Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google link hijacker virus - Sigh


  • This topic is locked This topic is locked
30 replies to this topic

#1 Saturn-V

Saturn-V

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 13 April 2012 - 10:17 AM

After a day of denial and confusion, I have concluded that I have contracted the Google link hijack virus. AVG Business edition, running continuously on the machine, did not prevent the infection. Malwarebytes did not find anything wrong in a Quick Scan, but it did issue an IP-BLOCK on address 95.110.194.92 requested by iexplore.exe after clicking on a couple of different search results out of Google.

Any advice on next steps would be appreciated!

Attached Files



BC AdBot (Login to Remove)

 


#2 Saturn-V

Saturn-V
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 13 April 2012 - 10:54 AM

DDS output attached: Attached File  Attach.txt   15.38KB   1 downloads Attached File  DDS.txt   15.71KB   1 downloads

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 PM

Posted 13 April 2012 - 03:19 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Saturn-V

Saturn-V
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 14 April 2012 - 11:50 AM

Hello Gringo, I really appreciate your help. Here is the security check result. I will post combofix when it finishes.

Results of screen317's Security Check version 0.99.32
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 9.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Java version out of date!
Adobe Reader X 10.1.0 Adobe Reader out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE
Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe
``````````End of Log````````````

#5 Saturn-V

Saturn-V
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 14 April 2012 - 12:05 PM

Combofix result:

ComboFix 12-04-14.02 - doug.brower 04/14/2012 12:53:37.2.4 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3070.1214 [GMT -4:00]
Running from: c:\tmp\ComboFix.exe
AV: AVG Anti-Virus Business Edition *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Business Edition *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\doug.brower\AppData\Roaming\Microsoft\Windows\Recent\ProSecure_UTM_vs_Cisco_ASA_Sales_Sheet.url
c:\users\doug.brower\g2mdlhlpx.exe
c:\users\doug.brower\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 17:02 . 2012-04-14 17:02 -------- d-----w- c:\users\test\AppData\Local\temp
2012-04-14 17:02 . 2012-04-14 17:02 -------- d-----w- c:\users\DOUG~1~BRO\AppData\Local\temp
2012-04-14 17:02 . 2012-04-14 17:02 -------- d-----w- c:\users\Doug\AppData\Local\temp
2012-04-14 17:02 . 2012-04-14 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 17:02 . 2012-04-14 17:02 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-14 17:02 . 2012-04-14 17:02 -------- d-----w- c:\users\Administrator.000\AppData\Local\temp
2012-04-13 14:32 . 2012-04-13 14:32 -------- d-----w- c:\program files\Malwarebytes
2012-04-13 14:30 . 2012-04-13 14:30 -------- d-----w- c:\users\doug.brower\AppData\Roaming\Malwarebytes
2012-04-13 14:30 . 2012-04-13 14:30 -------- d-----w- c:\programdata\Malwarebytes
2012-04-13 14:30 . 2012-04-13 14:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-13 14:30 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-12 14:57 . 2012-04-12 14:57 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-12 14:55 . 2012-03-28 17:47 -------- d-----w- c:\users\doug.brower\AppData\Roaming\IsolatedStorage
2012-04-12 14:43 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 14:43 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 14:43 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 14:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 14:43 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 14:43 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 13:05 . 2012-04-10 13:05 -------- d-----w- c:\users\doug.brower\AppData\Local\Dropbox
2012-04-09 13:18 . 2012-04-09 13:29 -------- d-----w- c:\users\doug.brower\AppData\Roaming\Download Manager
2012-04-03 13:45 . 2012-04-13 14:48 -------- d-----r- c:\users\doug.brower\Dropbox
2012-04-03 13:43 . 2012-04-14 16:46 -------- d-----w- c:\users\doug.brower\AppData\Roaming\Dropbox
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-21 16:23 . 2012-04-10 14:43 -------- d-----w- c:\users\doug.brower\AppData\Local\CutePDF Writer
2012-03-21 16:22 . 2012-03-21 16:22 -------- d-----w- c:\program files\GPLGS
2012-03-21 16:21 . 2012-03-11 18:55 88656 ----a-w- c:\windows\system32\cpwmon2k.dll
2012-03-21 16:21 . 2012-03-21 16:21 -------- d-----w- c:\program files\Acro Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 14:41 . 2011-08-29 19:19 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-04-12 14:57 . 2011-05-24 16:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 05:34 . 2012-03-14 01:36 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34 . 2012-03-14 01:36 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 01:36 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 01:36 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-14 01:39 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54 . 2012-03-14 01:39 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32 . 2012-03-14 01:36 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 01:36 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 01:36 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-01-24 20:37 . 2010-07-20 10:09 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\doug.brower\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\doug.brower\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\doug.brower\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\doug.brower\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"="c:\users\doug.brower\AppData\Local\Dropbox\wrqjekzr.dll" [2011-11-28 398560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"SignIn"="c:\program files\Microsoft Online Services\Sign In\SignIn.exe" [2010-03-10 1734512]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-01-27 12065056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-09 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes\mbamgui.exe" [2012-04-04 462408]
.
c:\users\doug.brower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2010-1-26 1897952]
Dropbox.lnk - c:\users\doug.brower\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
NAS Scheduler.lnk - c:\program files\BUFFALO\NASNAVI\nassche.exe [2011-3-30 206128]
Password Safe.lnk - c:\program files\Password Safe\pwsafe.exe [2010-7-26 2568192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2011-3-24 3702784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4080096407-1022283047-3953473556-1362\Scripts\Logon\0\0]
"Script"=map_drives.vbs
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 253600]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [2007-09-04 55664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-23 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2011-03-22 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2011-03-22 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-06 243152]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2011-03-22 308136]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-19 22504]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2011-06-02 198520]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes\mbamservice.exe [2012-04-04 654408]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-09-28 1589152]
S2 NasPmService;NAS PM Service;c:\program files\BUFFALO\NASNAVI\nassvc.exe [2009-05-15 251184]
S2 RDSAnalyzerService;RDSAnalyzerService;c:\program files\RDS Application Compatibility Analyzer\TSAnalyzerService.exe [2009-06-15 7168]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-06-01 609904]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PWTCYPOC
*NewlyCreated* - WS2IFSL
*Deregistered* - pwtcypoc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 14:57]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4080096407-1022283047-3953473556-1362Core.job
- c:\users\doug.brower\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 18:29]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4080096407-1022283047-3953473556-1362UA.job
- c:\users\doug.brower\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 18:29]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 192.168.61.2
DPF: {7B62F6EE-D046-11D3-9C5E-0060082627F7} - hxxps://securemail.efirstbank.com/messenger/download/TWDownload.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-14 13:04:56
ComboFix-quarantined-files.txt 2012-04-14 17:04
ComboFix2.txt 2012-04-13 14:17
.
Pre-Run: 19,394,486,272 bytes free
Post-Run: 19,272,663,040 bytes free
.
- - End Of File - - 4D4438447A8D09FF18ECCC13C29EAD35

#6 Saturn-V

Saturn-V
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 14 April 2012 - 02:33 PM

Presently, the browser seems to working correctly. I'm not getting diverted to unexpected locations when I click through the bing or google search results.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 PM

Posted 14 April 2012 - 03:44 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Saturn-V

Saturn-V
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 16 April 2012 - 01:03 AM

02:01:59.0911 7620 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
02:02:00.0341 7620 ============================================================
02:02:00.0341 7620 Current date / time: 2012/04/16 02:02:00.0341
02:02:00.0342 7620 SystemInfo:
02:02:00.0342 7620
02:02:00.0342 7620 OS Version: 6.1.7601 ServicePack: 1.0
02:02:00.0342 7620 Product type: Workstation
02:02:00.0342 7620 ComputerName: ZMFS-DOUG
02:02:00.0342 7620 UserName: doug.brower
02:02:00.0342 7620 Windows directory: C:\Windows
02:02:00.0342 7620 System windows directory: C:\Windows
02:02:00.0342 7620 Processor architecture: Intel x86
02:02:00.0342 7620 Number of processors: 4
02:02:00.0342 7620 Page size: 0x1000
02:02:00.0342 7620 Boot type: Normal boot
02:02:00.0342 7620 ============================================================
02:02:01.0568 7620 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:02:01.0593 7620 Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:02:01.0791 7620 \Device\Harddisk0\DR0:
02:02:01.0791 7620 MBR used
02:02:01.0791 7620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x94E3276
02:02:01.0791 7620 \Device\Harddisk1\DR1:
02:02:01.0918 7620 MBR used
02:02:01.0918 7620 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3EC1, BlocksNum 0x94FAAFC
02:02:02.0198 7620 Initialize success
02:02:02.0198 7620 ============================================================
02:02:05.0325 6232 ============================================================
02:02:05.0325 6232 Scan started
02:02:05.0325 6232 Mode: Manual;
02:02:05.0325 6232 ============================================================
02:02:06.0292 6232 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
02:02:06.0295 6232 1394ohci - ok
02:02:06.0346 6232 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
02:02:06.0350 6232 ACPI - ok
02:02:06.0452 6232 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
02:02:06.0453 6232 AcpiPmi - ok
02:02:06.0545 6232 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
02:02:06.0546 6232 AdobeARMservice - ok
02:02:06.0687 6232 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:02:06.0691 6232 AdobeFlashPlayerUpdateSvc - ok
02:02:06.0761 6232 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
02:02:06.0767 6232 adp94xx - ok
02:02:06.0845 6232 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
02:02:06.0849 6232 adpahci - ok
02:02:06.0906 6232 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
02:02:06.0908 6232 adpu320 - ok
02:02:06.0939 6232 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
02:02:06.0941 6232 AeLookupSvc - ok
02:02:07.0036 6232 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
02:02:07.0041 6232 AFD - ok
02:02:07.0084 6232 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
02:02:07.0085 6232 agp440 - ok
02:02:07.0122 6232 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
02:02:07.0123 6232 aic78xx - ok
02:02:07.0221 6232 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
02:02:07.0223 6232 ALG - ok
02:02:07.0283 6232 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
02:02:07.0284 6232 aliide - ok
02:02:07.0374 6232 AMD External Events Utility (ebccbcbf1df132e4775e5d6e6dea3ed0) C:\Windows\system32\atiesrxx.exe
02:02:07.0376 6232 AMD External Events Utility - ok
02:02:07.0402 6232 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
02:02:07.0404 6232 amdagp - ok
02:02:07.0417 6232 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
02:02:07.0418 6232 amdide - ok
02:02:07.0494 6232 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
02:02:07.0496 6232 AmdK8 - ok
02:02:07.0760 6232 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
02:02:07.0920 6232 amdkmdag - ok
02:02:08.0025 6232 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
02:02:08.0028 6232 amdkmdap - ok
02:02:08.0072 6232 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
02:02:08.0073 6232 AmdPPM - ok
02:02:08.0166 6232 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
02:02:08.0167 6232 amdsata - ok
02:02:08.0197 6232 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
02:02:08.0199 6232 amdsbs - ok
02:02:08.0222 6232 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
02:02:08.0223 6232 amdxata - ok
02:02:08.0264 6232 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
02:02:08.0266 6232 AppID - ok
02:02:08.0364 6232 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
02:02:08.0366 6232 AppIDSvc - ok
02:02:08.0405 6232 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
02:02:08.0406 6232 Appinfo - ok
02:02:08.0481 6232 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
02:02:08.0484 6232 AppMgmt - ok
02:02:08.0543 6232 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
02:02:08.0544 6232 arc - ok
02:02:08.0557 6232 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
02:02:08.0559 6232 arcsas - ok
02:02:08.0679 6232 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
02:02:08.0680 6232 aspnet_state - ok
02:02:08.0758 6232 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
02:02:08.0759 6232 AsyncMac - ok
02:02:08.0817 6232 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
02:02:08.0818 6232 atapi - ok
02:02:09.0024 6232 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
02:02:09.0066 6232 atikmdag - ok
02:02:09.0156 6232 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
02:02:09.0163 6232 AudioEndpointBuilder - ok
02:02:09.0174 6232 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
02:02:09.0178 6232 Audiosrv - ok
02:02:09.0266 6232 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
02:02:09.0269 6232 avg9wd - ok
02:02:09.0356 6232 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
02:02:09.0360 6232 AvgLdx86 - ok
02:02:09.0421 6232 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\system32\Drivers\avgmfx86.sys
02:02:09.0422 6232 AvgMfx86 - ok
02:02:09.0452 6232 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
02:02:09.0453 6232 AvgRkx86 - ok
02:02:09.0538 6232 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\system32\Drivers\avgtdix.sys
02:02:09.0542 6232 AvgTdiX - ok
02:02:09.0575 6232 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
02:02:09.0577 6232 AxInstSV - ok
02:02:09.0734 6232 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
02:02:09.0740 6232 b06bdrv - ok
02:02:09.0836 6232 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
02:02:09.0840 6232 b57nd60x - ok
02:02:09.0892 6232 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
02:02:09.0893 6232 BDESVC - ok
02:02:10.0061 6232 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
02:02:10.0075 6232 Beep - ok
02:02:10.0304 6232 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
02:02:10.0310 6232 BFE - ok
02:02:10.0344 6232 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
02:02:10.0352 6232 BITS - ok
02:02:10.0433 6232 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
02:02:10.0434 6232 blbdrive - ok
02:02:10.0474 6232 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
02:02:10.0476 6232 bowser - ok
02:02:10.0499 6232 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:02:10.0500 6232 BrFiltLo - ok
02:02:10.0518 6232 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:02:10.0519 6232 BrFiltUp - ok
02:02:10.0624 6232 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
02:02:10.0625 6232 BridgeMP - ok
02:02:10.0678 6232 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
02:02:10.0680 6232 Browser - ok
02:02:10.0709 6232 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
02:02:10.0712 6232 Brserid - ok
02:02:10.0856 6232 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
02:02:10.0857 6232 BrSerWdm - ok
02:02:10.0904 6232 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:02:10.0905 6232 BrUsbMdm - ok
02:02:10.0912 6232 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
02:02:10.0913 6232 BrUsbSer - ok
02:02:10.0935 6232 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
02:02:10.0936 6232 BTHMODEM - ok
02:02:11.0016 6232 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
02:02:11.0017 6232 bthserv - ok
02:02:11.0132 6232 catchme - ok
02:02:11.0229 6232 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
02:02:11.0231 6232 cdfs - ok
02:02:11.0304 6232 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
02:02:11.0306 6232 cdrom - ok
02:02:11.0391 6232 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
02:02:11.0392 6232 CertPropSvc - ok
02:02:11.0450 6232 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
02:02:11.0451 6232 circlass - ok
02:02:11.0513 6232 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
02:02:11.0516 6232 CLFS - ok
02:02:11.0613 6232 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:02:11.0615 6232 clr_optimization_v2.0.50727_32 - ok
02:02:11.0701 6232 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:02:11.0703 6232 clr_optimization_v4.0.30319_32 - ok
02:02:11.0795 6232 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
02:02:11.0796 6232 CmBatt - ok
02:02:11.0834 6232 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
02:02:11.0834 6232 cmdide - ok
02:02:11.0866 6232 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
02:02:11.0871 6232 CNG - ok
02:02:11.0964 6232 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
02:02:11.0965 6232 Compbatt - ok
02:02:11.0999 6232 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
02:02:12.0000 6232 CompositeBus - ok
02:02:12.0022 6232 COMSysApp - ok
02:02:12.0127 6232 cpuz135 (6bada94085b6709694f8327c211d12e1) C:\Windows\system32\drivers\cpuz135_x32.sys
02:02:12.0128 6232 cpuz135 - ok
02:02:12.0166 6232 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
02:02:12.0167 6232 crcdisk - ok
02:02:12.0274 6232 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
02:02:12.0276 6232 CryptSvc - ok
02:02:12.0324 6232 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
02:02:12.0329 6232 CSC - ok
02:02:12.0354 6232 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
02:02:12.0361 6232 CscService - ok
02:02:12.0430 6232 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
02:02:12.0434 6232 DcomLaunch - ok
02:02:12.0467 6232 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
02:02:12.0470 6232 defragsvc - ok
02:02:12.0522 6232 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
02:02:12.0524 6232 DfsC - ok
02:02:12.0623 6232 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
02:02:12.0626 6232 Dhcp - ok
02:02:12.0665 6232 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
02:02:12.0666 6232 discache - ok
02:02:12.0746 6232 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
02:02:12.0747 6232 Disk - ok
02:02:12.0776 6232 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
02:02:12.0778 6232 Dnscache - ok
02:02:12.0807 6232 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
02:02:12.0811 6232 dot3svc - ok
02:02:12.0847 6232 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
02:02:12.0849 6232 DPS - ok
02:02:12.0966 6232 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
02:02:12.0966 6232 drmkaud - ok
02:02:13.0016 6232 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
02:02:13.0024 6232 DXGKrnl - ok
02:02:13.0061 6232 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
02:02:13.0063 6232 EapHost - ok
02:02:13.0217 6232 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
02:02:13.0249 6232 ebdrv - ok
02:02:13.0325 6232 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
02:02:13.0326 6232 EFS - ok
02:02:13.0384 6232 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
02:02:13.0391 6232 ehRecvr - ok
02:02:13.0420 6232 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
02:02:13.0421 6232 ehSched - ok
02:02:13.0520 6232 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
02:02:13.0525 6232 elxstor - ok
02:02:13.0557 6232 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
02:02:13.0558 6232 ErrDev - ok
02:02:13.0663 6232 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
02:02:13.0667 6232 EventSystem - ok
02:02:13.0713 6232 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
02:02:13.0715 6232 exfat - ok
02:02:13.0742 6232 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
02:02:13.0745 6232 fastfat - ok
02:02:13.0818 6232 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
02:02:13.0825 6232 Fax - ok
02:02:13.0904 6232 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
02:02:13.0905 6232 fdc - ok
02:02:13.0953 6232 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
02:02:13.0954 6232 fdPHost - ok
02:02:13.0966 6232 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
02:02:13.0967 6232 FDResPub - ok
02:02:13.0983 6232 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
02:02:13.0984 6232 FileInfo - ok
02:02:14.0050 6232 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
02:02:14.0051 6232 Filetrace - ok
02:02:14.0087 6232 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
02:02:14.0088 6232 flpydisk - ok
02:02:14.0121 6232 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
02:02:14.0124 6232 FltMgr - ok
02:02:14.0164 6232 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
02:02:14.0174 6232 FontCache - ok
02:02:14.0283 6232 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
02:02:14.0284 6232 FontCache3.0.0.0 - ok
02:02:14.0364 6232 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
02:02:14.0366 6232 FsDepends - ok
02:02:14.0402 6232 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
02:02:14.0403 6232 Fs_Rec - ok
02:02:14.0443 6232 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
02:02:14.0446 6232 fvevol - ok
02:02:14.0541 6232 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:02:14.0542 6232 gagp30kx - ok
02:02:14.0596 6232 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
02:02:14.0604 6232 gpsvc - ok
02:02:14.0671 6232 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
02:02:14.0673 6232 gusvc - ok
02:02:14.0781 6232 hcmon (1c51e9db4a24c4a6b7ad5be4bc4b19a6) C:\Windows\system32\drivers\hcmon.sys
02:02:14.0782 6232 hcmon - ok
02:02:14.0834 6232 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
02:02:14.0835 6232 hcw85cir - ok
02:02:14.0881 6232 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
02:02:14.0885 6232 HdAudAddService - ok
02:02:14.0961 6232 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
02:02:14.0963 6232 HDAudBus - ok
02:02:14.0995 6232 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
02:02:14.0996 6232 HidBatt - ok
02:02:15.0017 6232 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
02:02:15.0018 6232 HidBth - ok
02:02:15.0054 6232 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
02:02:15.0055 6232 HidIr - ok
02:02:15.0141 6232 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
02:02:15.0142 6232 hidserv - ok
02:02:15.0201 6232 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
02:02:15.0202 6232 HidUsb - ok
02:02:15.0314 6232 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
02:02:15.0316 6232 hkmsvc - ok
02:02:15.0341 6232 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
02:02:15.0344 6232 HomeGroupListener - ok
02:02:15.0376 6232 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
02:02:15.0379 6232 HomeGroupProvider - ok
02:02:15.0434 6232 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
02:02:15.0435 6232 HpSAMD - ok
02:02:15.0532 6232 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
02:02:15.0538 6232 HTTP - ok
02:02:15.0569 6232 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
02:02:15.0570 6232 hwpolicy - ok
02:02:15.0627 6232 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
02:02:15.0628 6232 i8042prt - ok
02:02:15.0716 6232 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
02:02:15.0720 6232 iaStorV - ok
02:02:15.0818 6232 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:02:15.0828 6232 idsvc - ok
02:02:15.0940 6232 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
02:02:15.0941 6232 iirsp - ok
02:02:15.0998 6232 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
02:02:16.0007 6232 IKEEXT - ok
02:02:16.0095 6232 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
02:02:16.0096 6232 intelide - ok
02:02:16.0133 6232 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
02:02:16.0134 6232 intelppm - ok
02:02:16.0170 6232 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
02:02:16.0172 6232 IPBusEnum - ok
02:02:16.0250 6232 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:02:16.0252 6232 IpFilterDriver - ok
02:02:16.0298 6232 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
02:02:16.0305 6232 iphlpsvc - ok
02:02:16.0336 6232 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
02:02:16.0337 6232 IPMIDRV - ok
02:02:16.0386 6232 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
02:02:16.0388 6232 IPNAT - ok
02:02:16.0451 6232 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
02:02:16.0452 6232 IRENUM - ok
02:02:16.0473 6232 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
02:02:16.0474 6232 isapnp - ok
02:02:16.0507 6232 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
02:02:16.0510 6232 iScsiPrt - ok
02:02:16.0620 6232 JuniperAccessService (645841265252f0f8bf64b7d6d1a22d06) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
02:02:16.0621 6232 JuniperAccessService - ok
02:02:16.0719 6232 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
02:02:16.0720 6232 kbdclass - ok
02:02:16.0748 6232 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
02:02:16.0749 6232 kbdhid - ok
02:02:16.0774 6232 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:02:16.0775 6232 KeyIso - ok
02:02:16.0812 6232 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
02:02:16.0813 6232 KSecDD - ok
02:02:16.0885 6232 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
02:02:16.0887 6232 KSecPkg - ok
02:02:16.0927 6232 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
02:02:16.0932 6232 KtmRm - ok
02:02:16.0967 6232 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
02:02:16.0971 6232 LanmanServer - ok
02:02:17.0056 6232 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
02:02:17.0059 6232 LanmanWorkstation - ok
02:02:17.0127 6232 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
02:02:17.0128 6232 lltdio - ok
02:02:17.0164 6232 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
02:02:17.0167 6232 lltdsvc - ok
02:02:17.0236 6232 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
02:02:17.0238 6232 lmhosts - ok
02:02:17.0303 6232 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:02:17.0304 6232 LSI_FC - ok
02:02:17.0318 6232 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:02:17.0319 6232 LSI_SAS - ok
02:02:17.0391 6232 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:02:17.0392 6232 LSI_SAS2 - ok
02:02:17.0408 6232 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:02:17.0409 6232 LSI_SCSI - ok
02:02:17.0460 6232 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
02:02:17.0461 6232 luafv - ok
02:02:17.0554 6232 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
02:02:17.0555 6232 MBAMProtector - ok
02:02:17.0611 6232 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes\mbamservice.exe
02:02:17.0615 6232 MBAMService - ok
02:02:17.0692 6232 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
02:02:17.0694 6232 Mcx2Svc - ok
02:02:17.0755 6232 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
02:02:17.0756 6232 megasas - ok
02:02:17.0804 6232 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
02:02:17.0807 6232 MegaSR - ok
02:02:17.0883 6232 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
02:02:17.0885 6232 MMCSS - ok
02:02:17.0932 6232 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
02:02:17.0933 6232 Modem - ok
02:02:17.0968 6232 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
02:02:17.0969 6232 monitor - ok
02:02:18.0057 6232 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
02:02:18.0058 6232 mouclass - ok
02:02:18.0106 6232 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
02:02:18.0107 6232 mouhid - ok
02:02:18.0159 6232 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
02:02:18.0160 6232 mountmgr - ok
02:02:18.0220 6232 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
02:02:18.0222 6232 mpio - ok
02:02:18.0265 6232 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
02:02:18.0266 6232 mpsdrv - ok
02:02:18.0318 6232 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
02:02:18.0325 6232 MpsSvc - ok
02:02:18.0400 6232 MQAC (a5888c609efcc07b060dd823fa3d474a) C:\Windows\system32\drivers\mqac.sys
02:02:18.0403 6232 MQAC - ok
02:02:18.0434 6232 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
02:02:18.0436 6232 MRxDAV - ok
02:02:18.0493 6232 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:02:18.0496 6232 mrxsmb - ok
02:02:18.0566 6232 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:02:18.0569 6232 mrxsmb10 - ok
02:02:18.0582 6232 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:02:18.0584 6232 mrxsmb20 - ok
02:02:18.0618 6232 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
02:02:18.0619 6232 msahci - ok
02:02:18.0662 6232 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
02:02:18.0665 6232 msdsm - ok
02:02:18.0749 6232 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
02:02:18.0752 6232 MSDTC - ok
02:02:18.0821 6232 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
02:02:18.0822 6232 Msfs - ok
02:02:18.0886 6232 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
02:02:18.0886 6232 mshidkmdf - ok
02:02:18.0916 6232 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
02:02:18.0917 6232 msisadrv - ok
02:02:18.0965 6232 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
02:02:18.0968 6232 MSiSCSI - ok
02:02:19.0044 6232 msiserver - ok
02:02:19.0103 6232 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
02:02:19.0103 6232 MSKSSRV - ok
02:02:19.0171 6232 MSMQ (e582b9e88ef4980c3b76276620fe667b) C:\Windows\system32\mqsvc.exe
02:02:19.0172 6232 MSMQ - ok
02:02:19.0308 6232 msoidsvc (49aab9d55319db55a7d36167656d412a) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
02:02:19.0317 6232 msoidsvc - ok
02:02:19.0424 6232 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
02:02:19.0425 6232 MSPCLOCK - ok
02:02:19.0449 6232 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
02:02:19.0450 6232 MSPQM - ok
02:02:19.0469 6232 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
02:02:19.0471 6232 MsRPC - ok
02:02:19.0499 6232 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
02:02:19.0500 6232 mssmbios - ok
02:02:19.0592 6232 MSSQL$SQLEXPRESS - ok
02:02:19.0634 6232 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
02:02:19.0635 6232 MSSQLServerADHelper - ok
02:02:19.0734 6232 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
02:02:19.0735 6232 MSTEE - ok
02:02:19.0922 6232 msvsmon90 (70e994d23895df6b1ee1e70145299fcf) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
02:02:19.0959 6232 msvsmon90 - ok
02:02:20.0053 6232 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
02:02:20.0054 6232 MTConfig - ok
02:02:20.0075 6232 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
02:02:20.0077 6232 Mup - ok
02:02:20.0107 6232 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
02:02:20.0112 6232 napagent - ok
02:02:20.0188 6232 NasPmService - ok
02:02:20.0277 6232 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
02:02:20.0281 6232 NativeWifiP - ok
02:02:20.0326 6232 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
02:02:20.0330 6232 NDIS - ok
02:02:20.0361 6232 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
02:02:20.0371 6232 NdisCap - ok
02:02:20.0446 6232 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
02:02:20.0447 6232 NdisTapi - ok
02:02:20.0478 6232 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
02:02:20.0480 6232 Ndisuio - ok
02:02:20.0505 6232 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
02:02:20.0507 6232 NdisWan - ok
02:02:20.0533 6232 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
02:02:20.0535 6232 NDProxy - ok
02:02:20.0634 6232 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
02:02:20.0636 6232 NetBIOS - ok
02:02:20.0671 6232 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
02:02:20.0674 6232 NetBT - ok
02:02:20.0698 6232 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:02:20.0699 6232 Netlogon - ok
02:02:20.0797 6232 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
02:02:20.0802 6232 Netman - ok
02:02:20.0876 6232 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:02:20.0879 6232 NetMsmqActivator - ok
02:02:20.0893 6232 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:02:20.0895 6232 NetPipeActivator - ok
02:02:20.0983 6232 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
02:02:20.0989 6232 netprofm - ok
02:02:21.0068 6232 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:02:21.0069 6232 NetTcpActivator - ok
02:02:21.0074 6232 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:02:21.0076 6232 NetTcpPortSharing - ok
02:02:21.0180 6232 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
02:02:21.0181 6232 nfrd960 - ok
02:02:21.0229 6232 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
02:02:21.0233 6232 NlaSvc - ok
02:02:21.0251 6232 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
02:02:21.0252 6232 Npfs - ok
02:02:21.0283 6232 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
02:02:21.0285 6232 nsi - ok
02:02:21.0380 6232 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
02:02:21.0381 6232 nsiproxy - ok
02:02:21.0435 6232 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
02:02:21.0442 6232 Ntfs - ok
02:02:21.0460 6232 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
02:02:21.0461 6232 Null - ok
02:02:21.0547 6232 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
02:02:21.0548 6232 nvraid - ok
02:02:21.0564 6232 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
02:02:21.0566 6232 nvstor - ok
02:02:21.0592 6232 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
02:02:21.0594 6232 nv_agp - ok
02:02:21.0714 6232 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:02:21.0719 6232 odserv - ok
02:02:21.0816 6232 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
02:02:21.0818 6232 ohci1394 - ok
02:02:21.0898 6232 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:02:21.0901 6232 ose - ok
02:02:21.0989 6232 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
02:02:21.0994 6232 p2pimsvc - ok
02:02:22.0014 6232 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
02:02:22.0020 6232 p2psvc - ok
02:02:22.0056 6232 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
02:02:22.0057 6232 Parport - ok
02:02:22.0136 6232 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
02:02:22.0137 6232 partmgr - ok
02:02:22.0163 6232 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
02:02:22.0164 6232 Parvdm - ok
02:02:22.0195 6232 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
02:02:22.0199 6232 PcaSvc - ok
02:02:22.0240 6232 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
02:02:22.0242 6232 pci - ok
02:02:22.0311 6232 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
02:02:22.0312 6232 pciide - ok
02:02:22.0358 6232 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
02:02:22.0360 6232 pcmcia - ok
02:02:22.0394 6232 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
02:02:22.0395 6232 pcw - ok
02:02:22.0470 6232 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
02:02:22.0477 6232 PEAUTH - ok
02:02:22.0537 6232 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
02:02:22.0549 6232 PeerDistSvc - ok
02:02:22.0682 6232 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
02:02:22.0701 6232 pla - ok
02:02:22.0753 6232 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
02:02:22.0758 6232 PlugPlay - ok
02:02:22.0829 6232 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
02:02:22.0831 6232 PNRPAutoReg - ok
02:02:22.0848 6232 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
02:02:22.0850 6232 PNRPsvc - ok
02:02:22.0894 6232 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
02:02:22.0899 6232 PolicyAgent - ok
02:02:22.0981 6232 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
02:02:22.0984 6232 Power - ok
02:02:23.0042 6232 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
02:02:23.0044 6232 PptpMiniport - ok
02:02:23.0070 6232 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
02:02:23.0072 6232 Processor - ok
02:02:23.0146 6232 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
02:02:23.0149 6232 ProfSvc - ok
02:02:23.0173 6232 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:02:23.0175 6232 ProtectedStorage - ok
02:02:23.0246 6232 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
02:02:23.0247 6232 Psched - ok
02:02:23.0320 6232 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
02:02:23.0335 6232 ql2300 - ok
02:02:23.0402 6232 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
02:02:23.0404 6232 ql40xx - ok
02:02:23.0451 6232 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
02:02:23.0455 6232 QWAVE - ok
02:02:23.0492 6232 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
02:02:23.0493 6232 QWAVEdrv - ok
02:02:23.0562 6232 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
02:02:23.0563 6232 RasAcd - ok
02:02:23.0626 6232 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:02:23.0628 6232 RasAgileVpn - ok
02:02:23.0654 6232 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
02:02:23.0657 6232 RasAuto - ok
02:02:23.0725 6232 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:02:23.0727 6232 Rasl2tp - ok
02:02:23.0783 6232 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
02:02:23.0788 6232 RasMan - ok
02:02:23.0870 6232 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
02:02:23.0871 6232 RasPppoe - ok
02:02:23.0886 6232 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
02:02:23.0887 6232 RasSstp - ok
02:02:23.0932 6232 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
02:02:23.0936 6232 rdbss - ok
02:02:23.0951 6232 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
02:02:23.0952 6232 rdpbus - ok
02:02:24.0070 6232 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:02:24.0071 6232 RDPCDD - ok
02:02:24.0112 6232 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
02:02:24.0114 6232 RDPDR - ok
02:02:24.0154 6232 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
02:02:24.0175 6232 RDPENCDD - ok
02:02:24.0248 6232 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
02:02:24.0249 6232 RDPREFMP - ok
02:02:24.0307 6232 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
02:02:24.0308 6232 RdpVideoMiniport - ok
02:02:24.0340 6232 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
02:02:24.0343 6232 RDPWD - ok
02:02:24.0416 6232 RDSAnalyzerService (7a4064025f9156c0334b31d74db9bed5) C:\Program Files\RDS Application Compatibility Analyzer\TSAnalyzerService.exe
02:02:24.0416 6232 RDSAnalyzerService - ok
02:02:24.0507 6232 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
02:02:24.0510 6232 rdyboost - ok
02:02:24.0537 6232 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
02:02:24.0540 6232 RemoteAccess - ok
02:02:24.0569 6232 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
02:02:24.0573 6232 RemoteRegistry - ok
02:02:24.0642 6232 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
02:02:24.0645 6232 RpcEptMapper - ok
02:02:24.0661 6232 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
02:02:24.0663 6232 RpcLocator - ok
02:02:24.0696 6232 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
02:02:24.0701 6232 RpcSs - ok
02:02:24.0750 6232 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
02:02:24.0752 6232 rspndr - ok
02:02:24.0851 6232 RTL8167 (e099d23ee1bbce0cf5745f811f3b1882) C:\Windows\system32\DRIVERS\Rt86win7.sys
02:02:24.0856 6232 RTL8167 - ok
02:02:24.0894 6232 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
02:02:24.0894 6232 s3cap - ok
02:02:24.0923 6232 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:02:24.0925 6232 SamSs - ok
02:02:25.0011 6232 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
02:02:25.0012 6232 sbp2port - ok
02:02:25.0048 6232 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
02:02:25.0053 6232 SCardSvr - ok
02:02:25.0083 6232 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
02:02:25.0084 6232 scfilter - ok
02:02:25.0129 6232 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
02:02:25.0141 6232 Schedule - ok
02:02:25.0222 6232 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
02:02:25.0224 6232 SCPolicySvc - ok
02:02:25.0270 6232 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
02:02:25.0274 6232 SDRSVC - ok
02:02:25.0327 6232 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:02:25.0328 6232 secdrv - ok
02:02:25.0404 6232 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
02:02:25.0407 6232 seclogon - ok
02:02:25.0433 6232 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
02:02:25.0436 6232 SENS - ok
02:02:25.0470 6232 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
02:02:25.0473 6232 SensrSvc - ok
02:02:25.0514 6232 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
02:02:25.0515 6232 Serenum - ok
02:02:25.0597 6232 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
02:02:25.0599 6232 Serial - ok
02:02:25.0638 6232 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
02:02:25.0640 6232 sermouse - ok
02:02:25.0686 6232 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
02:02:25.0690 6232 SessionEnv - ok
02:02:25.0721 6232 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
02:02:25.0723 6232 sffdisk - ok
02:02:25.0798 6232 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
02:02:25.0799 6232 sffp_mmc - ok
02:02:25.0821 6232 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
02:02:25.0823 6232 sffp_sd - ok
02:02:25.0855 6232 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
02:02:25.0856 6232 sfloppy - ok
02:02:25.0911 6232 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
02:02:25.0916 6232 SharedAccess - ok
02:02:26.0008 6232 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
02:02:26.0014 6232 ShellHWDetection - ok
02:02:26.0061 6232 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
02:02:26.0062 6232 sisagp - ok
02:02:26.0108 6232 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:02:26.0109 6232 SiSRaid2 - ok
02:02:26.0184 6232 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
02:02:26.0186 6232 SiSRaid4 - ok
02:02:26.0280 6232 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
02:02:26.0282 6232 Smb - ok
02:02:26.0328 6232 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
02:02:26.0331 6232 SNMPTRAP - ok
02:02:26.0362 6232 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
02:02:26.0363 6232 spldr - ok
02:02:26.0451 6232 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
02:02:26.0455 6232 Spooler - ok
02:02:26.0549 6232 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
02:02:26.0587 6232 sppsvc - ok
02:02:26.0672 6232 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
02:02:26.0675 6232 sppuinotify - ok
02:02:26.0785 6232 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
02:02:26.0787 6232 SQLBrowser - ok
02:02:26.0816 6232 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
02:02:26.0817 6232 SQLWriter - ok
02:02:26.0914 6232 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
02:02:26.0919 6232 srv - ok
02:02:26.0940 6232 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
02:02:26.0945 6232 srv2 - ok
02:02:26.0965 6232 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
02:02:26.0968 6232 srvnet - ok
02:02:26.0999 6232 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
02:02:27.0004 6232 SSDPSRV - ok
02:02:27.0088 6232 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
02:02:27.0092 6232 SstpSvc - ok
02:02:27.0131 6232 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
02:02:27.0132 6232 stexstor - ok
02:02:27.0181 6232 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
02:02:27.0181 6232 StillCam - ok
02:02:27.0247 6232 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
02:02:27.0254 6232 StiSvc - ok
02:02:27.0337 6232 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
02:02:27.0338 6232 storflt - ok
02:02:27.0379 6232 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
02:02:27.0382 6232 StorSvc - ok
02:02:27.0413 6232 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
02:02:27.0414 6232 storvsc - ok
02:02:27.0437 6232 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
02:02:27.0438 6232 swenum - ok
02:02:27.0506 6232 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
02:02:27.0512 6232 swprv - ok
02:02:27.0533 6232 Synth3dVsc - ok
02:02:27.0584 6232 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
02:02:27.0601 6232 SysMain - ok
02:02:27.0686 6232 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
02:02:27.0690 6232 TabletInputService - ok
02:02:27.0718 6232 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
02:02:27.0724 6232 TapiSrv - ok
02:02:27.0748 6232 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
02:02:27.0751 6232 TBS - ok
02:02:27.0813 6232 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
02:02:27.0823 6232 Tcpip - ok
02:02:27.0917 6232 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
02:02:27.0926 6232 TCPIP6 - ok
02:02:27.0960 6232 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
02:02:27.0961 6232 tcpipreg - ok
02:02:27.0996 6232 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
02:02:27.0998 6232 TDPIPE - ok
02:02:28.0033 6232 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
02:02:28.0034 6232 TDTCP - ok
02:02:28.0117 6232 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
02:02:28.0119 6232 tdx - ok
02:02:28.0150 6232 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
02:02:28.0152 6232 TermDD - ok
02:02:28.0173 6232 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
02:02:28.0181 6232 TermService - ok
02:02:28.0206 6232 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
02:02:28.0208 6232 Themes - ok
02:02:28.0290 6232 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
02:02:28.0292 6232 THREADORDER - ok
02:02:28.0315 6232 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
02:02:28.0318 6232 TrkWks - ok
02:02:28.0349 6232 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
02:02:28.0353 6232 TrustedInstaller - ok
02:02:28.0381 6232 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:02:28.0382 6232 tssecsrv - ok
02:02:28.0465 6232 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
02:02:28.0467 6232 TsUsbFlt - ok
02:02:28.0475 6232 tsusbhub - ok
02:02:28.0513 6232 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
02:02:28.0515 6232 tunnel - ok
02:02:28.0561 6232 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
02:02:28.0562 6232 uagp35 - ok
02:02:28.0659 6232 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
02:02:28.0663 6232 udfs - ok
02:02:28.0704 6232 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
02:02:28.0708 6232 UI0Detect - ok
02:02:28.0762 6232 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
02:02:28.0763 6232 uliagpkx - ok
02:02:28.0842 6232 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
02:02:28.0844 6232 umbus - ok
02:02:28.0889 6232 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
02:02:28.0890 6232 UmPass - ok
02:02:28.0924 6232 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
02:02:28.0929 6232 UmRdpService - ok
02:02:28.0968 6232 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
02:02:28.0974 6232 upnphost - ok
02:02:29.0062 6232 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
02:02:29.0064 6232 usbccgp - ok
02:02:29.0104 6232 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
02:02:29.0106 6232 usbcir - ok
02:02:29.0130 6232 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
02:02:29.0132 6232 usbehci - ok
02:02:29.0229 6232 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
02:02:29.0234 6232 usbhub - ok
02:02:29.0260 6232 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
02:02:29.0261 6232 usbohci - ok
02:02:29.0332 6232 USBPNPA (41b758cff0a3c10a69e088f440677399) C:\Windows\system32\drivers\CM108.sys
02:02:29.0348 6232 USBPNPA - ok
02:02:29.0441 6232 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
02:02:29.0442 6232 usbprint - ok
02:02:29.0482 6232 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:02:29.0483 6232 USBSTOR - ok
02:02:29.0505 6232 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
02:02:29.0507 6232 usbuhci - ok
02:02:29.0536 6232 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
02:02:29.0538 6232 UxSms - ok
02:02:29.0614 6232 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:02:29.0615 6232 VaultSvc - ok
02:02:29.0663 6232 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
02:02:29.0664 6232 vdrvroot - ok
02:02:29.0702 6232 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
02:02:29.0710 6232 vds - ok
02:02:29.0788 6232 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
02:02:29.0789 6232 vga - ok
02:02:29.0817 6232 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
02:02:29.0819 6232 VgaSave - ok
02:02:29.0835 6232 VGPU - ok
02:02:29.0872 6232 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
02:02:29.0875 6232 vhdmp - ok
02:02:29.0924 6232 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
02:02:29.0925 6232 viaagp - ok
02:02:30.0011 6232 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
02:02:30.0012 6232 ViaC7 - ok
02:02:30.0056 6232 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
02:02:30.0056 6232 viaide - ok
02:02:30.0091 6232 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
02:02:30.0094 6232 vmbus - ok
02:02:30.0124 6232 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
02:02:30.0125 6232 VMBusHID - ok
02:02:30.0219 6232 VMUSBArbService (6c551c8b0672c926b80fa8199c8682e7) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
02:02:30.0223 6232 VMUSBArbService - ok
02:02:30.0306 6232 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
02:02:30.0308 6232 volmgr - ok
02:02:30.0344 6232 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
02:02:30.0349 6232 volmgrx - ok
02:02:30.0373 6232 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
02:02:30.0377 6232 volsnap - ok
02:02:30.0466 6232 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
02:02:30.0469 6232 vsmraid - ok
02:02:30.0574 6232 VSPerfDrv90 (0bd123313159cb8963d7a0404f7d96a5) C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys
02:02:30.0576 6232 VSPerfDrv90 - ok
02:02:30.0676 6232 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
02:02:30.0691 6232 VSS - ok
02:02:30.0729 6232 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
02:02:30.0730 6232 vwifibus - ok
02:02:30.0812 6232 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
02:02:30.0819 6232 W32Time - ok
02:02:30.0847 6232 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
02:02:30.0848 6232 WacomPen - ok
02:02:30.0905 6232 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
02:02:30.0907 6232 WANARP - ok
02:02:30.0912 6232 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
02:02:30.0913 6232 Wanarpv6 - ok
02:02:31.0040 6232 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
02:02:31.0057 6232 WatAdminSvc - ok
02:02:31.0115 6232 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
02:02:31.0133 6232 wbengine - ok
02:02:31.0215 6232 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
02:02:31.0220 6232 WbioSrvc - ok
02:02:31.0258 6232 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
02:02:31.0264 6232 wcncsvc - ok
02:02:31.0289 6232 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
02:02:31.0292 6232 WcsPlugInService - ok
02:02:31.0330 6232 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
02:02:31.0330 6232 Wd - ok
02:02:31.0425 6232 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
02:02:31.0426 6232 WDC_SAM - ok
02:02:31.0457 6232 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
02:02:31.0464 6232 Wdf01000 - ok
02:02:31.0498 6232 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
02:02:31.0515 6232 WdiServiceHost - ok
02:02:31.0520 6232 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
02:02:31.0524 6232 WdiSystemHost - ok
02:02:31.0612 6232 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
02:02:31.0618 6232 WebClient - ok
02:02:31.0636 6232 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
02:02:31.0641 6232 Wecsvc - ok
02:02:31.0665 6232 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
02:02:31.0669 6232 wercplsupport - ok
02:02:31.0701 6232 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
02:02:31.0705 6232 WerSvc - ok
02:02:31.0810 6232 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
02:02:31.0811 6232 WfpLwf - ok
02:02:31.0846 6232 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
02:02:31.0847 6232 WIMMount - ok
02:02:31.0943 6232 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
02:02:31.0952 6232 WinDefend - ok
02:02:31.0965 6232 WinHttpAutoProxySvc - ok
02:02:32.0096 6232 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
02:02:32.0100 6232 Winmgmt - ok
02:02:32.0151 6232 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
02:02:32.0169 6232 WinRM - ok
02:02:32.0274 6232 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
02:02:32.0287 6232 Wlansvc - ok
02:02:32.0331 6232 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
02:02:32.0333 6232 WmiAcpi - ok
02:02:32.0413 6232 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
02:02:32.0416 6232 wmiApSrv - ok
02:02:32.0490 6232 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
02:02:32.0505 6232 WMPNetworkSvc - ok
02:02:32.0581 6232 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
02:02:32.0585 6232 WPCSvc - ok
02:02:32.0612 6232 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
02:02:32.0617 6232 WPDBusEnum - ok
02:02:32.0654 6232 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
02:02:32.0655 6232 ws2ifsl - ok
02:02:32.0673 6232 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
02:02:32.0677 6232 wscsvc - ok
02:02:32.0735 6232 WSearch - ok
02:02:32.0810 6232 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
02:02:32.0837 6232 wuauserv - ok
02:02:32.0918 6232 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
02:02:32.0920 6232 WudfPf - ok
02:02:32.0963 6232 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:02:32.0966 6232 WUDFRd - ok
02:02:33.0022 6232 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
02:02:33.0026 6232 wudfsvc - ok
02:02:33.0112 6232 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
02:02:33.0117 6232 WwanSvc - ok
02:02:33.0148 6232 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:02:33.0212 6232 \Device\Harddisk0\DR0 - ok
02:02:33.0217 6232 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
02:02:33.0219 6232 \Device\Harddisk1\DR1 - ok
02:02:33.0223 6232 Boot (0x1200) (92590cf6f01a02d7f5d7937492022514) \Device\Harddisk0\DR0\Partition0
02:02:33.0223 6232 \Device\Harddisk0\DR0\Partition0 - ok
02:02:33.0228 6232 Boot (0x1200) (e5146566e984316cb47d8b24fb8a6d42) \Device\Harddisk1\DR1\Partition0
02:02:33.0229 6232 \Device\Harddisk1\DR1\Partition0 - ok
02:02:33.0232 6232 ============================================================
02:02:33.0232 6232 Scan finished
02:02:33.0232 6232 ============================================================
02:02:33.0243 3892 Detected object count: 0
02:02:33.0243 3892 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 PM

Posted 16 April 2012 - 01:07 AM

that looks good - now the aswmbr report please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Saturn-V

Saturn-V
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 16 April 2012 - 07:48 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-16 02:04:22
-----------------------------
02:04:22.765 OS Version: Windows 6.1.7601 Service Pack 1
02:04:22.765 Number of processors: 4 586 0xF0B
02:04:22.767 ComputerName: ZMFS-DOUG UserName:
02:04:24.079 Initialize success
02:08:09.393 AVAST engine defs: 12041502
02:10:04.115 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:10:04.115 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OABNA Size: 76293MB BusType: 3
02:10:04.115 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
02:10:04.115 Disk 1 Vendor: Hitachi_HDS721680PLA380 P21OABNA Size: 76293MB BusType: 3
02:10:04.880 Disk 0 MBR read successfully
02:10:04.880 Disk 0 MBR scan
02:10:04.880 Disk 0 Windows 7 default MBR code
02:10:04.926 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
02:10:05.082 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76230 MB offset 112455
02:10:05.597 Disk 0 scanning sectors +156232125
02:10:06.502 Disk 0 scanning C:\Windows\system32\drivers
02:13:33.905 Service scanning
02:14:01.611 Modules scanning
02:18:29.153 Disk 0 trace - called modules:
02:18:29.324 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys
02:18:29.324 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85df3188]
02:18:29.324 3 CLASSPNP.SYS[8b19859e] -> nt!IofCallDriver -> [0x858db918]
02:18:29.324 5 ACPI.sys[8ac993d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84fe0908]
02:18:30.448 AVAST engine scan C:\Windows
02:21:08.367 AVAST engine scan C:\Windows\system32
03:34:22.307 AVAST engine scan C:\Windows\system32\drivers
03:40:08.333 AVAST engine scan C:\Users\doug.brower
05:44:57.535 AVAST engine scan C:\ProgramData
06:02:07.782 Scan finished successfully
08:47:05.718 Disk 0 MBR has been saved successfully to "C:\Users\doug.brower\Desktop\MBR.dat"
08:47:05.733 The log file has been saved successfully to "C:\Users\doug.brower\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 PM

Posted 16 April 2012 - 06:17 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
DDS::
Trusted Zone: google-analytics.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 PM

Posted 18 April 2012 - 11:30 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 PM

Posted 22 April 2012 - 12:16 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Saturn-V

Saturn-V
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 23 April 2012 - 03:50 PM

Hello! (My previous reply was not properly sent, my fault.) I think the problem has been fixed. Thanks for your help! Please check that a donation was received :)

Regards - doug

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:56 PM

Posted 23 April 2012 - 09:23 PM

Hello


that is great that the problem is fixed but that is only part of the fix


If you have a flat tire you don't just put air in it - you also need to find the hole and fix it.


so go ahead and run the script and lets fix the holes




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users