Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shared computer may be infected


  • This topic is locked This topic is locked
18 replies to this topic

#1 marsspeaks

marsspeaks

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 13 April 2012 - 10:19 PM

Hi, I've been here before but with my personal laptop but this time I think something may be wrong with a shared computer my family uses. I've been told that a family member was on facebook and had clicked a link telling them they would get free TOMs. This may be very worried and I have noticed this computer has been slower than it normally is as it's an older computer. I've done a few virus scans and nothing has shown up but I know sometimes things can be hidden. Would it be too much trouble for someone to look over the logs to tell me if anything is hidden? I've done all the requested logs but please tell me if you need anymore information!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.0
Run by B at 18:52:30 on 2012-04-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3319.1918 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NPSStartup]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0D791063-56BF-44AB-82B5-A7599930A6AF} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\b\appdata\roaming\mozilla\firefox\profiles\exmqxbh0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-10-20 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-11-15 233472]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-16 654408]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-17 1153368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2011-10-1 20480]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-11-15 36608]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2012-2-9 173880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-16 22344]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111v.sys [2008-8-4 904192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-1 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2011-12-20 253600]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2011-10-1 21504]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-1 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-13 21:02:58 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 21:02:58 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 21:02:58 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 21:02:58 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 21:02:42 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-13 21:02:42 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 16:25:58 711240 ----a-w- c:\windows\isRS-000.tmp
2012-04-05 15:28:15 -------- d-----w- c:\users\b\appdata\roaming\DAEMON Tools Pro
2012-04-05 15:28:11 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-03-25 10:36:15 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-03-25 10:36:15 -------- d-----w- c:\program files\SpywareBlaster
2012-03-25 10:35:55 -------- d-----w- c:\users\b\appdata\roaming\WinPatrol
2012-03-25 10:35:43 -------- d-----w- c:\program files\BillP Studios
2012-03-25 10:35:42 -------- d-----w- c:\programdata\InstallMate
.
==================== Find3M ====================
.
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 21:22:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 21:22:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-25 11:05:49 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-25 11:05:49 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16:25 2044416 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:53:54.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 15 April 2012 - 12:39 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 15 April 2012 - 03:27 AM

Hi, after I had posted this topic AVG alerted me to an infected file. It was quickly removed but I'm not quite sure what it was. It said I may be infected by an unknown virus called Exploit.Flash and it was located in a program folder for Chrome. I've done several scans since then and have not anything detected. However, here are my logs.

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.6
Spybot - Search & Destroy
Java™ 6 Update 29
Java™ 7 Update 3
Adobe Flash Player 11.2.202.228
Adobe Reader X (10.1.2)
Mozilla Firefox 10.0.2 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

WinPatrol winpatrol.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
BillP Studios WinPatrol WinPatrol.exe
``````````End of Log````````````


ComboFix 12-04-15.01 - B 04/15/2012 0:55.9.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3319.2204 [GMT -7:00]
Running from: c:\users\B\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\B\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 08:05 . 2012-04-15 08:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-15 08:05 . 2012-04-15 08:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 08:05 . 2012-04-15 08:05 -------- d-----w- c:\users\B\AppData\Local\temp
2012-04-15 08:05 . 2012-04-15 08:05 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-15 07:46 . 2012-04-15 07:46 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86FC1B91-C743-4B63-9237-FB112DF83560}\offreg.dll
2012-04-13 21:02 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 21:02 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 21:02 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 21:02 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 21:02 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-13 21:02 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-05 15:31 . 2012-04-05 15:53 -------- d-----w- c:\users\B\AppData\Roaming\dvdcss
2012-04-05 15:28 . 2012-04-05 15:31 -------- d-----w- c:\users\B\AppData\Roaming\DAEMON Tools Pro
2012-04-05 15:28 . 2012-04-05 15:28 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-03-25 11:07 . 2012-03-25 11:07 -------- d-----w- c:\program files\Common Files\Java
2012-03-25 10:51 . 2012-03-25 10:51 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-25 10:36 . 2012-03-25 10:36 -------- d-----w- c:\program files\SpywareBlaster
2012-03-25 10:36 . 2010-01-11 01:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-03-25 10:35 . 2012-03-25 10:35 -------- d-----w- c:\users\B\AppData\Roaming\WinPatrol
2012-03-25 10:35 . 2012-03-25 10:35 -------- d-----w- c:\program files\BillP Studios
2012-03-25 10:35 . 2012-03-25 10:35 -------- d-----w- c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2011-10-17 04:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 21:22 . 2011-12-20 21:42 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-03 21:22 . 2011-10-01 18:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-25 11:05 . 2011-12-20 21:43 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-25 11:05 . 2011-10-20 22:45 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-14 15:45 . 2012-03-14 14:25 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 14:25 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 14:25 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 14:25 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 14:25 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16 . 2012-03-14 14:25 2044416 ----a-w- c:\windows\system32\win32k.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-02-19 03:49 . 2011-12-20 21:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-19 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-19 133656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-02-24 328800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2011-10-1 995328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 253600]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-20 21:22]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 18:25]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 18:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\B\AppData\Roaming\Mozilla\Firefox\Profiles\exmqxbh0.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NPSStartup - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-15 01:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-15 01:12:07
ComboFix-quarantined-files.txt 2012-04-15 08:11
ComboFix2.txt 2011-10-24 04:03
.
Pre-Run: 14,236,618,752 bytes free
Post-Run: 14,271,291,392 bytes free
.
- - End Of File - - 59D142C006721EC959BDDEB7562B56B6

I didn't have a problem but Combofix closed out the first time I used it before it started the scan. I clicked it again and it ran normally. I'm not sure if that's important. My computer seems be running very well and shows no signs of infection.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 15 April 2012 - 03:48 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 15 April 2012 - 09:52 AM

Here are my reports for TDSS and aswMBR.

07:28:04.0698 1492 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
07:28:05.0415 1492 ============================================================
07:28:05.0415 1492 Current date / time: 2012/04/15 07:28:05.0415
07:28:05.0415 1492 SystemInfo:
07:28:05.0415 1492
07:28:05.0415 1492 OS Version: 6.0.6002 ServicePack: 2.0
07:28:05.0415 1492 Product type: Workstation
07:28:05.0415 1492 ComputerName: B-PC
07:28:05.0415 1492 UserName: B
07:28:05.0415 1492 Windows directory: C:\Windows
07:28:05.0415 1492 System windows directory: C:\Windows
07:28:05.0415 1492 Processor architecture: Intel x86
07:28:05.0415 1492 Number of processors: 1
07:28:05.0415 1492 Page size: 0x1000
07:28:05.0415 1492 Boot type: Normal boot
07:28:05.0415 1492 ============================================================
07:28:06.0773 1492 Drive \Device\Harddisk1\DR1 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:28:06.0851 1492 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:28:06.0851 1492 \Device\Harddisk1\DR1:
07:28:06.0851 1492 MBR used
07:28:06.0851 1492 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A8A000
07:28:06.0851 1492 \Device\Harddisk0\DR0:
07:28:06.0851 1492 MBR used
07:28:06.0851 1492 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCE2F7C1
07:28:06.0851 1492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xCE2F800, BlocksNum 0x1164000
07:28:06.0975 1492 Initialize success
07:28:06.0975 1492 ============================================================
07:28:50.0656 1104 ============================================================
07:28:50.0656 1104 Scan started
07:28:50.0656 1104 Mode: Manual;
07:28:50.0656 1104 ============================================================
07:28:51.0390 1104 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
07:28:51.0390 1104 ACPI - ok
07:28:51.0483 1104 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:28:51.0483 1104 AdobeARMservice - ok
07:28:51.0624 1104 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:28:51.0624 1104 AdobeFlashPlayerUpdateSvc - ok
07:28:51.0780 1104 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
07:28:51.0780 1104 adp94xx - ok
07:28:51.0951 1104 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
07:28:51.0967 1104 adpahci - ok
07:28:52.0076 1104 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
07:28:52.0076 1104 adpu160m - ok
07:28:52.0201 1104 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
07:28:52.0201 1104 adpu320 - ok
07:28:52.0310 1104 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
07:28:52.0310 1104 AeLookupSvc - ok
07:28:52.0466 1104 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
07:28:52.0466 1104 AFD - ok
07:28:52.0591 1104 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
07:28:52.0606 1104 agp440 - ok
07:28:52.0716 1104 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
07:28:52.0716 1104 aic78xx - ok
07:28:52.0825 1104 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
07:28:52.0825 1104 ALG - ok
07:28:52.0934 1104 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
07:28:52.0934 1104 aliide - ok
07:28:53.0059 1104 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
07:28:53.0059 1104 amdagp - ok
07:28:53.0168 1104 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
07:28:53.0168 1104 amdide - ok
07:28:53.0293 1104 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
07:28:53.0293 1104 AmdK7 - ok
07:28:53.0433 1104 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
07:28:53.0433 1104 AmdK8 - ok
07:28:53.0542 1104 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
07:28:53.0542 1104 Appinfo - ok
07:28:53.0652 1104 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:28:53.0652 1104 Apple Mobile Device - ok
07:28:53.0792 1104 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
07:28:53.0792 1104 arc - ok
07:28:53.0948 1104 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
07:28:53.0948 1104 arcsas - ok
07:28:54.0073 1104 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
07:28:54.0073 1104 AsyncMac - ok
07:28:54.0213 1104 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
07:28:54.0213 1104 atapi - ok
07:28:54.0338 1104 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
07:28:54.0338 1104 AudioEndpointBuilder - ok
07:28:54.0369 1104 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
07:28:54.0369 1104 Audiosrv - ok
07:28:54.0525 1104 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
07:28:54.0525 1104 Beep - ok
07:28:54.0634 1104 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
07:28:54.0650 1104 BFE - ok
07:28:54.0822 1104 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
07:28:54.0822 1104 BITS - ok
07:28:54.0915 1104 blbdrive - ok
07:28:55.0024 1104 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
07:28:55.0024 1104 Bonjour Service - ok
07:28:55.0149 1104 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
07:28:55.0149 1104 bowser - ok
07:28:55.0274 1104 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
07:28:55.0274 1104 BrFiltLo - ok
07:28:55.0430 1104 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
07:28:55.0430 1104 BrFiltUp - ok
07:28:55.0539 1104 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
07:28:55.0539 1104 Browser - ok
07:28:55.0664 1104 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
07:28:55.0664 1104 Brserid - ok
07:28:55.0898 1104 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
07:28:55.0898 1104 BrSerWdm - ok
07:28:56.0054 1104 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
07:28:56.0054 1104 BrUsbMdm - ok
07:28:56.0163 1104 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
07:28:56.0163 1104 BrUsbSer - ok
07:28:56.0319 1104 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
07:28:56.0319 1104 BTHMODEM - ok
07:28:56.0444 1104 catchme - ok
07:28:56.0584 1104 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
07:28:56.0584 1104 cdfs - ok
07:28:56.0709 1104 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
07:28:56.0709 1104 cdrom - ok
07:28:56.0803 1104 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
07:28:56.0803 1104 CertPropSvc - ok
07:28:56.0928 1104 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
07:28:56.0928 1104 circlass - ok
07:28:57.0037 1104 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
07:28:57.0037 1104 CLFS - ok
07:28:57.0130 1104 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:28:57.0130 1104 clr_optimization_v2.0.50727_32 - ok
07:28:57.0255 1104 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:28:57.0255 1104 clr_optimization_v4.0.30319_32 - ok
07:28:57.0380 1104 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
07:28:57.0380 1104 cmdide - ok
07:28:57.0505 1104 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
07:28:57.0505 1104 Compbatt - ok
07:28:57.0583 1104 COMSysApp - ok
07:28:57.0708 1104 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
07:28:57.0708 1104 crcdisk - ok
07:28:57.0988 1104 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
07:28:57.0988 1104 Crusoe - ok
07:28:58.0113 1104 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
07:28:58.0113 1104 CryptSvc - ok
07:28:58.0254 1104 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
07:28:58.0254 1104 DcomLaunch - ok
07:28:58.0378 1104 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
07:28:58.0378 1104 DfsC - ok
07:28:58.0534 1104 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
07:28:58.0550 1104 DFSR - ok
07:28:58.0675 1104 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
07:28:58.0675 1104 Dhcp - ok
07:28:58.0815 1104 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
07:28:58.0815 1104 disk - ok
07:28:58.0940 1104 DNIMp50 (2782a4549cc6558c52b0753126b2a833) C:\Windows\system32\Drivers\DNIMp50.sys
07:28:58.0940 1104 DNIMp50 - ok
07:28:59.0080 1104 DNISp50 (b222622709a919c91cb54a90cf7ceefc) C:\Windows\system32\Drivers\DNISp50.sys
07:28:59.0080 1104 DNISp50 - ok
07:28:59.0190 1104 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
07:28:59.0190 1104 Dnscache - ok
07:28:59.0314 1104 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
07:28:59.0314 1104 dot3svc - ok
07:28:59.0408 1104 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
07:28:59.0408 1104 DPS - ok
07:28:59.0548 1104 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
07:28:59.0548 1104 drmkaud - ok
07:28:59.0673 1104 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
07:28:59.0704 1104 DXGKrnl - ok
07:28:59.0829 1104 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
07:28:59.0829 1104 E1G60 - ok
07:28:59.0938 1104 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
07:28:59.0938 1104 EapHost - ok
07:29:00.0079 1104 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
07:29:00.0079 1104 Ecache - ok
07:29:00.0172 1104 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
07:29:00.0188 1104 ehRecvr - ok
07:29:00.0266 1104 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
07:29:00.0266 1104 ehSched - ok
07:29:00.0328 1104 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
07:29:00.0344 1104 ehstart - ok
07:29:00.0469 1104 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
07:29:00.0484 1104 elxstor - ok
07:29:00.0594 1104 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
07:29:00.0594 1104 EMDMgmt - ok
07:29:00.0718 1104 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
07:29:00.0718 1104 EventSystem - ok
07:29:00.0859 1104 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
07:29:00.0859 1104 exfat - ok
07:29:00.0984 1104 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
07:29:00.0984 1104 fastfat - ok
07:29:01.0124 1104 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
07:29:01.0124 1104 fdc - ok
07:29:01.0218 1104 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
07:29:01.0218 1104 fdPHost - ok
07:29:01.0327 1104 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
07:29:01.0327 1104 FDResPub - ok
07:29:01.0436 1104 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
07:29:01.0452 1104 FileInfo - ok
07:29:01.0561 1104 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
07:29:01.0561 1104 Filetrace - ok
07:29:01.0686 1104 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
07:29:01.0686 1104 flpydisk - ok
07:29:01.0810 1104 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
07:29:01.0826 1104 FltMgr - ok
07:29:01.0951 1104 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
07:29:01.0966 1104 FontCache - ok
07:29:02.0076 1104 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:29:02.0076 1104 FontCache3.0.0.0 - ok
07:29:02.0185 1104 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
07:29:02.0200 1104 FsUsbExDisk - ok
07:29:02.0325 1104 FsUsbExService (d3f9205cc4cb07553f2f9472c767ea87) C:\Windows\system32\FsUsbExService.Exe
07:29:02.0325 1104 FsUsbExService - ok
07:29:02.0434 1104 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
07:29:02.0434 1104 Fs_Rec - ok
07:29:02.0559 1104 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
07:29:02.0559 1104 gagp30kx - ok
07:29:02.0684 1104 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:29:02.0684 1104 GEARAspiWDM - ok
07:29:02.0793 1104 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
07:29:02.0793 1104 gpsvc - ok
07:29:02.0934 1104 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
07:29:02.0934 1104 gupdate - ok
07:29:02.0965 1104 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
07:29:02.0965 1104 gupdatem - ok
07:29:03.0105 1104 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
07:29:03.0105 1104 HdAudAddService - ok
07:29:03.0230 1104 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:29:03.0230 1104 HDAudBus - ok
07:29:03.0355 1104 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
07:29:03.0355 1104 HidBth - ok
07:29:03.0495 1104 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
07:29:03.0495 1104 HidIr - ok
07:29:03.0589 1104 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
07:29:03.0589 1104 hidserv - ok
07:29:03.0698 1104 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
07:29:03.0714 1104 HidUsb - ok
07:29:03.0807 1104 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
07:29:03.0807 1104 hkmsvc - ok
07:29:03.0916 1104 HP Health Check Service (e48b80f6614d4befa7768b960ffef514) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
07:29:03.0916 1104 HP Health Check Service - ok
07:29:04.0041 1104 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
07:29:04.0041 1104 HpCISSs - ok
07:29:04.0197 1104 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
07:29:04.0213 1104 HSF_DP - ok
07:29:04.0338 1104 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
07:29:04.0338 1104 HSXHWBS2 - ok
07:29:04.0462 1104 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
07:29:04.0462 1104 HTTP - ok
07:29:04.0587 1104 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
07:29:04.0587 1104 i2omp - ok
07:29:04.0743 1104 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
07:29:04.0743 1104 i8042prt - ok
07:29:04.0915 1104 ialm (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
07:29:04.0930 1104 ialm - ok
07:29:05.0055 1104 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
07:29:05.0055 1104 iaStorV - ok
07:29:05.0164 1104 IDriverT (6f95324909b502e2651442c1548ab12f) c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
07:29:05.0164 1104 IDriverT - ok
07:29:05.0305 1104 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:29:05.0320 1104 idsvc - ok
07:29:05.0508 1104 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
07:29:05.0523 1104 igfx - ok
07:29:05.0632 1104 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
07:29:05.0632 1104 iirsp - ok
07:29:05.0757 1104 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
07:29:05.0757 1104 IKEEXT - ok
07:29:06.0163 1104 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
07:29:06.0178 1104 IntcAzAudAddService - ok
07:29:06.0303 1104 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
07:29:06.0303 1104 intelide - ok
07:29:06.0428 1104 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
07:29:06.0428 1104 intelppm - ok
07:29:06.0537 1104 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
07:29:06.0537 1104 IPBusEnum - ok
07:29:06.0646 1104 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:29:06.0662 1104 IpFilterDriver - ok
07:29:06.0756 1104 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
07:29:06.0756 1104 iphlpsvc - ok
07:29:06.0865 1104 IpInIp - ok
07:29:06.0990 1104 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
07:29:06.0990 1104 IPMIDRV - ok
07:29:07.0114 1104 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
07:29:07.0114 1104 IPNAT - ok
07:29:07.0224 1104 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
07:29:07.0224 1104 iPod Service - ok
07:29:07.0364 1104 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
07:29:07.0364 1104 IRENUM - ok
07:29:07.0489 1104 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
07:29:07.0489 1104 isapnp - ok
07:29:07.0629 1104 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
07:29:07.0629 1104 iScsiPrt - ok
07:29:07.0754 1104 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
07:29:07.0754 1104 iteatapi - ok
07:29:07.0879 1104 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
07:29:07.0879 1104 iteraid - ok
07:29:08.0004 1104 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:29:08.0004 1104 kbdclass - ok
07:29:08.0113 1104 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
07:29:08.0113 1104 kbdhid - ok
07:29:08.0206 1104 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:29:08.0206 1104 KeyIso - ok
07:29:08.0316 1104 KeyScrambler (1223a8b567ffdb4b8bb5f59e5f033fdb) C:\Windows\system32\drivers\keyscrambler.sys
07:29:08.0316 1104 KeyScrambler - ok
07:29:08.0456 1104 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
07:29:08.0456 1104 KSecDD - ok
07:29:08.0565 1104 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
07:29:08.0565 1104 KtmRm - ok
07:29:08.0659 1104 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
07:29:08.0674 1104 LanmanServer - ok
07:29:08.0768 1104 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
07:29:08.0768 1104 LanmanWorkstation - ok
07:29:08.0877 1104 LightScribeService (683a07b982832426128b684b7366710f) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:29:08.0877 1104 LightScribeService - ok
07:29:09.0002 1104 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
07:29:09.0002 1104 lltdio - ok
07:29:09.0111 1104 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
07:29:09.0111 1104 lltdsvc - ok
07:29:09.0205 1104 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
07:29:09.0220 1104 lmhosts - ok
07:29:09.0361 1104 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
07:29:09.0361 1104 LSI_FC - ok
07:29:09.0486 1104 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
07:29:09.0486 1104 LSI_SAS - ok
07:29:09.0626 1104 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
07:29:09.0626 1104 LSI_SCSI - ok
07:29:09.0751 1104 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
07:29:09.0751 1104 luafv - ok
07:29:09.0891 1104 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
07:29:09.0891 1104 MBAMProtector - ok
07:29:09.0985 1104 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:29:10.0000 1104 MBAMService - ok
07:29:10.0094 1104 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
07:29:10.0094 1104 Mcx2Svc - ok
07:29:10.0219 1104 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
07:29:10.0219 1104 mdmxsdk - ok
07:29:10.0344 1104 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
07:29:10.0344 1104 megasas - ok
07:29:10.0437 1104 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
07:29:10.0437 1104 MMCSS - ok
07:29:10.0562 1104 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
07:29:10.0562 1104 Modem - ok
07:29:10.0671 1104 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
07:29:10.0671 1104 monitor - ok
07:29:10.0905 1104 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
07:29:10.0905 1104 mouclass - ok
07:29:11.0046 1104 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
07:29:11.0046 1104 mouhid - ok
07:29:11.0170 1104 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
07:29:11.0170 1104 MountMgr - ok
07:29:11.0280 1104 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
07:29:11.0295 1104 mpio - ok
07:29:11.0420 1104 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
07:29:11.0420 1104 mpsdrv - ok
07:29:11.0529 1104 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
07:29:11.0529 1104 MpsSvc - ok
07:29:11.0638 1104 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
07:29:11.0638 1104 Mraid35x - ok
07:29:11.0763 1104 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
07:29:11.0763 1104 MRxDAV - ok
07:29:11.0888 1104 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:29:11.0904 1104 mrxsmb - ok
07:29:13.0027 1104 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:29:13.0027 1104 mrxsmb10 - ok
07:29:13.0168 1104 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:29:13.0168 1104 mrxsmb20 - ok
07:29:13.0295 1104 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
07:29:13.0296 1104 msahci - ok
07:29:13.0420 1104 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
07:29:13.0421 1104 msdsm - ok
07:29:13.0576 1104 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
07:29:13.0579 1104 MSDTC - ok
07:29:13.0835 1104 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
07:29:13.0835 1104 Msfs - ok
07:29:13.0976 1104 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
07:29:13.0976 1104 msisadrv - ok
07:29:14.0069 1104 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
07:29:14.0069 1104 MSiSCSI - ok
07:29:14.0147 1104 msiserver - ok
07:29:14.0257 1104 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
07:29:14.0257 1104 MSKSSRV - ok
07:29:14.0381 1104 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
07:29:14.0397 1104 MSPCLOCK - ok
07:29:14.0522 1104 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
07:29:14.0522 1104 MSPQM - ok
07:29:14.0647 1104 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
07:29:14.0647 1104 MsRPC - ok
07:29:14.0771 1104 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
07:29:14.0771 1104 mssmbios - ok
07:29:14.0896 1104 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
07:29:14.0896 1104 MSTEE - ok
07:29:15.0021 1104 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
07:29:15.0021 1104 Mup - ok
07:29:15.0130 1104 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
07:29:15.0130 1104 napagent - ok
07:29:15.0255 1104 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
07:29:15.0255 1104 NativeWifiP - ok
07:29:15.0395 1104 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
07:29:15.0395 1104 NDIS - ok
07:29:15.0520 1104 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
07:29:15.0520 1104 NdisTapi - ok
07:29:15.0645 1104 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
07:29:15.0645 1104 Ndisuio - ok
07:29:15.0863 1104 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
07:29:15.0879 1104 NdisWan - ok
07:29:16.0004 1104 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
07:29:16.0004 1104 NDProxy - ok
07:29:16.0129 1104 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
07:29:16.0129 1104 NetBIOS - ok
07:29:16.0269 1104 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
07:29:16.0269 1104 netbt - ok
07:29:16.0378 1104 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:29:16.0378 1104 Netlogon - ok
07:29:16.0472 1104 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
07:29:16.0472 1104 Netman - ok
07:29:16.0565 1104 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
07:29:16.0565 1104 netprofm - ok
07:29:16.0690 1104 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:29:16.0690 1104 NetTcpPortSharing - ok
07:29:16.0815 1104 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
07:29:16.0815 1104 nfrd960 - ok
07:29:16.0924 1104 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
07:29:16.0924 1104 NlaSvc - ok
07:29:17.0065 1104 npf (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
07:29:17.0065 1104 npf - ok
07:29:17.0174 1104 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
07:29:17.0174 1104 Npfs - ok
07:29:17.0283 1104 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
07:29:17.0283 1104 nsi - ok
07:29:17.0408 1104 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
07:29:17.0408 1104 nsiproxy - ok
07:29:17.0564 1104 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
07:29:17.0564 1104 Ntfs - ok
07:29:17.0689 1104 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
07:29:17.0689 1104 ntrigdigi - ok
07:29:17.0798 1104 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
07:29:17.0798 1104 Null - ok
07:29:17.0923 1104 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
07:29:17.0938 1104 nvraid - ok
07:29:18.0063 1104 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
07:29:18.0063 1104 nvstor - ok
07:29:18.0391 1104 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
07:29:18.0391 1104 nv_agp - ok
07:29:18.0500 1104 NwlnkFlt - ok
07:29:18.0593 1104 NwlnkFwd - ok
07:29:18.0874 1104 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
07:29:18.0874 1104 ohci1394 - ok
07:29:19.0077 1104 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:29:19.0108 1104 p2pimsvc - ok
07:29:19.0186 1104 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:29:19.0186 1104 p2psvc - ok
07:29:19.0311 1104 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
07:29:19.0311 1104 Parport - ok
07:29:19.0436 1104 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
07:29:19.0436 1104 partmgr - ok
07:29:19.0561 1104 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
07:29:19.0561 1104 Parvdm - ok
07:29:19.0654 1104 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
07:29:19.0654 1104 PcaSvc - ok
07:29:19.0810 1104 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
07:29:19.0810 1104 pccsmcfd - ok
07:29:19.0935 1104 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
07:29:19.0935 1104 pci - ok
07:29:20.0060 1104 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
07:29:20.0060 1104 pciide - ok
07:29:20.0185 1104 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
07:29:20.0185 1104 pcmcia - ok
07:29:20.0325 1104 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
07:29:20.0325 1104 pcouffin - ok
07:29:20.0481 1104 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
07:29:20.0512 1104 PEAUTH - ok
07:29:20.0684 1104 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
07:29:20.0699 1104 pla - ok
07:29:20.0824 1104 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
07:29:20.0840 1104 PlugPlay - ok
07:29:20.0949 1104 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:29:20.0949 1104 PNRPAutoReg - ok
07:29:21.0011 1104 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
07:29:21.0011 1104 PNRPsvc - ok
07:29:21.0121 1104 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
07:29:21.0121 1104 PolicyAgent - ok
07:29:21.0245 1104 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
07:29:21.0245 1104 PptpMiniport - ok
07:29:21.0370 1104 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
07:29:21.0386 1104 Processor - ok
07:29:21.0479 1104 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
07:29:21.0479 1104 ProfSvc - ok
07:29:21.0573 1104 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:29:21.0573 1104 ProtectedStorage - ok
07:29:21.0698 1104 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
07:29:21.0698 1104 PSched - ok
07:29:21.0838 1104 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
07:29:21.0838 1104 PxHelp20 - ok
07:29:21.0994 1104 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
07:29:21.0994 1104 ql2300 - ok
07:29:22.0135 1104 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
07:29:22.0135 1104 ql40xx - ok
07:29:22.0228 1104 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
07:29:22.0244 1104 QWAVE - ok
07:29:22.0369 1104 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
07:29:22.0369 1104 QWAVEdrv - ok
07:29:22.0478 1104 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
07:29:22.0478 1104 RasAcd - ok
07:29:22.0571 1104 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
07:29:22.0571 1104 RasAuto - ok
07:29:22.0696 1104 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:29:22.0696 1104 Rasl2tp - ok
07:29:22.0790 1104 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
07:29:22.0790 1104 RasMan - ok
07:29:22.0915 1104 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
07:29:22.0915 1104 RasPppoe - ok
07:29:23.0024 1104 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
07:29:23.0039 1104 RasSstp - ok
07:29:23.0149 1104 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
07:29:23.0149 1104 rdbss - ok
07:29:23.0273 1104 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:29:23.0273 1104 RDPCDD - ok
07:29:23.0414 1104 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
07:29:23.0414 1104 rdpdr - ok
07:29:23.0539 1104 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
07:29:23.0539 1104 RDPENCDD - ok
07:29:23.0663 1104 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
07:29:23.0663 1104 RDPWD - ok
07:29:23.0773 1104 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
07:29:23.0773 1104 RemoteAccess - ok
07:29:23.0866 1104 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
07:29:23.0882 1104 RemoteRegistry - ok
07:29:24.0007 1104 RoxMediaDB9 (2dac86f10c42b55f2511f14cbcee7284) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
07:29:24.0022 1104 RoxMediaDB9 - ok
07:29:24.0131 1104 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
07:29:24.0131 1104 RpcLocator - ok
07:29:24.0256 1104 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
07:29:24.0256 1104 RpcSs - ok
07:29:24.0381 1104 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
07:29:24.0381 1104 rspndr - ok
07:29:24.0521 1104 RTL8169 (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys
07:29:24.0521 1104 RTL8169 - ok
07:29:24.0615 1104 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
07:29:24.0631 1104 SamSs - ok
07:29:24.0755 1104 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
07:29:24.0755 1104 sbp2port - ok
07:29:24.0865 1104 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
07:29:24.0880 1104 SBSDWSCService - ok
07:29:24.0989 1104 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
07:29:25.0005 1104 SCardSvr - ok
07:29:25.0130 1104 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
07:29:25.0130 1104 Schedule - ok
07:29:25.0223 1104 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
07:29:25.0223 1104 SCPolicySvc - ok
07:29:25.0317 1104 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
07:29:25.0333 1104 SDRSVC - ok
07:29:25.0442 1104 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:29:25.0442 1104 secdrv - ok
07:29:25.0551 1104 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
07:29:25.0551 1104 seclogon - ok
07:29:25.0645 1104 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
07:29:25.0660 1104 SENS - ok
07:29:25.0879 1104 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
07:29:25.0879 1104 Serenum - ok
07:29:26.0003 1104 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
07:29:26.0003 1104 Serial - ok
07:29:26.0128 1104 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
07:29:26.0128 1104 sermouse - ok
07:29:26.0222 1104 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
07:29:26.0222 1104 ServiceLayer - ok
07:29:26.0347 1104 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
07:29:26.0362 1104 SessionEnv - ok
07:29:26.0487 1104 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
07:29:26.0487 1104 sffdisk - ok
07:29:26.0612 1104 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
07:29:26.0612 1104 sffp_mmc - ok
07:29:26.0737 1104 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
07:29:26.0737 1104 sffp_sd - ok
07:29:26.0861 1104 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
07:29:26.0861 1104 sfloppy - ok
07:29:27.0017 1104 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
07:29:27.0017 1104 SharedAccess - ok
07:29:27.0111 1104 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
07:29:27.0127 1104 ShellHWDetection - ok
07:29:27.0267 1104 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
07:29:27.0267 1104 sisagp - ok
07:29:27.0392 1104 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
07:29:27.0392 1104 SiSRaid2 - ok
07:29:27.0517 1104 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
07:29:27.0532 1104 SiSRaid4 - ok
07:29:27.0719 1104 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
07:29:27.0751 1104 slsvc - ok
07:29:27.0860 1104 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
07:29:27.0860 1104 SLUINotify - ok
07:29:27.0985 1104 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
07:29:27.0985 1104 Smb - ok
07:29:28.0109 1104 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
07:29:28.0109 1104 SNMPTRAP - ok
07:29:28.0234 1104 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
07:29:28.0250 1104 spldr - ok
07:29:28.0343 1104 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
07:29:28.0343 1104 Spooler - ok
07:29:28.0468 1104 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
07:29:28.0468 1104 srv - ok
07:29:28.0609 1104 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
07:29:28.0609 1104 srv2 - ok
07:29:28.0733 1104 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
07:29:28.0749 1104 srvnet - ok
07:29:28.0843 1104 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
07:29:28.0843 1104 SSDPSRV - ok
07:29:28.0936 1104 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
07:29:28.0936 1104 SstpSvc - ok
07:29:29.0092 1104 ss_bus (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\Windows\system32\DRIVERS\ss_bus.sys
07:29:29.0092 1104 ss_bus - ok
07:29:29.0248 1104 ss_mdfl (f0a85580e36a3a85059037d39a9cf079) C:\Windows\system32\DRIVERS\ss_mdfl.sys
07:29:29.0248 1104 ss_mdfl - ok
07:29:29.0373 1104 ss_mdm (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\Windows\system32\DRIVERS\ss_mdm.sys
07:29:29.0373 1104 ss_mdm - ok
07:29:29.0482 1104 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
07:29:29.0498 1104 stisvc - ok
07:29:29.0607 1104 stllssvr (e5ff667e416dac99bff16b626234a379) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
07:29:29.0607 1104 stllssvr - ok
07:29:29.0732 1104 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
07:29:29.0732 1104 swenum - ok
07:29:29.0841 1104 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
07:29:29.0841 1104 swprv - ok
07:29:29.0950 1104 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
07:29:29.0950 1104 Symc8xx - ok
07:29:30.0091 1104 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
07:29:30.0091 1104 Sym_hi - ok
07:29:30.0231 1104 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
07:29:30.0231 1104 Sym_u3 - ok
07:29:30.0340 1104 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
07:29:30.0340 1104 SysMain - ok
07:29:30.0434 1104 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
07:29:30.0449 1104 TabletInputService - ok
07:29:30.0543 1104 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
07:29:30.0543 1104 TapiSrv - ok
07:29:30.0637 1104 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
07:29:30.0637 1104 TBS - ok
07:29:30.0793 1104 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
07:29:30.0808 1104 Tcpip - ok
07:29:30.0949 1104 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
07:29:30.0964 1104 Tcpip6 - ok
07:29:31.0105 1104 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
07:29:31.0105 1104 tcpipreg - ok
07:29:31.0229 1104 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
07:29:31.0229 1104 TDPIPE - ok
07:29:31.0354 1104 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
07:29:31.0354 1104 TDTCP - ok
07:29:31.0479 1104 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
07:29:31.0479 1104 tdx - ok
07:29:31.0588 1104 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
07:29:31.0588 1104 TermDD - ok
07:29:31.0697 1104 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
07:29:31.0713 1104 TermService - ok
07:29:31.0807 1104 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
07:29:31.0822 1104 Themes - ok
07:29:31.0916 1104 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
07:29:31.0916 1104 THREADORDER - ok
07:29:32.0009 1104 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
07:29:32.0009 1104 TrkWks - ok
07:29:32.0087 1104 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
07:29:32.0087 1104 TrustedInstaller - ok
07:29:32.0228 1104 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:29:32.0228 1104 tssecsrv - ok
07:29:32.0353 1104 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
07:29:32.0353 1104 tunmp - ok
07:29:32.0477 1104 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
07:29:32.0477 1104 tunnel - ok
07:29:32.0602 1104 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
07:29:32.0602 1104 uagp35 - ok
07:29:32.0727 1104 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
07:29:32.0743 1104 udfs - ok
07:29:32.0852 1104 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
07:29:32.0852 1104 UI0Detect - ok
07:29:32.0961 1104 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
07:29:32.0961 1104 uliagpkx - ok
07:29:33.0117 1104 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
07:29:33.0117 1104 uliahci - ok
07:29:33.0242 1104 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
07:29:33.0242 1104 UlSata - ok
07:29:33.0367 1104 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
07:29:33.0367 1104 ulsata2 - ok
07:29:33.0491 1104 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
07:29:33.0491 1104 umbus - ok
07:29:33.0601 1104 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
07:29:33.0601 1104 upnphost - ok
07:29:33.0741 1104 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
07:29:33.0757 1104 USBAAPL - ok
07:29:33.0881 1104 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
07:29:33.0881 1104 usbccgp - ok
07:29:34.0006 1104 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
07:29:34.0006 1104 usbcir - ok
07:29:34.0147 1104 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
07:29:34.0147 1104 usbehci - ok
07:29:34.0271 1104 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
07:29:34.0287 1104 usbhub - ok
07:29:34.0412 1104 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
07:29:34.0412 1104 usbohci - ok
07:29:34.0537 1104 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
07:29:34.0537 1104 usbprint - ok
07:29:34.0661 1104 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:29:34.0661 1104 USBSTOR - ok
07:29:34.0786 1104 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
07:29:34.0786 1104 usbuhci - ok
07:29:34.0895 1104 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
07:29:34.0895 1104 UxSms - ok
07:29:34.0989 1104 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
07:29:35.0020 1104 vds - ok
07:29:35.0161 1104 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
07:29:35.0161 1104 vga - ok
07:29:35.0301 1104 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
07:29:35.0301 1104 VgaSave - ok
07:29:35.0426 1104 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
07:29:35.0426 1104 viaagp - ok
07:29:35.0551 1104 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
07:29:35.0551 1104 ViaC7 - ok
07:29:35.0675 1104 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
07:29:35.0675 1104 viaide - ok
07:29:35.0800 1104 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
07:29:35.0816 1104 volmgr - ok
07:29:36.0034 1104 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
07:29:36.0034 1104 volmgrx - ok
07:29:36.0143 1104 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
07:29:36.0143 1104 volsnap - ok
07:29:36.0268 1104 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
07:29:36.0268 1104 vsmraid - ok
07:29:36.0393 1104 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
07:29:36.0409 1104 VSS - ok
07:29:36.0502 1104 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
07:29:36.0502 1104 W32Time - ok
07:29:36.0627 1104 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
07:29:36.0627 1104 WacomPen - ok
07:29:36.0752 1104 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:29:36.0752 1104 Wanarp - ok
07:29:36.0783 1104 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:29:36.0783 1104 Wanarpv6 - ok
07:29:36.0892 1104 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
07:29:36.0892 1104 wcncsvc - ok
07:29:36.0986 1104 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
07:29:36.0986 1104 WcsPlugInService - ok
07:29:37.0126 1104 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
07:29:37.0126 1104 Wd - ok
07:29:37.0267 1104 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
07:29:37.0282 1104 Wdf01000 - ok
07:29:37.0376 1104 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
07:29:37.0376 1104 WdiServiceHost - ok
07:29:37.0391 1104 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
07:29:37.0407 1104 WdiSystemHost - ok
07:29:37.0501 1104 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
07:29:37.0501 1104 WebClient - ok
07:29:37.0610 1104 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
07:29:37.0610 1104 Wecsvc - ok
07:29:37.0703 1104 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
07:29:37.0703 1104 wercplsupport - ok
07:29:37.0797 1104 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
07:29:37.0797 1104 WerSvc - ok
07:29:37.0937 1104 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
07:29:37.0953 1104 winachsf - ok
07:29:38.0047 1104 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
07:29:38.0047 1104 WinDefend - ok
07:29:38.0062 1104 WinHttpAutoProxySvc - ok
07:29:38.0187 1104 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
07:29:38.0187 1104 Winmgmt - ok
07:29:38.0312 1104 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
07:29:38.0359 1104 WinRM - ok
07:29:38.0499 1104 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
07:29:38.0515 1104 Wlansvc - ok
07:29:38.0608 1104 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
07:29:38.0608 1104 WmiAcpi - ok
07:29:38.0733 1104 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
07:29:38.0733 1104 wmiApSrv - ok
07:29:38.0827 1104 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
07:29:38.0827 1104 WMPNetworkSvc - ok
07:29:38.0920 1104 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
07:29:38.0936 1104 WPCSvc - ok
07:29:39.0029 1104 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
07:29:39.0029 1104 WPDBusEnum - ok
07:29:39.0170 1104 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
07:29:39.0170 1104 WpdUsb - ok
07:29:39.0310 1104 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:29:39.0310 1104 WPFFontCache_v0400 - ok
07:29:39.0466 1104 WPN111 (44fa26470d4c8123ccf71f4200b782d3) C:\Windows\system32\DRIVERS\WPN111v.sys
07:29:39.0482 1104 WPN111 - ok
07:29:39.0591 1104 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
07:29:39.0591 1104 ws2ifsl - ok
07:29:39.0685 1104 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
07:29:39.0685 1104 wscsvc - ok
07:29:39.0763 1104 WSearch - ok
07:29:39.0919 1104 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
07:29:39.0934 1104 wuauserv - ok
07:29:40.0075 1104 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:29:40.0075 1104 WUDFRd - ok
07:29:40.0184 1104 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
07:29:40.0199 1104 wudfsvc - ok
07:29:40.0324 1104 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
07:29:40.0324 1104 XAudio - ok
07:29:40.0480 1104 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
07:29:40.0496 1104 XAudioService - ok
07:29:40.0527 1104 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
07:29:40.0527 1104 \Device\Harddisk1\DR1 - ok
07:29:40.0558 1104 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
07:29:40.0589 1104 \Device\Harddisk0\DR0 - ok
07:29:40.0605 1104 Boot (0x1200) (cb69adc00ab9e0b4efdceea5ba795586) \Device\Harddisk1\DR1\Partition0
07:29:40.0605 1104 \Device\Harddisk1\DR1\Partition0 - ok
07:29:40.0621 1104 Boot (0x1200) (a815350610f7cdfabd26c6d948df2082) \Device\Harddisk0\DR0\Partition0
07:29:40.0621 1104 \Device\Harddisk0\DR0\Partition0 - ok
07:29:40.0636 1104 Boot (0x1200) (0968152f78acc83d7a830fe48cb68313) \Device\Harddisk0\DR0\Partition1
07:29:40.0636 1104 \Device\Harddisk0\DR0\Partition1 - ok
07:29:40.0636 1104 ============================================================
07:29:40.0636 1104 Scan finished
07:29:40.0636 1104 ============================================================
07:29:40.0667 3052 Detected object count: 0
07:29:40.0667 3052 Actual detected object count: 0





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-15 07:33:36
-----------------------------
07:33:36.247 OS Version: Windows 6.0.6002 Service Pack 2
07:33:36.263 Number of processors: 1 586 0x1601
07:33:36.263 ComputerName: B-PC UserName: B
07:33:37.730 Initialize success
07:37:28.197 AVAST engine defs: 12041501
07:37:48.929 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
07:37:48.945 Disk 0 Vendor: ST3120213AS 3.AHL Size: 114473MB BusType: 3
07:37:48.945 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-6
07:37:48.945 Disk 1 Vendor: WDC_WD400BB-00FJA0 13.03G13 Size: 38166MB BusType: 3
07:37:48.961 Disk 0 MBR read successfully
07:37:48.961 Disk 0 MBR scan
07:37:48.976 Disk 0 unknown MBR code
07:37:48.976 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 105566 MB offset 63
07:37:49.007 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8904 MB offset 216201216
07:37:49.023 Disk 0 scanning sectors +234436608
07:37:49.085 Disk 0 scanning C:\Windows\system32\drivers
07:38:02.205 Service scanning
07:38:53.514 Modules scanning
07:39:10.191 Disk 0 trace - called modules:
07:39:10.238 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
07:39:10.238 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85650ac8]
07:39:10.253 3 CLASSPNP.SYS[8ab9e8b3] -> nt!IofCallDriver -> [0x84727918]
07:39:10.269 5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x847335c0]
07:39:10.893 AVAST engine scan C:\Windows
07:39:14.840 AVAST engine scan C:\Windows\system32
07:40:13.932 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
07:43:17.951 AVAST engine scan C:\Windows\system32\drivers
07:43:36.173 AVAST engine scan C:\Users\B
07:48:24.722 AVAST engine scan C:\ProgramData
07:50:09.803 Scan finished successfully
07:50:38.866 Disk 0 MBR has been saved successfully to "C:\Users\B\Desktop\MBR.dat"
07:50:38.882 The log file has been saved successfully to "C:\Users\B\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 15 April 2012 - 04:16 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 29 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 15 April 2012 - 06:18 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.15.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
B :: B-PC [administrator]

Protection: Enabled

4/15/2012 4:05:00 PM
mbam-log-2012-04-15 (16-05-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207258
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:14:24 PM, on 4/15/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6374 bytes

I didn't run into any problems and my computer is seems to be running normally.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 15 April 2012 - 08:43 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 16 April 2012 - 12:00 AM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5f73a7962c43ae44860156d1c7e8b1cf
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-25 07:08:43
# local_time=2012-01-25 11:08:43 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 2195056 2195056 0 0
# compatibility_mode=5892 16776574 100 100 2194915 164118868 0 0
# compatibility_mode=8192 67108863 100 0 7397972 7397972 0 0
# scanned=167490
# found=1
# cleaned=1
# scan_time=7184
C:\Users\B\AppData\Local\Temp\ICReinstall\cnet2_xclock_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5f73a7962c43ae44860156d1c7e8b1cf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-16 04:51:04
# local_time=2012-04-15 09:51:04 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 9227520 9227520 0 0
# compatibility_mode=5892 16776574 100 100 0 171151332 0 0
# compatibility_mode=8192 67108863 100 0 14430436 14430436 0 0
# scanned=154755
# found=1
# cleaned=0
# scan_time=8060
C:\Users\B\Desktop\DAEMONToolsPro500316-0317.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I


When I first opened up internet explorer i got a pop up asking me to give permission for "ssvagent.exe" i canceled it and went to the ESET site anyays but it came up again when a pop window popped up for the scan. I canceled it again and closed out and ran from administrator. It didn't come up after that. I'm not sure if its important but I wanted to include that just in case. The program info said it was by Oracle America, Inc and was in the Java folder in my program folder.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 16 April 2012 - 12:06 AM

Hello

ssvagent.exe - let it run and see if it stops coming up after

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\B\Desktop\DAEMONToolsPro500316-0317.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 16 April 2012 - 12:43 AM

I didn't run ssvagent.exe just yet. I'm not sure if it's a virus or not and would hate to run it if it turned out to be a one. Should I still go ahead and try when it prompts me to when I go internet explorer?

Also, after rebooting the computer when OTCleanIt was done I got a "The Internet" shortcut on my desktop we haven't had there as we never use it. Is that normal?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 16 April 2012 - 12:49 AM

yes that is normal and ssvagent.exe is part of JAVA
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 16 April 2012 - 11:32 PM

Alright, I gave it permission but when I closed out and opened the browser it prompted me again to give it permission but I'm guessing that's normal too?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 16 April 2012 - 11:36 PM

uninstall java and reinstall it and see if it still does it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 17 April 2012 - 01:53 AM

Sorry, I failed to mention that I had already done that before I tried opening internet explorer again and it still did it. I uninstalled it was the Revo Uninstaller so that it would remove all the Java files from my hard drive.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users