B46221-B7ED-4C5E-82BE-779F5B4F21E2}
2012-03-30 22:56:30 -------- d-----w- C:\Users\XXX\AppData\Local\{C5FFF091-1E57-49C2-A553-4DD01BAE5B90}
2012-03-30 10:54:37 -------- d-----w- C:\Users\XXX\AppData\Local\{256809AE-174F-4E01-A0E1-27B7913A4A14}
2012-03-30 10:54:25 -------- d-----w- C:\Users\XXX\AppData\Local\{15AD4CB8-10CE-445E-97BE-C9C858E64AE1}
2012-03-29 16:18:09 -------- d-----w- C:\Users\XXX\AppData\Local\{5B75F579-A377-485E-83EC-BAB6CF62C1A2}
2012-03-29 00:00:16 -------- d-----w- C:\Users\XXX\AppData\Local\{3CF678AC-F84B-4A00-B4F1-0E8F85F95C18}
2012-03-28 04:46:10 -------- d-----w- C:\Users\XXX\AppData\Local\{C1E62B3F-8A59-4544-94EE-B68E2683507B}
2012-03-27 10:49:50 -------- d-----w- C:\Users\XXX\AppData\Local\{0E141D35-039A-44BD-A6A1-0B9390FB2E4D}
2012-03-26 22:22:15 -------- d-----w- C:\Users\XXX\AppData\Local\{BAEF9A4F-30BC-47C6-8DA4-B5B83DF8634B}
2012-03-26 07:11:07 -------- d-----w- C:\Users\XXX\AppData\Local\{F7F0A583-F6BA-4BF6-9E55-707F349B3671}
2012-03-26 06:54:01 -------- d-----w- C:\Users\XXX\AppData\Local\{22046E88-D95E-4CC6-BB2B-2FC520AF2A35}
2012-03-26 02:50:10 -------- d-----w- C:\Users\XXX\AppData\Local\{B38151AD-B0F6-4A1F-8C29-DD544F7F65B7}
2012-03-25 12:51:59 -------- d-----w- C:\Users\XXX\AppData\Local\{D6887C2B-50AE-4C56-BC02-D91CD56DE7E6}
2012-03-24 22:59:42 -------- d-----w- C:\Users\XXX\AppData\Local\{217C2FCE-C605-4C31-82C7-7D3772CFFAD2}
2012-03-24 08:52:52 -------- d-----w- C:\Users\XXX\AppData\Local\{F0B86BF6-D1C6-496B-85D1-F1FB461F66A3}
2012-03-24 02:03:41 -------- d-----w- C:\Users\XXX\AppData\Local\{D0DCEE60-C899-4A25-9BEC-87B9B7E3378F}
2012-03-24 02:03:31 -------- d-----w- C:\Users\XXX\AppData\Local\{2BA7DE5B-59F5-40C1-9188-24FE1394526C}
2012-03-23 14:03:06 -------- d-----w- C:\Users\XXX\AppData\Local\{5755A3F7-FA34-496C-A5E4-EC0B34532EFC}
2012-03-23 14:02:55 -------- d-----w- C:\Users\XXX\AppData\Local\{F69ECFD8-92C8-4411-BED8-407FFF5ADECA}
2012-03-22 21:35:28 -------- d-----w- C:\Users\XXX\AppData\Local\{AA00995B-6EDF-4A5E-92C5-413B3F4FE89F}
2012-03-22 21:35:17 -------- d-----w- C:\Users\XXX\AppData\Local\{DE34F250-716C-4B10-A1C9-475F9DC40B0B}
2012-03-22 08:59:44 -------- d-----w- C:\Users\XXX\AppData\Local\{5C29353E-D162-4CFB-9C49-A40260B6A993}
2012-03-22 08:59:33 -------- d-----w- C:\Users\XXX\AppData\Local\{135B2B91-E122-474E-8A51-DC2E79EC72F3}
2012-03-21 19:50:07 -------- d-----w- C:\Users\XXX\AppData\Local\{53EA26FE-BA26-4631-B89B-85CED2012FAF}
2012-03-21 19:49:50 -------- d-----w- C:\Users\XXX\AppData\Local\{540C9B3F-A762-4C96-9C26-006B57C05480}
2012-03-20 20:29:47 -------- d-----w- C:\Users\XXX\AppData\Local\{859A44B1-F169-4864-82C6-8BAD08B236C0}
2012-03-20 20:29:34 -------- d-----w- C:\Users\XXX\AppData\Local\{9D80ABF8-6128-427E-A3C6-3048C04F8117}
2012-03-20 08:10:18 -------- d-----w- C:\Users\XXX\AppData\Local\{B1BF5F22-FAC5-4ECB-8869-1FFFF02E1BD1}
2012-03-20 08:10:08 -------- d-----w- C:\Users\XXX\AppData\Local\{CB8951CB-0B9A-40B0-AB26-9AC3AD882EE0}
2012-03-19 18:25:24 -------- d-----w- C:\Users\XXX\AppData\Local\{CDAE02BE-1C23-45FD-8387-0AB03903C8FE}
2012-03-19 18:25:10 -------- d-----w- C:\Users\XXX\AppData\Local\{01419EE9-A965-4F8E-A91E-1D8EF8B4217B}
2012-03-18 19:52:18 -------- d-----w- C:\Users\XXX\AppData\Local\{5A8E6E12-DF88-4F3C-B116-0DB10E57891D}
2012-03-18 19:52:07 -------- d-----w- C:\Users\XXX\AppData\Local\{05E60187-AD55-4E57-927C-81FE37C50EEA}
2012-03-18 07:04:53 -------- d-----w- C:\Users\XXX\AppData\Local\{161A061E-3858-405D-9252-E950CFA28000}
2012-03-17 23:52:24 14592 ----a-w- C:\Windows\System32\drivers\AiCharger.sys
2012-03-17 23:49:04 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 23:49:04 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-17 17:45:12 -------- d-----w- C:\Users\XXX\AppData\Local\{7E86406F-175F-42C5-A26A-785E6D729252}
2012-03-17 17:45:02 -------- d-----w- C:\Users\XXX\AppData\Local\{21C6934C-8D32-44BA-94A7-F1FCFA682E8D}
2012-03-17 05:04:57 -------- d-----w- C:\Users\XXX\AppData\Local\{37BE9BAF-BB09-4141-BC26-C02271CB90E5}
2012-03-17 05:04:46 -------- d-----w- C:\Users\XXX\AppData\Local\{4169DD1B-D9B3-45BD-8A95-BDF94F4D804E}
2012-03-16 16:56:33 -------- d-----w- C:\Users\XXX\AppData\Local\{01FFB377-FE4D-4CED-83D5-FE92B6F8CDF6}
2012-03-16 16:56:18 -------- d-----w- C:\Users\XXX\AppData\Local\{DA0AFF53-998D-494D-9E41-9A907DF136C1}
2012-03-16 04:45:13 -------- d-----w- C:\Users\XXX\AppData\Local\{3F223D2D-8244-4574-981E-9FD1D6C8A011}
2012-03-16 04:45:03 -------- d-----w- C:\Users\XXX\AppData\Local\{61B8F9D5-8C81-417D-93E0-287772946DD8}
2012-03-15 16:36:32 -------- d-----w- C:\Users\XXX\AppData\Local\{4E4890FE-0F03-44F9-8C9B-ADEA2164D0CB}
2012-03-15 16:36:14 -------- d-----w- C:\Users\XXX\AppData\Local\{6FC3E5C5-EBFC-41C1-BEAA-03A0F23E21FA}
2012-03-15 04:37:19 -------- d-----w- C:\Users\XXX\AppData\Local\{86087F88-C079-4D78-9DB3-A7F5989BC3A0}
2012-03-14 15:45:57 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 15:45:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 15:45:55 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 15:40:38 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 15:40:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 15:40:37 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 15:40:36 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 15:40:36 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 15:40:36 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 15:40:36 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 15:40:35 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 15:40:35 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 15:40:35 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 15:36:13 -------- d-----w- C:\Users\XXX\AppData\Local\{A4BACE9E-C79C-4A74-BF53-8ECBA746C8F6}
2012-03-14 15:36:01 -------- d-----w- C:\Users\XXX\AppData\Local\{5355013D-4F15-4B62-93E9-EAB0A0EAFDE1}
2012-03-13 15:50:05 -------- d-----w- C:\Users\XXX\AppData\Local\{43DB2446-C442-42FB-A026-2201F7F92A26}
2012-03-13 15:49:53 -------- d-----w- C:\Users\XXX\AppData\Local\{32541851-6098-4315-A3A1-4E06BE9F7613}
2012-03-12 17:24:51 -------- d-----w- C:\Users\XXX\AppData\Local\{3B3E787C-8F40-4936-A6A5-4AD30A0BA056}
2012-03-12 17:24:39 -------- d-----w- C:\Users\XXX\AppData\Local\{A45BE18D-7FF4-467B-96FA-77332FFA6821}
2012-03-11 18:08:12 -------- d-----w- C:\Users\XXX\AppData\Local\{2AC3E344-8193-492D-8110-3C0D460AE217}
2012-03-11 18:08:02 -------- d-----w- C:\Users\XXX\AppData\Local\{97B69FF3-FF9F-4451-88B3-8CEC0A7F961D}
.
==================== Find3M ====================
.
2012-04-07 03:19:19 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-07 03:19:19 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-07 03:18:36 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-01 19:16:57 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
.
============= FINISH: 18:24:08.22 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:12 PM

Posted 13 April 2012 - 09:26 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 BuBoh

BuBoh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 15 April 2012 - 10:36 PM

Below are the Security Check and ComboFix logs. You wanted me to tell you of any problems I had and how the computer is doing now. I've never had a problem with the computer. The only indication there might be a problem is the email from my ISP telling me I have SDBot_Group_G.



Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
HijackThis 2.0.2
Java™ 6 Update 31
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````



ComboFix 12-04-15.02 - XXX 04/15/2012 19:59:39.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6134.3616 [GMT -7:00]
Running from: c:\users\XXX\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\XXX\AppData\Roaming\Adobe\plugs
c:\users\XXX\AppData\Roaming\Adobe\shed
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-14 02:04 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-04-14 02:00 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-14 01:52 . 2009-08-20 06:50 52568 ----a-w- c:\windows\system32\AdobePDF.dll
2012-04-14 01:20 . 2012-04-14 01:20 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-04-13 11:22 . 2012-04-13 11:22 -------- d-----w- c:\users\XXX\AppData\Local\Intuit
2012-04-13 10:02 . 2012-04-14 12:02 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 09:37 . 2012-04-13 09:37 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-12 05:31 . 2012-04-12 05:31 -------- d-----w- c:\users\Administrator\AppData\Roaming\WTablet
2012-04-12 05:27 . 2012-04-12 05:27 -------- d-----w- c:\users\Terrie Prosper
2012-04-11 02:22 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 02:22 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 02:22 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 02:20 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 02:20 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 02:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 02:20 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 02:20 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 02:20 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 02:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 09:06 . 2012-04-09 09:06 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-09 09:06 . 2012-04-09 09:06 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-01 19:16 . 2012-04-14 12:02 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 04:41 . 2012-04-01 04:42 -------- d-----w- c:\program files\iTunes
2012-04-01 04:41 . 2012-04-01 04:42 -------- d-----w- c:\program files (x86)\iTunes
2012-04-01 04:41 . 2012-04-01 04:41 -------- d-----w- c:\program files\iPod
2012-03-24 08:51 . 2012-03-24 08:51 -------- d-----w- c:\program files\Windows Live
2012-03-17 23:52 . 2010-05-05 23:38 14592 ----a-w- c:\windows\system32\drivers\AiCharger.sys
2012-03-17 23:49 . 2012-03-17 23:49 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 23:49 . 2012-03-17 23:49 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 01:26 . 2010-01-12 01:00 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-16 01:26 . 2010-01-12 00:57 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-16 01:25 . 2010-01-12 00:57 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-14 12:02 . 2011-05-18 17:06 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 09:37 . 2011-07-06 18:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-13 09:35 . 2011-12-13 05:23 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56 . 2011-05-20 07:13 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 06:38 . 2012-03-14 15:40 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 15:40 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 15:40 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 15:40 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-14 15:40 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 15:40 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 15:40 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 15:40 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 15:40 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 15:40 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"wmp12fix"="c:\program files (x86)\WMP12 maximize fix\wmp12fix.exe" [2009-10-31 58368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2010-05-06 251392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files (x86)\Olympus\DeviceDetector\DevDtct2.exe [2010-1-11 118784]
Logo Calibration Loader.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2011-1-29 708608]
ProfileReminder.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2011-1-29 954368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-18 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [x]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-18 135664]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-02-25 19:12 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 12:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-07 11057768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hauntedbay.com/cgi-bin/events/calendar_admin.pl
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\m6zm9rpe.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-04-15 20:11:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-16 03:11
.
Pre-Run: 498,137,378,816 bytes free
Post-Run: 497,927,208,960 bytes free
.
- - End Of File - - 17B99D9DF97966A6310A3D8D85AE4C35

Edited by BuBoh, 16 April 2012 - 02:23 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:12 PM

Posted 15 April 2012 - 10:44 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 BuBoh

BuBoh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 15 April 2012 - 11:53 PM

Here are the logs from tdsskiller.exe and aswMBR.exe.



20:49:34.0741 3804 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:49:35.0219 3804 ============================================================
20:49:35.0219 3804 Current date / time: 2012/04/15 20:49:35.0219
20:49:35.0219 3804 SystemInfo:
20:49:35.0219 3804
20:49:35.0219 3804 OS Version: 6.1.7601 ServicePack: 1.0
20:49:35.0219 3804 Product type: Workstation
20:49:35.0219 3804 ComputerName: XXX
20:49:35.0219 3804 UserName: XXX
20:49:35.0219 3804 Windows directory: C:\Windows
20:49:35.0219 3804 System windows directory: C:\Windows
20:49:35.0219 3804 Running under WOW64
20:49:35.0219 3804 Processor architecture: Intel x64
20:49:35.0219 3804 Number of processors: 8
20:49:35.0219 3804 Page size: 0x1000
20:49:35.0219 3804 Boot type: Normal boot
20:49:35.0219 3804 ============================================================
20:49:36.0103 3804 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:49:36.0568 3804 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:49:36.0590 3804 \Device\Harddisk0\DR0:
20:49:36.0590 3804 MBR used
20:49:36.0590 3804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:49:36.0590 3804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
20:49:36.0590 3804 \Device\Harddisk1\DR1:
20:49:36.0590 3804 MBR used
20:49:36.0590 3804 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
20:49:36.0590 3804 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0xA2286000
20:49:36.0658 3804 Initialize success
20:49:36.0658 3804 ============================================================
20:49:39.0066 2444 ============================================================
20:49:39.0066 2444 Scan started
20:49:39.0066 2444 Mode: Manual;
20:49:39.0066 2444 ============================================================
20:49:39.0876 2444 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:49:39.0878 2444 1394ohci - ok
20:49:39.0924 2444 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:49:39.0927 2444 ACPI - ok
20:49:39.0954 2444 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:49:39.0955 2444 AcpiPmi - ok
20:49:40.0002 2444 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
20:49:40.0003 2444 adfs - ok
20:49:40.0094 2444 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:49:40.0097 2444 AdobeFlashPlayerUpdateSvc - ok
20:49:40.0127 2444 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:49:40.0132 2444 adp94xx - ok
20:49:40.0148 2444 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:49:40.0151 2444 adpahci - ok
20:49:40.0168 2444 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:49:40.0170 2444 adpu320 - ok
20:49:40.0193 2444 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:49:40.0194 2444 AeLookupSvc - ok
20:49:40.0247 2444 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:49:40.0252 2444 AFD - ok
20:49:40.0269 2444 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:49:40.0270 2444 agp440 - ok
20:49:40.0336 2444 AiCharger (254a19686e9c8e1b59ac06b7fd1e753c) C:\Windows\system32\DRIVERS\AiCharger.sys
20:49:40.0337 2444 AiCharger - ok
20:49:40.0348 2444 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:49:40.0349 2444 ALG - ok
20:49:40.0362 2444 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:49:40.0363 2444 aliide - ok
20:49:40.0378 2444 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:49:40.0379 2444 amdide - ok
20:49:40.0390 2444 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:49:40.0391 2444 AmdK8 - ok
20:49:40.0406 2444 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:49:40.0407 2444 AmdPPM - ok
20:49:40.0434 2444 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:49:40.0435 2444 amdsata - ok
20:49:40.0462 2444 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:49:40.0464 2444 amdsbs - ok
20:49:40.0476 2444 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:49:40.0477 2444 amdxata - ok
20:49:40.0507 2444 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:49:40.0508 2444 AppID - ok
20:49:40.0526 2444 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:49:40.0526 2444 AppIDSvc - ok
20:49:40.0567 2444 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:49:40.0568 2444 Appinfo - ok
20:49:40.0638 2444 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:49:40.0639 2444 Apple Mobile Device - ok
20:49:40.0675 2444 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:49:40.0677 2444 AppMgmt - ok
20:49:40.0697 2444 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:49:40.0698 2444 arc - ok
20:49:40.0706 2444 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:49:40.0707 2444 arcsas - ok
20:49:40.0742 2444 AsIO (8065a7659562005127673ac52898675f) C:\Windows\syswow64\drivers\AsIO.sys
20:49:40.0743 2444 AsIO - ok
20:49:40.0762 2444 AsSysCtrlService (e781164c7d47950e3d218c84b2901cb2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
20:49:40.0768 2444 AsSysCtrlService - ok
20:49:40.0785 2444 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:49:40.0786 2444 AsyncMac - ok
20:49:40.0814 2444 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:49:40.0814 2444 atapi - ok
20:49:40.0855 2444 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:49:40.0862 2444 AudioEndpointBuilder - ok
20:49:40.0869 2444 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:49:40.0873 2444 AudioSrv - ok
20:49:40.0914 2444 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:49:40.0914 2444 AVGIDSEH - ok
20:49:41.0001 2444 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
20:49:41.0003 2444 Avgldx64 - ok
20:49:41.0042 2444 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
20:49:41.0043 2444 Avgmfx64 - ok
20:49:41.0091 2444 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
20:49:41.0091 2444 Avgrkx64 - ok
20:49:41.0135 2444 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
20:49:41.0137 2444 Avgtdia - ok
20:49:41.0173 2444 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:49:41.0175 2444 avgwd - ok
20:49:41.0218 2444 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:49:41.0220 2444 AxInstSV - ok
20:49:41.0250 2444 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:49:41.0254 2444 b06bdrv - ok
20:49:41.0276 2444 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:49:41.0279 2444 b57nd60a - ok
20:49:41.0299 2444 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:49:41.0301 2444 BDESVC - ok
20:49:41.0312 2444 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:49:41.0313 2444 Beep - ok
20:49:41.0362 2444 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:49:41.0369 2444 BFE - ok
20:49:41.0409 2444 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:49:41.0417 2444 BITS - ok
20:49:41.0430 2444 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:49:41.0431 2444 blbdrive - ok
20:49:41.0500 2444 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:49:41.0504 2444 Bonjour Service - ok
20:49:41.0520 2444 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:49:41.0521 2444 bowser - ok
20:49:41.0541 2444 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:49:41.0542 2444 BrFiltLo - ok
20:49:41.0558 2444 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:49:41.0559 2444 BrFiltUp - ok
20:49:41.0586 2444 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:49:41.0587 2444 BridgeMP - ok
20:49:41.0616 2444 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:49:41.0618 2444 Browser - ok
20:49:41.0631 2444 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:49:41.0634 2444 Brserid - ok
20:49:41.0648 2444 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:49:41.0649 2444 BrSerWdm - ok
20:49:41.0666 2444 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:49:41.0667 2444 BrUsbMdm - ok
20:49:41.0673 2444 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:49:41.0674 2444 BrUsbSer - ok
20:49:41.0691 2444 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:49:41.0692 2444 BTHMODEM - ok
20:49:41.0714 2444 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:49:41.0715 2444 bthserv - ok
20:49:41.0741 2444 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:49:41.0742 2444 cdfs - ok
20:49:41.0781 2444 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:49:41.0783 2444 cdrom - ok
20:49:41.0830 2444 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:49:41.0831 2444 CertPropSvc - ok
20:49:41.0847 2444 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:49:41.0848 2444 circlass - ok
20:49:41.0862 2444 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:49:41.0866 2444 CLFS - ok
20:49:41.0914 2444 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:49:41.0915 2444 clr_optimization_v2.0.50727_32 - ok
20:49:41.0952 2444 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:49:41.0954 2444 clr_optimization_v2.0.50727_64 - ok
20:49:42.0021 2444 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:49:42.0022 2444 clr_optimization_v4.0.30319_32 - ok
20:49:42.0080 2444 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:49:42.0082 2444 clr_optimization_v4.0.30319_64 - ok
20:49:42.0098 2444 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:49:42.0098 2444 CmBatt - ok
20:49:42.0127 2444 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:49:42.0128 2444 cmdide - ok
20:49:42.0158 2444 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:49:42.0162 2444 CNG - ok
20:49:42.0172 2444 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:49:42.0173 2444 Compbatt - ok
20:49:42.0202 2444 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:49:42.0203 2444 CompositeBus - ok
20:49:42.0217 2444 COMSysApp - ok
20:49:42.0224 2444 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:49:42.0226 2444 crcdisk - ok
20:49:42.0264 2444 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:49:42.0266 2444 CryptSvc - ok
20:49:42.0298 2444 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:49:42.0303 2444 CSC - ok
20:49:42.0344 2444 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:49:42.0350 2444 CscService - ok
20:49:42.0370 2444 CYUSB (8ec96b753727b380089d66d4ab5869df) C:\Windows\system32\Drivers\CYUSB.sys
20:49:42.0371 2444 CYUSB - ok
20:49:42.0408 2444 DAdderFltr (5bc67f1efb6b1d039b151cf7353ec742) C:\Windows\system32\drivers\dadder.sys
20:49:42.0409 2444 DAdderFltr - ok
20:49:42.0454 2444 danewFltr (003626f7ca17c204f16cd5047af0703a) C:\Windows\system32\drivers\danew.sys
20:49:42.0455 2444 danewFltr - ok
20:49:42.0472 2444 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:49:42.0478 2444 DcomLaunch - ok
20:49:42.0503 2444 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:49:42.0506 2444 defragsvc - ok
20:49:42.0531 2444 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:49:42.0533 2444 DfsC - ok
20:49:42.0561 2444 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:49:42.0564 2444 Dhcp - ok
20:49:42.0579 2444 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:49:42.0580 2444 discache - ok
20:49:42.0597 2444 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:49:42.0598 2444 Disk - ok
20:49:42.0624 2444 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:49:42.0626 2444 Dnscache - ok
20:49:42.0667 2444 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:49:42.0670 2444 dot3svc - ok
20:49:42.0708 2444 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:49:42.0710 2444 DPS - ok
20:49:42.0744 2444 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:49:42.0745 2444 drmkaud - ok
20:49:42.0791 2444 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:49:42.0796 2444 DXGKrnl - ok
20:49:42.0807 2444 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:49:42.0809 2444 EapHost - ok
20:49:42.0867 2444 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:49:42.0917 2444 ebdrv - ok
20:49:42.0946 2444 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:49:42.0947 2444 EFS - ok
20:49:43.0007 2444 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:49:43.0014 2444 ehRecvr - ok
20:49:43.0029 2444 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:49:43.0031 2444 ehSched - ok
20:49:43.0054 2444 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:49:43.0060 2444 elxstor - ok
20:49:43.0090 2444 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:49:43.0091 2444 ErrDev - ok
20:49:43.0115 2444 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:49:43.0119 2444 EventSystem - ok
20:49:43.0137 2444 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:49:43.0139 2444 exfat - ok
20:49:43.0179 2444 EyeOneDisplay (a33e0921d0c256e348e0f6d66c77b7f7) C:\Windows\system32\Drivers\i1display_x64.sys
20:49:43.0179 2444 EyeOneDisplay - ok
20:49:43.0190 2444 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:49:43.0193 2444 fastfat - ok
20:49:43.0245 2444 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:49:43.0252 2444 Fax - ok
20:49:43.0262 2444 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:49:43.0263 2444 fdc - ok
20:49:43.0275 2444 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:49:43.0276 2444 fdPHost - ok
20:49:43.0289 2444 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:49:43.0290 2444 FDResPub - ok
20:49:43.0302 2444 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:49:43.0302 2444 FileInfo - ok
20:49:43.0319 2444 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:49:43.0320 2444 Filetrace - ok
20:49:43.0398 2444 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:49:43.0404 2444 FLEXnet Licensing Service - ok
20:49:43.0416 2444 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:49:43.0417 2444 flpydisk - ok
20:49:43.0451 2444 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:49:43.0453 2444 FltMgr - ok
20:49:43.0498 2444 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:49:43.0508 2444 FontCache - ok
20:49:43.0560 2444 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:49:43.0562 2444 FontCache3.0.0.0 - ok
20:49:43.0573 2444 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:49:43.0574 2444 FsDepends - ok
20:49:43.0604 2444 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:49:43.0604 2444 Fs_Rec - ok
20:49:43.0644 2444 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:49:43.0646 2444 fvevol - ok
20:49:43.0656 2444 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:49:43.0658 2444 gagp30kx - ok
20:49:43.0693 2444 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:49:43.0694 2444 GEARAspiWDM - ok
20:49:43.0780 2444 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
20:49:43.0781 2444 getPlusHelper - ok
20:49:43.0818 2444 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:49:43.0826 2444 gpsvc - ok
20:49:43.0856 2444 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:49:43.0858 2444 gupdate - ok
20:49:43.0861 2444 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:49:43.0862 2444 gupdatem - ok
20:49:43.0878 2444 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:49:43.0879 2444 hcw85cir - ok
20:49:43.0928 2444 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:49:43.0932 2444 HdAudAddService - ok
20:49:43.0960 2444 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:49:43.0962 2444 HDAudBus - ok
20:49:43.0977 2444 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:49:43.0978 2444 HidBatt - ok
20:49:43.0993 2444 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:49:43.0994 2444 HidBth - ok
20:49:44.0001 2444 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:49:44.0002 2444 HidIr - ok
20:49:44.0025 2444 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:49:44.0026 2444 hidserv - ok
20:49:44.0046 2444 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:49:44.0047 2444 HidUsb - ok
20:49:44.0074 2444 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:49:44.0076 2444 hkmsvc - ok
20:49:44.0103 2444 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:49:44.0106 2444 HomeGroupListener - ok
20:49:44.0136 2444 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:49:44.0139 2444 HomeGroupProvider - ok
20:49:44.0154 2444 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:49:44.0155 2444 HpSAMD - ok
20:49:44.0204 2444 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:49:44.0211 2444 HTTP - ok
20:49:44.0242 2444 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:49:44.0243 2444 hwpolicy - ok
20:49:44.0275 2444 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:49:44.0276 2444 i8042prt - ok
20:49:44.0309 2444 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:49:44.0314 2444 iaStorV - ok
20:49:44.0357 2444 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:49:44.0366 2444 idsvc - ok
20:49:44.0377 2444 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:49:44.0378 2444 iirsp - ok
20:49:44.0413 2444 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:49:44.0421 2444 IKEEXT - ok
20:49:44.0507 2444 IntcAzAudAddService (f5872a11eb4f6db170d636cd4e53ca9f) C:\Windows\system32\drivers\RTKVHD64.sys
20:49:44.0518 2444 IntcAzAudAddService - ok
20:49:44.0535 2444 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:49:44.0536 2444 intelide - ok
20:49:44.0568 2444 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:49:44.0568 2444 intelppm - ok
20:49:44.0665 2444 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
20:49:44.0666 2444 IntuitUpdateServiceV4 - ok
20:49:44.0692 2444 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:49:44.0693 2444 IPBusEnum - ok
20:49:44.0717 2444 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:49:44.0718 2444 IpFilterDriver - ok
20:49:44.0758 2444 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:49:44.0764 2444 iphlpsvc - ok
20:49:44.0789 2444 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:49:44.0790 2444 IPMIDRV - ok
20:49:44.0806 2444 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:49:44.0808 2444 IPNAT - ok
20:49:44.0857 2444 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:49:44.0866 2444 iPod Service - ok
20:49:44.0889 2444 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:49:44.0890 2444 IRENUM - ok
20:49:44.0900 2444 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:49:44.0901 2444 isapnp - ok
20:49:44.0932 2444 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:49:44.0936 2444 iScsiPrt - ok
20:49:44.0954 2444 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:49:44.0955 2444 kbdclass - ok
20:49:44.0985 2444 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:49:44.0985 2444 kbdhid - ok
20:49:45.0012 2444 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:49:45.0013 2444 KeyIso - ok
20:49:45.0024 2444 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:49:45.0025 2444 KSecDD - ok
20:49:45.0039 2444 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:49:45.0041 2444 KSecPkg - ok
20:49:45.0052 2444 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:49:45.0053 2444 ksthunk - ok
20:49:45.0083 2444 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:49:45.0087 2444 KtmRm - ok
20:49:45.0101 2444 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:49:45.0104 2444 LanmanServer - ok
20:49:45.0138 2444 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:49:45.0140 2444 LanmanWorkstation - ok
20:49:45.0211 2444 LightScribeService (9dbafd6106ee59d548aa1b0c144799ef) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:49:45.0212 2444 LightScribeService - ok
20:49:45.0225 2444 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:49:45.0226 2444 lltdio - ok
20:49:45.0248 2444 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:49:45.0252 2444 lltdsvc - ok
20:49:45.0261 2444 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:49:45.0262 2444 lmhosts - ok
20:49:45.0281 2444 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:49:45.0283 2444 LSI_FC - ok
20:49:45.0296 2444 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:49:45.0298 2444 LSI_SAS - ok
20:49:45.0311 2444 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:49:45.0312 2444 LSI_SAS2 - ok
20:49:45.0329 2444 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:49:45.0331 2444 LSI_SCSI - ok
20:49:45.0356 2444 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:49:45.0357 2444 luafv - ok
20:49:45.0386 2444 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:49:45.0387 2444 Mcx2Svc - ok
20:49:45.0399 2444 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:49:45.0400 2444 megasas - ok
20:49:45.0415 2444 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:49:45.0418 2444 MegaSR - ok
20:49:45.0434 2444 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:49:45.0436 2444 MMCSS - ok
20:49:45.0454 2444 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:49:45.0455 2444 Modem - ok
20:49:45.0485 2444 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:49:45.0485 2444 monitor - ok
20:49:45.0513 2444 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:49:45.0513 2444 mouclass - ok
20:49:45.0549 2444 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:49:45.0550 2444 mouhid - ok
20:49:45.0578 2444 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:49:45.0579 2444 mountmgr - ok
20:49:45.0610 2444 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:49:45.0612 2444 mpio - ok
20:49:45.0627 2444 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:49:45.0628 2444 mpsdrv - ok
20:49:45.0664 2444 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:49:45.0672 2444 MpsSvc - ok
20:49:45.0708 2444 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:49:45.0710 2444 MRxDAV - ok
20:49:45.0746 2444 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:49:45.0748 2444 mrxsmb - ok
20:49:45.0782 2444 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:49:45.0785 2444 mrxsmb10 - ok
20:49:45.0799 2444 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:49:45.0800 2444 mrxsmb20 - ok
20:49:45.0813 2444 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:49:45.0814 2444 msahci - ok
20:49:45.0836 2444 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:49:45.0838 2444 msdsm - ok
20:49:45.0855 2444 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:49:45.0858 2444 MSDTC - ok
20:49:45.0874 2444 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:49:45.0875 2444 Msfs - ok
20:49:45.0889 2444 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:49:45.0890 2444 mshidkmdf - ok
20:49:45.0915 2444 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:49:45.0915 2444 msisadrv - ok
20:49:45.0949 2444 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:49:45.0951 2444 MSiSCSI - ok
20:49:45.0956 2444 msiserver - ok
20:49:45.0981 2444 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:49:45.0982 2444 MSKSSRV - ok
20:49:46.0008 2444 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:49:46.0009 2444 MSPCLOCK - ok
20:49:46.0025 2444 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:49:46.0025 2444 MSPQM - ok
20:49:46.0065 2444 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:49:46.0068 2444 MsRPC - ok
20:49:46.0084 2444 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:49:46.0084 2444 mssmbios - ok
20:49:46.0098 2444 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:49:46.0098 2444 MSTEE - ok
20:49:46.0111 2444 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:49:46.0112 2444 MTConfig - ok
20:49:46.0145 2444 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
20:49:46.0146 2444 MTsensor - ok
20:49:46.0170 2444 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:49:46.0171 2444 Mup - ok
20:49:46.0207 2444 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:49:46.0212 2444 napagent - ok
20:49:46.0232 2444 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:49:46.0235 2444 NativeWifiP - ok
20:49:46.0259 2444 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:49:46.0268 2444 NDIS - ok
20:49:46.0294 2444 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:49:46.0295 2444 NdisCap - ok
20:49:46.0313 2444 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:49:46.0313 2444 NdisTapi - ok
20:49:46.0349 2444 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:49:46.0350 2444 Ndisuio - ok
20:49:46.0381 2444 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:49:46.0383 2444 NdisWan - ok
20:49:46.0406 2444 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:49:46.0407 2444 NDProxy - ok
20:49:46.0417 2444 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:49:46.0418 2444 NetBIOS - ok
20:49:46.0447 2444 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:49:46.0450 2444 NetBT - ok
20:49:46.0479 2444 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:49:46.0480 2444 Netlogon - ok
20:49:46.0517 2444 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:49:46.0521 2444 Netman - ok
20:49:46.0538 2444 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:49:46.0543 2444 netprofm - ok
20:49:46.0585 2444 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:49:46.0587 2444 NetTcpPortSharing - ok
20:49:46.0599 2444 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:49:46.0601 2444 nfrd960 - ok
20:49:46.0627 2444 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:49:46.0631 2444 NlaSvc - ok
20:49:46.0699 2444 NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
20:49:46.0706 2444 NMIndexingService - ok
20:49:46.0723 2444 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:49:46.0724 2444 Npfs - ok
20:49:46.0735 2444 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:49:46.0736 2444 nsi - ok
20:49:46.0747 2444 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:49:46.0748 2444 nsiproxy - ok
20:49:46.0799 2444 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:49:46.0813 2444 Ntfs - ok
20:49:46.0829 2444 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:49:46.0830 2444 Null - ok
20:49:47.0046 2444 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:49:47.0098 2444 nvlddmkm - ok
20:49:47.0134 2444 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:49:47.0136 2444 nvraid - ok
20:49:47.0164 2444 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:49:47.0166 2444 nvstor - ok
20:49:47.0228 2444 NVSvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
20:49:47.0248 2444 NVSvc - ok
20:49:47.0275 2444 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:49:47.0277 2444 nv_agp - ok
20:49:47.0378 2444 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:49:47.0383 2444 odserv - ok
20:49:47.0417 2444 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:49:47.0418 2444 ohci1394 - ok
20:49:47.0451 2444 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:49:47.0453 2444 ose - ok
20:49:47.0470 2444 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:49:47.0474 2444 p2pimsvc - ok
20:49:47.0489 2444 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:49:47.0494 2444 p2psvc - ok
20:49:47.0509 2444 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:49:47.0511 2444 Parport - ok
20:49:47.0538 2444 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:49:47.0538 2444 partmgr - ok
20:49:47.0553 2444 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:49:47.0556 2444 PcaSvc - ok
20:49:47.0570 2444 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:49:47.0571 2444 pci - ok
20:49:47.0586 2444 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:49:47.0586 2444 pciide - ok
20:49:47.0601 2444 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:49:47.0603 2444 pcmcia - ok
20:49:47.0617 2444 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:49:47.0617 2444 pcw - ok
20:49:47.0637 2444 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:49:47.0643 2444 PEAUTH - ok
20:49:47.0679 2444 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:49:47.0692 2444 PeerDistSvc - ok
20:49:47.0736 2444 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:49:47.0738 2444 PerfHost - ok
20:49:47.0791 2444 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:49:47.0804 2444 pla - ok
20:49:47.0839 2444 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:49:47.0844 2444 PlugPlay - ok
20:49:47.0865 2444 PnkBstrA - ok
20:49:47.0880 2444 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:49:47.0881 2444 PNRPAutoReg - ok
20:49:47.0903 2444 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:49:47.0905 2444 PNRPsvc - ok
20:49:47.0933 2444 Point64 (a6d06378f37bdba0c0019294c2aabbd0) C:\Windows\system32\DRIVERS\point64k.sys
20:49:47.0934 2444 Point64 - ok
20:49:47.0958 2444 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:49:47.0963 2444 PolicyAgent - ok
20:49:47.0978 2444 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:49:47.0980 2444 Power - ok
20:49:48.0021 2444 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:49:48.0023 2444 PptpMiniport - ok
20:49:48.0049 2444 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:49:48.0051 2444 Processor - ok
20:49:48.0069 2444 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:49:48.0071 2444 ProfSvc - ok
20:49:48.0104 2444 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:49:48.0105 2444 ProtectedStorage - ok
20:49:48.0133 2444 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:49:48.0135 2444 Psched - ok
20:49:48.0168 2444 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:49:48.0168 2444 PxHlpa64 - ok
20:49:48.0207 2444 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:49:48.0221 2444 ql2300 - ok
20:49:48.0242 2444 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:49:48.0243 2444 ql40xx - ok
20:49:48.0257 2444 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:49:48.0260 2444 QWAVE - ok
20:49:48.0267 2444 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:49:48.0268 2444 QWAVEdrv - ok
20:49:48.0281 2444 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:49:48.0282 2444 RasAcd - ok
20:49:48.0302 2444 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:49:48.0303 2444 RasAgileVpn - ok
20:49:48.0315 2444 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:49:48.0317 2444 RasAuto - ok
20:49:48.0346 2444 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:49:48.0348 2444 Rasl2tp - ok
20:49:48.0380 2444 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:49:48.0384 2444 RasMan - ok
20:49:48.0397 2444 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:49:48.0399 2444 RasPppoe - ok
20:49:48.0411 2444 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:49:48.0413 2444 RasSstp - ok
20:49:48.0446 2444 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:49:48.0450 2444 rdbss - ok
20:49:48.0467 2444 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:49:48.0468 2444 rdpbus - ok
20:49:48.0478 2444 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:49:48.0479 2444 RDPCDD - ok
20:49:48.0509 2444 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:49:48.0512 2444 RDPDR - ok
20:49:48.0534 2444 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:49:48.0535 2444 RDPENCDD - ok
20:49:48.0552 2444 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:49:48.0552 2444 RDPREFMP - ok
20:49:48.0582 2444 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:49:48.0585 2444 RDPWD - ok
20:49:48.0623 2444 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:49:48.0625 2444 rdyboost - ok
20:49:48.0647 2444 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:49:48.0649 2444 RemoteAccess - ok
20:49:48.0668 2444 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:49:48.0671 2444 RemoteRegistry - ok
20:49:48.0699 2444 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:49:48.0700 2444 RpcEptMapper - ok
20:49:48.0732 2444 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:49:48.0733 2444 RpcLocator - ok
20:49:48.0773 2444 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:49:48.0776 2444 RpcSs - ok
20:49:48.0789 2444 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:49:48.0790 2444 rspndr - ok
20:49:48.0837 2444 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:49:48.0840 2444 RTL8167 - ok
20:49:48.0867 2444 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:49:48.0868 2444 s3cap - ok
20:49:48.0896 2444 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:49:48.0897 2444 SamSs - ok
20:49:48.0925 2444 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:49:48.0926 2444 sbp2port - ok
20:49:48.0948 2444 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:49:48.0951 2444 SCardSvr - ok
20:49:48.0967 2444 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:49:48.0968 2444 scfilter - ok
20:49:49.0003 2444 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:49:49.0014 2444 Schedule - ok
20:49:49.0038 2444 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:49:49.0039 2444 SCPolicySvc - ok
20:49:49.0075 2444 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:49:49.0078 2444 SDRSVC - ok
20:49:49.0108 2444 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:49:49.0109 2444 secdrv - ok
20:49:49.0142 2444 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:49:49.0144 2444 seclogon - ok
20:49:49.0155 2444 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:49:49.0156 2444 SENS - ok
20:49:49.0164 2444 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:49:49.0166 2444 SensrSvc - ok
20:49:49.0183 2444 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:49:49.0184 2444 Serenum - ok
20:49:49.0198 2444 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:49:49.0200 2444 Serial - ok
20:49:49.0215 2444 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:49:49.0216 2444 sermouse - ok
20:49:49.0248 2444 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:49:49.0250 2444 SessionEnv - ok
20:49:49.0277 2444 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:49:49.0278 2444 sffdisk - ok
20:49:49.0291 2444 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:49:49.0292 2444 sffp_mmc - ok
20:49:49.0304 2444 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:49:49.0305 2444 sffp_sd - ok
20:49:49.0320 2444 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:49:49.0320 2444 sfloppy - ok
20:49:49.0354 2444 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:49:49.0358 2444 SharedAccess - ok
20:49:49.0383 2444 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:49:49.0388 2444 ShellHWDetection - ok
20:49:49.0406 2444 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:49:49.0407 2444 SiSRaid2 - ok
20:49:49.0418 2444 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:49:49.0420 2444 SiSRaid4 - ok
20:49:49.0444 2444 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:49:49.0446 2444 Smb - ok
20:49:49.0461 2444 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:49:49.0463 2444 SNMPTRAP - ok
20:49:49.0473 2444 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:49:49.0473 2444 spldr - ok
20:49:49.0507 2444 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:49:49.0513 2444 Spooler - ok
20:49:49.0585 2444 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:49:49.0636 2444 sppsvc - ok
20:49:49.0651 2444 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:49:49.0653 2444 sppuinotify - ok
20:49:49.0684 2444 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:49:49.0689 2444 srv - ok
20:49:49.0725 2444 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:49:49.0729 2444 srv2 - ok
20:49:49.0747 2444 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:49:49.0749 2444 srvnet - ok
20:49:49.0771 2444 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:49:49.0774 2444 SSDPSRV - ok
20:49:49.0790 2444 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:49:49.0791 2444 SstpSvc - ok
20:49:49.0874 2444 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:49:49.0877 2444 Stereo Service - ok
20:49:49.0896 2444 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:49:49.0897 2444 stexstor - ok
20:49:49.0951 2444 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:49:49.0957 2444 stisvc - ok
20:49:49.0989 2444 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:49:49.0989 2444 storflt - ok
20:49:50.0018 2444 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:49:50.0019 2444 StorSvc - ok
20:49:50.0042 2444 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:49:50.0043 2444 storvsc - ok
20:49:50.0059 2444 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:49:50.0059 2444 swenum - ok
20:49:50.0148 2444 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:49:50.0154 2444 SwitchBoard - ok
20:49:50.0176 2444 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:49:50.0182 2444 swprv - ok
20:49:50.0229 2444 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:49:50.0248 2444 SysMain - ok
20:49:50.0287 2444 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:49:50.0289 2444 TabletInputService - ok
20:49:50.0400 2444 TabletServiceWacom (c0255d8e3abe790694927624603f8f10) C:\Windows\system32\Wacom_Tablet.exe
20:49:50.0485 2444 TabletServiceWacom - ok
20:49:50.0513 2444 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:49:50.0517 2444 TapiSrv - ok
20:49:50.0528 2444 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:49:50.0530 2444 TBS - ok
20:49:50.0584 2444 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:49:50.0615 2444 Tcpip - ok
20:49:50.0638 2444 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:49:50.0646 2444 TCPIP6 - ok
20:49:50.0684 2444 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:49:50.0685 2444 tcpipreg - ok
20:49:50.0711 2444 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:49:50.0712 2444 TDPIPE - ok
20:49:50.0741 2444 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:49:50.0742 2444 TDTCP - ok
20:49:50.0790 2444 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:49:50.0792 2444 tdx - ok
20:49:50.0823 2444 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:49:50.0824 2444 TermDD - ok
20:49:50.0846 2444 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:49:50.0853 2444 TermService - ok
20:49:50.0865 2444 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:49:50.0866 2444 Themes - ok
20:49:50.0901 2444 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:49:50.0902 2444 THREADORDER - ok
20:49:50.0917 2444 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:49:50.0919 2444 TrkWks - ok
20:49:50.0954 2444 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:49:50.0957 2444 TrustedInstaller - ok
20:49:50.0990 2444 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:49:50.0991 2444 tssecsrv - ok
20:49:51.0024 2444 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:49:51.0025 2444 TsUsbFlt - ok
20:49:51.0057 2444 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:49:51.0058 2444 tunnel - ok
20:49:51.0076 2444 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:49:51.0077 2444 uagp35 - ok
20:49:51.0107 2444 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:49:51.0111 2444 udfs - ok
20:49:51.0136 2444 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:49:51.0138 2444 UI0Detect - ok
20:49:51.0157 2444 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:49:51.0159 2444 uliagpkx - ok
20:49:51.0189 2444 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:49:51.0190 2444 umbus - ok
20:49:51.0219 2444 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:49:51.0220 2444 UmPass - ok
20:49:51.0238 2444 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:49:51.0241 2444 UmRdpService - ok
20:49:51.0254 2444 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:49:51.0259 2444 upnphost - ok
20:49:51.0302 2444 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:49:51.0303 2444 USBAAPL64 - ok
20:49:51.0332 2444 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:49:51.0334 2444 usbccgp - ok
20:49:51.0373 2444 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:49:51.0374 2444 usbcir - ok
20:49:51.0403 2444 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:49:51.0404 2444 usbehci - ok
20:49:51.0445 2444 UsbFltr (68bad03835873d4bbbde95cbb135a395) C:\Windows\system32\Drivers\UsbFltr.sys
20:49:51.0446 2444 UsbFltr - ok
20:49:51.0485 2444 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:49:51.0491 2444 usbhub - ok
20:49:51.0505 2444 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:49:51.0506 2444 usbohci - ok
20:49:51.0519 2444 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:49:51.0520 2444 usbprint - ok
20:49:51.0544 2444 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:49:51.0545 2444 USBSTOR - ok
20:49:51.0576 2444 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
20:49:51.0577 2444 usbuhci - ok
20:49:51.0588 2444 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:49:51.0589 2444 UxSms - ok
20:49:51.0621 2444 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:49:51.0622 2444 VaultSvc - ok
20:49:51.0652 2444 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:49:51.0652 2444 vdrvroot - ok
20:49:51.0687 2444 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:49:51.0693 2444 vds - ok
20:49:51.0699 2444 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:49:51.0700 2444 vga - ok
20:49:51.0716 2444 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:49:51.0717 2444 VgaSave - ok
20:49:51.0732 2444 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:49:51.0735 2444 vhdmp - ok
20:49:51.0785 2444 vhidmini (1161acff728d97f75d74d2f1465f8a46) C:\Windows\system32\DRIVERS\vHidDev.sys
20:49:51.0786 2444 vhidmini - ok
20:49:51.0797 2444 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:49:51.0798 2444 viaide - ok
20:49:51.0829 2444 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:49:51.0831 2444 vmbus - ok
20:49:51.0853 2444 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:49:51.0854 2444 VMBusHID - ok
20:49:51.0885 2444 VNUSB (3f63fa4a5d8a7c1b1a87e342569fba53) C:\Windows\system32\Drivers\VNUSB.sys
20:49:51.0886 2444 VNUSB - ok
20:49:51.0901 2444 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:49:51.0902 2444 volmgr - ok
20:49:51.0938 2444 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:49:51.0942 2444 volmgrx - ok
20:49:51.0958 2444 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:49:51.0961 2444 volsnap - ok
20:49:51.0987 2444 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:49:51.0989 2444 vsmraid - ok
20:49:52.0043 2444 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:49:52.0063 2444 VSS - ok
20:49:52.0079 2444 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:49:52.0080 2444 vwifibus - ok
20:49:52.0111 2444 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:49:52.0115 2444 W32Time - ok
20:49:52.0166 2444 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
20:49:52.0166 2444 wacommousefilter - ok
20:49:52.0180 2444 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:49:52.0181 2444 WacomPen - ok
20:49:52.0216 2444 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
20:49:52.0217 2444 wacomvhid - ok
20:49:52.0232 2444 WacomVKHid - ok
20:49:52.0780 2444 wampapache (5cf6e9a685199445fee02fe8c191c9ba) e:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
20:49:52.0790 2444 wampapache - ok
20:49:52.0847 2444 wampmysqld - ok
20:49:52.0873 2444 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:49:52.0874 2444 WANARP - ok
20:49:52.0876 2444 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:49:52.0877 2444 Wanarpv6 - ok
20:49:52.0951 2444 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:49:52.0963 2444 WatAdminSvc - ok
20:49:53.0008 2444 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:49:53.0029 2444 wbengine - ok
20:49:53.0050 2444 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:49:53.0053 2444 WbioSrvc - ok
20:49:53.0081 2444 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:49:53.0085 2444 wcncsvc - ok
20:49:53.0099 2444 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:49:53.0101 2444 WcsPlugInService - ok
20:49:53.0118 2444 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:49:53.0119 2444 Wd - ok
20:49:53.0144 2444 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:49:53.0150 2444 Wdf01000 - ok
20:49:53.0165 2444 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:49:53.0167 2444 WdiServiceHost - ok
20:49:53.0169 2444 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:49:53.0171 2444 WdiSystemHost - ok
20:49:53.0201 2444 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:49:53.0205 2444 WebClient - ok
20:49:53.0219 2444 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:49:53.0223 2444 Wecsvc - ok
20:49:53.0235 2444 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:49:53.0237 2444 wercplsupport - ok
20:49:53.0256 2444 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:49:53.0258 2444 WerSvc - ok
20:49:53.0280 2444 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:49:53.0281 2444 WfpLwf - ok
20:49:53.0298 2444 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:49:53.0299 2444 WIMMount - ok
20:49:53.0330 2444 WinDefend - ok
20:49:53.0333 2444 WinHttpAutoProxySvc - ok
20:49:53.0381 2444 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:49:53.0383 2444 Winmgmt - ok
20:49:53.0440 2444 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:49:53.0468 2444 WinRM - ok
20:49:53.0511 2444 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:49:53.0512 2444 WinUsb - ok
20:49:53.0538 2444 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:49:53.0547 2444 Wlansvc - ok
20:49:53.0624 2444 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:49:53.0653 2444 wlidsvc - ok
20:49:53.0670 2444 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:49:53.0671 2444 WmiAcpi - ok
20:49:53.0684 2444 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:49:53.0686 2444 wmiApSrv - ok
20:49:53.0688 2444 WMPNetworkSvc - ok
20:49:53.0705 2444 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:49:53.0707 2444 WPCSvc - ok
20:49:53.0743 2444 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:49:53.0746 2444 WPDBusEnum - ok
20:49:53.0779 2444 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:49:53.0780 2444 ws2ifsl - ok
20:49:53.0790 2444 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:49:53.0792 2444 wscsvc - ok
20:49:53.0797 2444 WSearch - ok
20:49:53.0860 2444 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:49:53.0889 2444 wuauserv - ok
20:49:53.0917 2444 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:49:53.0918 2444 WudfPf - ok
20:49:53.0933 2444 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:49:53.0935 2444 WUDFRd - ok
20:49:53.0961 2444 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:49:53.0963 2444 wudfsvc - ok
20:49:53.0977 2444 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:49:53.0981 2444 WwanSvc - ok
20:49:53.0994 2444 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:49:54.0036 2444 \Device\Harddisk0\DR0 - ok
20:49:54.0038 2444 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:49:54.0040 2444 \Device\Harddisk1\DR1 - ok
20:49:54.0041 2444 Boot (0x1200) (c968a0db2e2468f00f2b1f8211910240) \Device\Harddisk0\DR0\Partition0
20:49:54.0042 2444 \Device\Harddisk0\DR0\Partition0 - ok
20:49:54.0044 2444 Boot (0x1200) (105e97eed09f7c7c2cd271ecd6ea61ab) \Device\Harddisk0\DR0\Partition1
20:49:54.0045 2444 \Device\Harddisk0\DR0\Partition1 - ok
20:49:54.0046 2444 Boot (0x1200) (cc22e4895983d00be6e178d7d3340ff5) \Device\Harddisk1\DR1\Partition0
20:49:54.0047 2444 \Device\Harddisk1\DR1\Partition0 - ok
20:49:54.0049 2444 Boot (0x1200) (2b01cb6c9065a516f305cb5e8a4e7ce5) \Device\Harddisk1\DR1\Partition1
20:49:54.0050 2444 \Device\Harddisk1\DR1\Partition1 - ok
20:49:54.0050 2444 ============================================================
20:49:54.0050 2444 Scan finished
20:49:54.0050 2444 ============================================================
20:49:54.0055 3180 Detected object count: 0
20:49:54.0055 3180 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-15 21:03:11
-----------------------------
21:03:11.439 OS Version: Windows x64 6.1.7601 Service Pack 1
21:03:11.439 Number of processors: 8 586 0x1A05
21:03:11.439 ComputerName: XXX UserName:
21:03:12.945 Initialize success
21:03:15.964 AVAST engine defs: 12041502
21:03:17.303 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
21:03:17.304 Disk 0 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610480MB BusType: 3
21:03:17.306 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
21:03:17.307 Disk 1 Vendor: WDC_WD15EADS-00P8B0 01.00A01 Size: 1430799MB BusType: 3
21:03:17.323 Disk 0 MBR read successfully
21:03:17.325 Disk 0 MBR scan
21:03:17.327 Disk 0 Windows 7 default MBR code
21:03:17.331 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:03:17.341 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 610378 MB offset 206848
21:03:17.359 Disk 0 scanning C:\Windows\system32\drivers
21:03:29.258 Service scanning
21:03:43.546 Modules scanning
21:03:43.551 Disk 0 trace - called modules:
21:03:43.562 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:03:43.565 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006536790]
21:03:43.569 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80062e1520]
21:03:43.572 5 ACPI.sys[fffff88000edd7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80062f3060]
21:03:45.643 AVAST engine scan C:\Windows
21:03:56.539 AVAST engine scan C:\Windows\system32
21:06:08.460 AVAST engine scan C:\Windows\system32\drivers
21:06:17.352 AVAST engine scan C:\Users\XXX
21:44:52.256 AVAST engine scan C:\ProgramData
21:47:53.357 Scan finished successfully
21:48:47.578 Disk 0 MBR has been saved successfully to "C:\Users\XXX\Desktop\MBR.dat"
21:48:47.582 The log file has been saved successfully to "C:\Users\XXX\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:12 PM

Posted 16 April 2012 - 12:01 AM

Hello


So far the reports have been very clean.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 BuBoh

BuBoh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 16 April 2012 - 12:34 AM

Here is the CFScript/ComboFix log.


ComboFix 12-04-15.02 - XXX 04/15/2012 22:12:10.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6134.3662 [GMT -7:00]
Running from: c:\users\XXX\Desktop\Bot\ComboFix.exe
Command switches used :: c:\users\XXX\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 05:18 . 2012-04-16 05:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 05:18 . 2012-04-16 05:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-14 02:04 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-04-14 02:00 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-14 01:52 . 2009-08-20 06:50 52568 ----a-w- c:\windows\system32\AdobePDF.dll
2012-04-14 01:20 . 2012-04-14 01:20 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-04-13 11:22 . 2012-04-13 11:22 -------- d-----w- c:\users\XXX\AppData\Local\Intuit
2012-04-13 10:02 . 2012-04-14 12:02 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 09:37 . 2012-04-13 09:37 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-12 05:31 . 2012-04-12 05:31 -------- d-----w- c:\users\Administrator\AppData\Roaming\WTablet
2012-04-12 05:27 . 2012-04-12 05:27 -------- d-----w- c:\users\Terrie Prosper
2012-04-11 02:22 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 02:22 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 02:22 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 02:20 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 02:20 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 02:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 02:20 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 02:20 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 02:20 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 02:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 09:06 . 2012-04-09 09:06 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-09 09:06 . 2012-04-09 09:06 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-01 19:16 . 2012-04-14 12:02 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-01 04:41 . 2012-04-01 04:42 -------- d-----w- c:\program files\iTunes
2012-04-01 04:41 . 2012-04-01 04:42 -------- d-----w- c:\program files (x86)\iTunes
2012-04-01 04:41 . 2012-04-01 04:41 -------- d-----w- c:\program files\iPod
2012-03-24 08:51 . 2012-03-24 08:51 -------- d-----w- c:\program files\Windows Live
2012-03-17 23:52 . 2010-05-05 23:38 14592 ----a-w- c:\windows\system32\drivers\AiCharger.sys
2012-03-17 23:49 . 2012-03-17 23:49 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 23:49 . 2012-03-17 23:49 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 01:26 . 2010-01-12 01:00 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-16 01:26 . 2010-01-12 00:57 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-16 01:25 . 2010-01-12 00:57 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-14 12:02 . 2011-05-18 17:06 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 09:37 . 2011-07-06 18:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-13 09:35 . 2011-12-13 05:23 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56 . 2011-05-20 07:13 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 06:38 . 2012-03-14 15:40 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 15:40 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 15:40 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 15:40 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-14 15:40 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 15:40 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 15:40 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 15:40 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 15:40 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 15:40 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-16_03.06.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-05 09:27 . 2012-04-16 05:21 61332 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-16 05:21 35184 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-05 08:16 . 2012-04-16 05:21 22548 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-312784936-3239082608-1059334260-1001_UserData.bin
- 2010-03-29 00:36 . 2012-04-16 03:06 13505 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
+ 2010-03-29 00:36 . 2012-04-16 05:20 13505 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
+ 2012-04-16 05:20 . 2012-04-16 05:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-16 03:06 . 2012-04-16 03:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-16 03:06 . 2012-04-16 03:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-16 05:20 . 2012-04-16 05:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-15 15:54 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-16 03:21 624162 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-15 15:54 106538 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-16 03:21 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-16 03:05 380572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-16 05:19 380572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-12-05 08:55 . 2012-04-16 03:05 64094792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-312784936-3239082608-1059334260-1001-8192.dat
+ 2009-12-05 08:55 . 2012-04-16 05:19 64094792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-312784936-3239082608-1059334260-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"wmp12fix"="c:\program files (x86)\WMP12 maximize fix\wmp12fix.exe" [2009-10-31 58368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2010-05-06 251392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files (x86)\Olympus\DeviceDetector\DevDtct2.exe [2010-1-11 118784]
Logo Calibration Loader.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2011-1-29 708608]
ProfileReminder.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2011-1-29 954368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-18 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [x]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-18 135664]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-02-25 19:12 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 12:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-07 11057768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hauntedbay.com/cgi-bin/events/calendar_admin.pl
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\m6zm9rpe.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-04-15 22:25:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-16 05:25
ComboFix2.txt 2012-04-16 03:11
.
Pre-Run: 498,430,455,808 bytes free
Post-Run: 498,468,491,264 bytes free
.
- - End Of File - - 2866B3F56B9DA5F968E500A98A5B09E9

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:12 PM

Posted 16 April 2012 - 12:40 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 29
Vuze
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 BuBoh

BuBoh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 16 April 2012 - 01:12 AM

Here are the logs for Malwarebytes and Hijackthis.



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
XXX :: XXX [administrator]

4/15/2012 11:05:04 PM
mbam-log-2012-04-15 (23-05-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244801
Time elapsed: 1 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:02 PM, on 4/15/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\WMP12 maximize fix\wmp12fix.exe
C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\HijackThis\HijackThis.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.XXX.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [wmp12fix] C:\Program Files (x86)\WMP12 maximize fix\wmp12fix.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - e:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - e:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10352 bytes

Edited by BuBoh, 16 April 2012 - 02:22 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:12 PM

Posted 16 April 2012 - 01:21 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [wmp12fix] C:\Program Files (x86)\WMP12 maximize fix\wmp12fix.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 BuBoh

BuBoh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 16 April 2012 - 05:07 PM

I meant to ask, when you said, "These logs are looking allot better.", what did you mean? What did you see in the previous logs?

The ESET Online scanner (which took 3.5 hours to complete) didn't find anything (0 threats) and wouldn't let me copy the results it showed.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:12 PM

Posted 16 April 2012 - 09:10 PM

Hello


I didn't see anything in the reports to be concerned with at all




:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 BuBoh

BuBoh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 16 April 2012 - 10:45 PM

Programs removed. Thanks for the help. You can close this thread.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:12 PM

Posted 16 April 2012 - 10:56 PM

you are more than welcome
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 BuBoh

BuBoh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 17 April 2012 - 07:08 PM

I've noticed a problem since cleaning up after all the scans. Now when I start the computer. I get an open file security warning and have to give permission for .lnk files opened during startup and through the start menu. I don't get a warning when using a desktop icon or taskbar.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users