Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a rootkit. I was told to follow steps and ask for help here


  • This topic is locked This topic is locked
16 replies to this topic

#1 meepwn

meepwn

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 28 April 2012 - 07:55 PM

I have a rootkit/happili, and in the process of trying to remove it.
I came from http://www.bleepingcomputer.com/forums/topic451600.html ,and now posting my results.

I skipped step 8, running GMER log, because I am using a 64 bit system.

Attached Files


Edited by meepwn, 28 April 2012 - 07:56 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 28 April 2012 - 11:29 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 meepwn

meepwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 29 April 2012 - 07:52 PM

Okay done, copied and pasted my Security Check and ComboFix logs.

I didn't have any problems running SecurityCheck or Combofix. I haven't been redirected to any malicious sites like happili so far.

Security Check:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Internet Security
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Secunia PSI (2.0.0.4003)
Java™ 6 Update 31
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

ComboFix Log:

ComboFix 12-04-29.02 - Kelvin 04/29/2012 17:28:17.5.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2286 [GMT -7:00]
Running from: c:\users\Kelvin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 00:36 . 2012-04-30 00:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-28 10:32 . 2012-04-28 10:32 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-28 10:29 . 2012-04-28 10:29 -------- d-----w- c:\program files (x86)\mIRC
2012-04-27 19:33 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F358CDBA-3836-426A-9242-28C73C32452F}\mpengine.dll
2012-04-27 10:38 . 2012-04-29 23:33 -------- d-----w- c:\program files (x86)\Warcraft III
2012-04-27 03:37 . 2012-04-27 03:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-27 03:37 . 2012-04-27 03:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-23 08:02 . 2012-04-23 08:02 -------- d-----w- c:\windows\SysWow64\spool
2012-04-23 08:02 . 2012-04-23 08:02 -------- d-----w- c:\programdata\Sony
2012-04-23 08:02 . 2012-04-23 08:02 -------- d-----w- c:\program files (x86)\Sony
2012-04-22 07:40 . 2012-04-22 07:40 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-22 07:23 . 2012-04-22 07:40 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-22 06:24 . 2012-04-22 06:24 -------- d-----w- c:\program files (x86)\AutoHotkey
2012-04-21 23:49 . 2012-04-21 23:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-21 23:44 . 2012-04-21 23:44 -------- d-----w- c:\program files (x86)\Secunia
2012-04-21 22:07 . 2012-04-21 22:07 -------- d-----w- c:\program files (x86)\ESET
2012-04-21 20:47 . 2012-04-21 20:47 -------- d-----w- c:\program files (x86)\ShiftWindow
2012-04-21 17:30 . 2012-04-24 05:42 -------- d-----w- c:\users\Kel
2012-04-20 02:30 . 2012-04-20 02:30 -------- d-----w- c:\program files (x86)\ICCup
2012-04-20 01:48 . 2012-04-20 01:48 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2012-04-20 01:14 . 2012-04-20 18:31 -------- d-----w- c:\program files (x86)\Anvisoft
2012-04-10 22:40 . 2012-04-10 22:43 -------- d-----w- c:\program files (x86)\Razer
2012-04-10 22:40 . 2012-04-10 22:40 -------- d-----w- c:\programdata\Razer
2012-04-10 19:24 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 19:24 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-10 19:24 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-10 19:22 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 19:22 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 19:22 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 19:22 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 19:22 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 19:22 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 19:22 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-07 06:50 . 2012-04-07 06:50 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2012-04-07 06:50 . 2012-04-07 06:50 -------- d-----w- c:\program files\Common Files\logishrd
2012-04-02 02:10 . 2012-04-02 02:10 -------- d-----w- c:\programdata\SplitMediaLabs
2012-04-02 00:11 . 2012-04-02 00:11 -------- d-----w- c:\programdata\Freemake
2012-04-02 00:11 . 2012-04-02 00:11 -------- d-----w- c:\program files (x86)\Freemake
2012-04-01 23:36 . 2012-04-02 00:19 -------- d-----w- c:\program files (x86)\Bandicam
2012-04-01 23:36 . 2012-04-02 00:17 -------- d-----w- c:\program files (x86)\BandiMPEG1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-22 07:40 . 2011-06-25 00:05 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-21 23:49 . 2011-07-12 05:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 22:56 . 2012-03-25 09:27 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 07:20 . 2011-03-29 01:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-09 01:50 . 2012-03-09 01:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 05:46 . 2012-03-08 05:46 138752 ----a-w- c:\windows\SysWow64\rztouchdll.dll
2012-03-06 23:15 . 2012-03-25 08:54 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-03-25 08:54 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2012-03-25 08:54 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-03-25 08:54 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2012-03-25 08:54 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-25 08:54 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2012-03-25 08:54 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-03-25 08:54 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2012-03-25 08:54 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 08:32 . 2012-03-01 08:32 284672 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
2012-02-23 17:18 . 2011-08-24 05:40 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 08:20 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2012-02-21 08:19 . 2011-06-25 20:12 2851840 ----a-w- c:\windows\system32\themeui.dll
2012-02-21 08:19 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2012-02-18 02:20 . 2012-02-18 02:20 164864 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
2012-02-17 06:38 . 2012-03-15 17:54 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-15 17:54 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-15 17:54 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-15 17:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-15 17:54 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-13 02:57 . 2012-02-13 02:57 76800 ----a-w- c:\windows\system32\drivers\rzudd.sys
2012-02-10 06:36 . 2012-03-15 17:55 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 17:55 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-15 17:55 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 21:57 . 2012-02-02 21:57 83448 ----a-w- c:\windows\SysWow64\CddbLangJA.dll
2012-02-02 21:57 . 2012-02-02 21:57 808440 ----a-w- c:\windows\SysWow64\CDDBUI.dll
2012-02-02 21:57 . 2012-02-02 21:57 796152 ----a-w- c:\windows\SysWow64\CDDBControl.dll
2012-02-02 21:57 . 2012-02-02 21:57 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2012-02-02 21:57 . 2012-02-02 21:57 169464 ----a-w- c:\windows\SysWow64\CddbLangRU.dll
2012-02-02 21:57 . 2012-02-02 21:57 103928 ----a-w- c:\windows\SysWow64\CddbLangFR.dll
2012-02-02 21:57 . 2012-02-02 21:57 103928 ----a-w- c:\windows\SysWow64\CddbLangES.dll
2012-02-02 21:57 . 2012-02-02 21:57 103928 ----a-w- c:\windows\SysWow64\CddbLangDE.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-23_17.29.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-23 17:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-30 00:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-30 00:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-23 17:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-23 17:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-30 00:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-24 22:53 . 2012-04-29 22:36 62728 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-29 22:36 34572 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-24 22:41 . 2012-04-29 22:36 23124 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3341797973-912224214-452476523-1001_UserData.bin
+ 2011-06-24 22:41 . 2012-04-29 22:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-24 22:41 . 2012-04-23 17:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-04-29 00:45 89968 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-06-24 22:41 . 2012-04-29 22:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-24 22:41 . 2012-04-23 17:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-24 22:41 . 2012-04-23 17:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-24 22:41 . 2012-04-29 22:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-24 22:41 . 2012-04-30 00:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-24 22:41 . 2012-04-23 17:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-24 22:41 . 2012-04-30 00:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-24 22:41 . 2012-04-23 17:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-30 00:38 . 2012-04-30 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-23 17:28 . 2012-04-23 17:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-23 17:28 . 2012-04-23 17:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-30 00:38 . 2012-04-30 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-04-30 00:37 259168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-23 17:27 259168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-29 04:46 . 2012-04-30 00:37 4329980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3341797973-912224214-452476523-1001-12288.dat
+ 2011-06-25 00:12 . 2012-04-30 00:37 12838712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3341797973-912224214-452476523-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-07-06 2443376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-03-01 318344]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 253088]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2011-07-05 2428968]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-24 641832]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-04 240232]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 07:40]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3341797973-912224214-452476523-1001Core.job
- c:\users\Kelvin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 23:51]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3341797973-912224214-452476523-1001UA.job
- c:\users\Kelvin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 23:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\kl7q447b.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Completion time: 2012-04-29 17:43:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-30 00:43
ComboFix2.txt 2012-04-23 17:33
ComboFix3.txt 2012-04-21 22:04
.
Pre-Run: 364,435,595,264 bytes free
Post-Run: 364,646,191,104 bytes free
.
- - End Of File - - 60B3A831B4427DEF5037D76AD238D404

Edited by meepwn, 29 April 2012 - 07:54 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 30 April 2012 - 04:11 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 meepwn

meepwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 02 May 2012 - 01:53 AM

Okay got it

TDS Report

00:29:57.0879 1640 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
00:29:58.0456 1640 ============================================================
00:29:58.0456 1640 Current date / time: 2012/05/01 00:29:58.0456
00:29:58.0456 1640 SystemInfo:
00:29:58.0456 1640
00:29:58.0456 1640 OS Version: 6.1.7601 ServicePack: 1.0
00:29:58.0456 1640 Product type: Workstation
00:29:58.0456 1640 ComputerName: KELVIN-PC
00:29:58.0456 1640 UserName: Kelvin
00:29:58.0456 1640 Windows directory: C:\Windows
00:29:58.0456 1640 System windows directory: C:\Windows
00:29:58.0456 1640 Running under WOW64
00:29:58.0456 1640 Processor architecture: Intel x64
00:29:58.0456 1640 Number of processors: 4
00:29:58.0456 1640 Page size: 0x1000
00:29:58.0456 1640 Boot type: Normal boot
00:29:58.0456 1640 ============================================================
00:29:59.0361 1640 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:29:59.0376 1640 ============================================================
00:29:59.0376 1640 \Device\Harddisk0\DR0:
00:29:59.0392 1640 MBR partitions:
00:29:59.0392 1640 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:29:59.0392 1640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
00:29:59.0392 1640 ============================================================
00:29:59.0564 1640 C: <-> \Device\Harddisk0\DR0\Partition1
00:29:59.0673 1640 E: <-> \Device\Harddisk0\DR0\Partition0
00:29:59.0673 1640 ============================================================
00:29:59.0673 1640 Initialize success
00:29:59.0673 1640 ============================================================
00:30:00.0734 0836 ============================================================
00:30:00.0734 0836 Scan started
00:30:00.0734 0836 Mode: Manual;
00:30:00.0734 0836 ============================================================
00:30:03.0136 0836 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
00:30:03.0136 0836 !SASCORE - ok
00:30:03.0308 0836 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:30:03.0308 0836 1394ohci - ok
00:30:03.0354 0836 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:30:03.0354 0836 ACPI - ok
00:30:03.0370 0836 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:30:03.0370 0836 AcpiPmi - ok
00:30:03.0526 0836 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:30:03.0542 0836 AdobeFlashPlayerUpdateSvc - ok
00:30:03.0666 0836 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:30:03.0666 0836 adp94xx - ok
00:30:03.0698 0836 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:30:03.0713 0836 adpahci - ok
00:30:03.0760 0836 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:30:03.0760 0836 adpu320 - ok
00:30:03.0807 0836 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:30:03.0807 0836 AeLookupSvc - ok
00:30:03.0869 0836 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:30:03.0885 0836 AFD - ok
00:30:03.0900 0836 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:30:03.0900 0836 agp440 - ok
00:30:03.0916 0836 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:30:03.0916 0836 ALG - ok
00:30:03.0932 0836 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:30:03.0932 0836 aliide - ok
00:30:03.0963 0836 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
00:30:03.0963 0836 AMD External Events Utility - ok
00:30:03.0978 0836 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:30:03.0978 0836 amdide - ok
00:30:03.0994 0836 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:30:03.0994 0836 AmdK8 - ok
00:30:04.0431 0836 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
00:30:04.0478 0836 amdkmdag - ok
00:30:04.0587 0836 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
00:30:04.0587 0836 amdkmdap - ok
00:30:04.0602 0836 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:30:04.0602 0836 AmdPPM - ok
00:30:04.0634 0836 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:30:04.0634 0836 amdsata - ok
00:30:04.0665 0836 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:30:04.0665 0836 amdsbs - ok
00:30:04.0680 0836 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:30:04.0680 0836 amdxata - ok
00:30:04.0712 0836 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:30:04.0712 0836 AppID - ok
00:30:04.0727 0836 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:30:04.0727 0836 AppIDSvc - ok
00:30:04.0743 0836 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:30:04.0743 0836 Appinfo - ok
00:30:04.0774 0836 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
00:30:04.0774 0836 AppMgmt - ok
00:30:04.0790 0836 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:30:04.0805 0836 arc - ok
00:30:04.0805 0836 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:30:04.0805 0836 arcsas - ok
00:30:04.0899 0836 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:30:04.0899 0836 aspnet_state - ok
00:30:04.0914 0836 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
00:30:04.0914 0836 aswFsBlk - ok
00:30:04.0946 0836 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
00:30:04.0946 0836 aswMonFlt - ok
00:30:04.0977 0836 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
00:30:04.0977 0836 aswRdr - ok
00:30:05.0024 0836 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
00:30:05.0039 0836 aswSnx - ok
00:30:05.0070 0836 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
00:30:05.0070 0836 aswSP - ok
00:30:05.0086 0836 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
00:30:05.0086 0836 aswTdi - ok
00:30:05.0102 0836 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:30:05.0102 0836 AsyncMac - ok
00:30:05.0117 0836 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:30:05.0117 0836 atapi - ok
00:30:05.0133 0836 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
00:30:05.0133 0836 AtiPcie - ok
00:30:05.0180 0836 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:30:05.0195 0836 AudioEndpointBuilder - ok
00:30:05.0195 0836 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:30:05.0211 0836 AudioSrv - ok
00:30:05.0258 0836 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
00:30:05.0258 0836 avast! Antivirus - ok
00:30:05.0289 0836 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:30:05.0304 0836 AxInstSV - ok
00:30:05.0351 0836 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:30:05.0351 0836 b06bdrv - ok
00:30:05.0367 0836 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:30:05.0382 0836 b57nd60a - ok
00:30:05.0398 0836 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:30:05.0398 0836 BDESVC - ok
00:30:05.0414 0836 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:30:05.0414 0836 Beep - ok
00:30:05.0492 0836 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:30:05.0507 0836 BFE - ok
00:30:05.0585 0836 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
00:30:05.0585 0836 BITS - ok
00:30:05.0632 0836 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:30:05.0632 0836 blbdrive - ok
00:30:05.0663 0836 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:30:05.0663 0836 bowser - ok
00:30:05.0679 0836 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:30:05.0679 0836 BrFiltLo - ok
00:30:05.0694 0836 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:30:05.0710 0836 BrFiltUp - ok
00:30:05.0741 0836 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:30:05.0741 0836 BridgeMP - ok
00:30:05.0772 0836 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:30:05.0772 0836 Browser - ok
00:30:05.0788 0836 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:30:05.0788 0836 Brserid - ok
00:30:05.0804 0836 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:30:05.0804 0836 BrSerWdm - ok
00:30:05.0819 0836 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:30:05.0819 0836 BrUsbMdm - ok
00:30:05.0819 0836 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:30:05.0819 0836 BrUsbSer - ok
00:30:05.0835 0836 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:30:05.0835 0836 BTHMODEM - ok
00:30:05.0866 0836 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:30:05.0866 0836 bthserv - ok
00:30:05.0882 0836 catchme - ok
00:30:05.0897 0836 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:30:05.0897 0836 cdfs - ok
00:30:05.0928 0836 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:30:05.0928 0836 cdrom - ok
00:30:05.0944 0836 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:30:05.0944 0836 CertPropSvc - ok
00:30:06.0194 0836 CGVPNCliSrvc (56a3eb5472d27b2224358a5cecefe410) C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
00:30:06.0225 0836 CGVPNCliSrvc - ok
00:30:06.0303 0836 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:30:06.0303 0836 circlass - ok
00:30:06.0334 0836 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:30:06.0350 0836 CLFS - ok
00:30:06.0412 0836 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:30:06.0412 0836 clr_optimization_v2.0.50727_32 - ok
00:30:06.0443 0836 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:30:06.0459 0836 clr_optimization_v2.0.50727_64 - ok
00:30:06.0552 0836 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:30:06.0552 0836 clr_optimization_v4.0.30319_32 - ok
00:30:06.0786 0836 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:30:06.0802 0836 clr_optimization_v4.0.30319_64 - ok
00:30:06.0849 0836 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:30:06.0849 0836 CmBatt - ok
00:30:06.0880 0836 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:30:06.0880 0836 cmdide - ok
00:30:07.0254 0836 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:30:07.0254 0836 CNG - ok
00:30:07.0286 0836 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:30:07.0286 0836 Compbatt - ok
00:30:07.0332 0836 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:30:07.0332 0836 CompositeBus - ok
00:30:07.0332 0836 COMSysApp - ok
00:30:07.0395 0836 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
00:30:07.0395 0836 cpuz135 - ok
00:30:07.0426 0836 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:30:07.0426 0836 crcdisk - ok
00:30:07.0488 0836 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:30:07.0488 0836 CryptSvc - ok
00:30:07.0878 0836 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
00:30:07.0894 0836 CSC - ok
00:30:08.0066 0836 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
00:30:08.0081 0836 CscService - ok
00:30:08.0315 0836 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:30:08.0331 0836 DcomLaunch - ok
00:30:08.0612 0836 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:30:08.0612 0836 defragsvc - ok
00:30:08.0814 0836 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:30:08.0830 0836 DfsC - ok
00:30:09.0111 0836 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:30:09.0111 0836 Dhcp - ok
00:30:09.0173 0836 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:30:09.0173 0836 discache - ok
00:30:09.0220 0836 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:30:09.0220 0836 Disk - ok
00:30:09.0360 0836 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:30:09.0376 0836 Dnscache - ok
00:30:09.0438 0836 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:30:09.0454 0836 dot3svc - ok
00:30:09.0532 0836 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:30:09.0548 0836 DPS - ok
00:30:09.0594 0836 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:30:09.0594 0836 drmkaud - ok
00:30:10.0390 0836 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:30:10.0406 0836 DXGKrnl - ok
00:30:10.0530 0836 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:30:10.0530 0836 EapHost - ok
00:30:11.0404 0836 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:30:11.0420 0836 ebdrv - ok
00:30:11.0529 0836 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:30:11.0529 0836 EFS - ok
00:30:11.0607 0836 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:30:11.0607 0836 ehRecvr - ok
00:30:11.0638 0836 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:30:11.0638 0836 ehSched - ok
00:30:11.0700 0836 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:30:11.0716 0836 elxstor - ok
00:30:11.0732 0836 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:30:11.0732 0836 ErrDev - ok
00:30:11.0794 0836 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:30:11.0794 0836 EventSystem - ok
00:30:11.0825 0836 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:30:11.0825 0836 exfat - ok
00:30:11.0841 0836 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:30:11.0841 0836 fastfat - ok
00:30:11.0903 0836 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:30:11.0903 0836 Fax - ok
00:30:11.0919 0836 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:30:11.0919 0836 fdc - ok
00:30:11.0934 0836 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:30:11.0934 0836 fdPHost - ok
00:30:11.0934 0836 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:30:11.0950 0836 FDResPub - ok
00:30:11.0966 0836 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:30:11.0966 0836 FileInfo - ok
00:30:11.0966 0836 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:30:11.0966 0836 Filetrace - ok
00:30:11.0981 0836 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:30:11.0981 0836 flpydisk - ok
00:30:12.0028 0836 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:30:12.0028 0836 FltMgr - ok
00:30:12.0106 0836 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:30:12.0122 0836 FontCache - ok
00:30:12.0153 0836 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:30:12.0153 0836 FontCache3.0.0.0 - ok
00:30:12.0200 0836 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:30:12.0200 0836 FsDepends - ok
00:30:12.0231 0836 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:30:12.0231 0836 Fs_Rec - ok
00:30:12.0262 0836 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:30:12.0262 0836 fvevol - ok
00:30:12.0278 0836 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:30:12.0278 0836 gagp30kx - ok
00:30:12.0324 0836 GGSAFERDriver - ok
00:30:12.0418 0836 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:30:12.0434 0836 gpsvc - ok
00:30:12.0449 0836 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:30:12.0449 0836 hcw85cir - ok
00:30:12.0480 0836 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:30:12.0480 0836 HdAudAddService - ok
00:30:12.0512 0836 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:30:12.0512 0836 HDAudBus - ok
00:30:12.0512 0836 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:30:12.0512 0836 HidBatt - ok
00:30:12.0527 0836 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:30:12.0543 0836 HidBth - ok
00:30:12.0543 0836 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:30:12.0543 0836 HidIr - ok
00:30:12.0574 0836 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:30:12.0574 0836 hidserv - ok
00:30:12.0590 0836 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:30:12.0590 0836 HidUsb - ok
00:30:12.0605 0836 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:30:12.0621 0836 hkmsvc - ok
00:30:12.0636 0836 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:30:12.0636 0836 HomeGroupListener - ok
00:30:12.0668 0836 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:30:12.0668 0836 HomeGroupProvider - ok
00:30:12.0683 0836 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:30:12.0683 0836 HpSAMD - ok
00:30:12.0730 0836 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:30:12.0730 0836 HTTP - ok
00:30:12.0761 0836 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:30:12.0761 0836 hwpolicy - ok
00:30:12.0777 0836 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:30:12.0777 0836 i8042prt - ok
00:30:12.0824 0836 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:30:12.0824 0836 iaStorV - ok
00:30:12.0902 0836 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:30:12.0902 0836 IDriverT - ok
00:30:13.0011 0836 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:30:13.0011 0836 idsvc - ok
00:30:13.0089 0836 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:30:13.0104 0836 iirsp - ok
00:30:13.0167 0836 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:30:13.0167 0836 IKEEXT - ok
00:30:13.0198 0836 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:30:13.0198 0836 intelide - ok
00:30:13.0214 0836 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:30:13.0214 0836 intelppm - ok
00:30:13.0245 0836 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:30:13.0245 0836 IPBusEnum - ok
00:30:13.0276 0836 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:30:13.0276 0836 IpFilterDriver - ok
00:30:13.0526 0836 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:30:13.0541 0836 iphlpsvc - ok
00:30:13.0572 0836 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:30:13.0572 0836 IPMIDRV - ok
00:30:13.0604 0836 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:30:13.0604 0836 IPNAT - ok
00:30:13.0604 0836 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:30:13.0619 0836 IRENUM - ok
00:30:13.0635 0836 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:30:13.0635 0836 isapnp - ok
00:30:13.0666 0836 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:30:13.0666 0836 iScsiPrt - ok
00:30:13.0682 0836 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:30:13.0682 0836 kbdclass - ok
00:30:13.0713 0836 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:30:13.0713 0836 kbdhid - ok
00:30:13.0744 0836 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:30:13.0744 0836 KeyIso - ok
00:30:13.0760 0836 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:30:13.0760 0836 KSecDD - ok
00:30:13.0775 0836 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:30:13.0775 0836 KSecPkg - ok
00:30:13.0791 0836 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:30:13.0791 0836 ksthunk - ok
00:30:13.0838 0836 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:30:13.0838 0836 KtmRm - ok
00:30:13.0869 0836 L1C (ff60e112fc03f6d0eb74b3bfd7d6b7c9) C:\Windows\system32\DRIVERS\L1C62x64.sys
00:30:13.0869 0836 L1C - ok
00:30:13.0900 0836 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
00:30:13.0916 0836 LanmanServer - ok
00:30:13.0931 0836 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:30:13.0947 0836 LanmanWorkstation - ok
00:30:13.0962 0836 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:30:13.0962 0836 lltdio - ok
00:30:13.0994 0836 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:30:14.0009 0836 lltdsvc - ok
00:30:14.0009 0836 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:30:14.0009 0836 lmhosts - ok
00:30:14.0040 0836 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:30:14.0040 0836 LSI_FC - ok
00:30:14.0056 0836 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:30:14.0056 0836 LSI_SAS - ok
00:30:14.0072 0836 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:30:14.0072 0836 LSI_SAS2 - ok
00:30:14.0087 0836 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:30:14.0103 0836 LSI_SCSI - ok
00:30:14.0118 0836 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:30:14.0118 0836 luafv - ok
00:30:14.0181 0836 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
00:30:14.0181 0836 LVRS64 - ok
00:30:14.0555 0836 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
00:30:14.0571 0836 LVUVC64 - ok
00:30:14.0711 0836 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
00:30:14.0711 0836 MBAMProtector - ok
00:30:14.0836 0836 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:30:14.0836 0836 MBAMService - ok
00:30:14.0867 0836 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:30:14.0867 0836 Mcx2Svc - ok
00:30:14.0898 0836 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:30:14.0898 0836 megasas - ok
00:30:14.0930 0836 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:30:14.0930 0836 MegaSR - ok
00:30:14.0961 0836 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:30:14.0961 0836 MMCSS - ok
00:30:14.0976 0836 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:30:14.0976 0836 Modem - ok
00:30:14.0992 0836 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:30:14.0992 0836 monitor - ok
00:30:15.0023 0836 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:30:15.0023 0836 mouclass - ok
00:30:15.0039 0836 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:30:15.0039 0836 mouhid - ok
00:30:15.0054 0836 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:30:15.0054 0836 mountmgr - ok
00:30:15.0117 0836 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:30:15.0117 0836 MozillaMaintenance - ok
00:30:15.0164 0836 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:30:15.0164 0836 mpio - ok
00:30:15.0179 0836 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:30:15.0179 0836 mpsdrv - ok
00:30:15.0242 0836 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:30:15.0257 0836 MpsSvc - ok
00:30:15.0288 0836 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:30:15.0288 0836 MRxDAV - ok
00:30:15.0320 0836 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:30:15.0320 0836 mrxsmb - ok
00:30:15.0366 0836 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:30:15.0366 0836 mrxsmb10 - ok
00:30:15.0382 0836 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:30:15.0382 0836 mrxsmb20 - ok
00:30:15.0413 0836 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:30:15.0413 0836 msahci - ok
00:30:15.0444 0836 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:30:15.0444 0836 msdsm - ok
00:30:15.0491 0836 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:30:15.0491 0836 MSDTC - ok
00:30:15.0522 0836 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:30:15.0522 0836 Msfs - ok
00:30:15.0522 0836 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:30:15.0522 0836 mshidkmdf - ok
00:30:15.0538 0836 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:30:15.0554 0836 msisadrv - ok
00:30:15.0569 0836 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:30:15.0569 0836 MSiSCSI - ok
00:30:15.0585 0836 msiserver - ok
00:30:15.0600 0836 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:30:15.0600 0836 MSKSSRV - ok
00:30:15.0600 0836 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:30:15.0600 0836 MSPCLOCK - ok
00:30:15.0616 0836 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:30:15.0616 0836 MSPQM - ok
00:30:15.0647 0836 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:30:15.0647 0836 MsRPC - ok
00:30:15.0663 0836 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:30:15.0663 0836 mssmbios - ok
00:30:15.0678 0836 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:30:15.0678 0836 MSTEE - ok
00:30:15.0694 0836 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:30:15.0694 0836 MTConfig - ok
00:30:15.0710 0836 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:30:15.0710 0836 Mup - ok
00:30:15.0741 0836 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:30:15.0741 0836 napagent - ok
00:30:15.0772 0836 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:30:15.0772 0836 NativeWifiP - ok
00:30:15.0928 0836 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files (x86)\Nero\Update\NASvc.exe
00:30:15.0944 0836 NAUpdate - ok
00:30:16.0006 0836 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:30:16.0022 0836 NDIS - ok
00:30:16.0037 0836 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:30:16.0037 0836 NdisCap - ok
00:30:16.0053 0836 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:30:16.0053 0836 NdisTapi - ok
00:30:16.0068 0836 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:30:16.0084 0836 Ndisuio - ok
00:30:16.0115 0836 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:30:16.0115 0836 NdisWan - ok
00:30:16.0146 0836 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:30:16.0146 0836 NDProxy - ok
00:30:16.0271 0836 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
00:30:16.0271 0836 Nero BackItUp Scheduler 4.0 - ok
00:30:16.0287 0836 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:30:16.0302 0836 NetBIOS - ok
00:30:16.0334 0836 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:30:16.0334 0836 NetBT - ok
00:30:16.0349 0836 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:30:16.0365 0836 Netlogon - ok
00:30:16.0396 0836 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:30:16.0396 0836 Netman - ok
00:30:16.0490 0836 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:30:16.0490 0836 NetMsmqActivator - ok
00:30:16.0505 0836 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:30:16.0505 0836 NetPipeActivator - ok
00:30:16.0536 0836 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:30:16.0552 0836 netprofm - ok
00:30:16.0646 0836 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys
00:30:16.0646 0836 netr28x - ok
00:30:16.0692 0836 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:30:16.0692 0836 NetTcpActivator - ok
00:30:16.0692 0836 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:30:16.0692 0836 NetTcpPortSharing - ok
00:30:16.0724 0836 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:30:16.0724 0836 nfrd960 - ok
00:30:16.0755 0836 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:30:16.0755 0836 NlaSvc - ok
00:30:16.0770 0836 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:30:16.0770 0836 Npfs - ok
00:30:16.0786 0836 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:30:16.0802 0836 nsi - ok
00:30:16.0802 0836 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:30:16.0802 0836 nsiproxy - ok
00:30:16.0942 0836 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:30:16.0958 0836 Ntfs - ok
00:30:17.0036 0836 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:30:17.0036 0836 Null - ok
00:30:17.0051 0836 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
00:30:17.0051 0836 NVHDA - ok
00:30:17.0706 0836 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:30:17.0769 0836 nvlddmkm - ok
00:30:17.0878 0836 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:30:17.0878 0836 nvraid - ok
00:30:17.0894 0836 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:30:17.0894 0836 nvstor - ok
00:30:17.0925 0836 nvsvc (c20f9e2deec656c67f7986dd3a50ec62) C:\Windows\system32\nvvsvc.exe
00:30:17.0925 0836 nvsvc - ok
00:30:17.0940 0836 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:30:17.0940 0836 nv_agp - ok
00:30:17.0972 0836 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:30:17.0972 0836 ohci1394 - ok
00:30:18.0034 0836 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:30:18.0034 0836 ose - ok
00:30:18.0081 0836 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:30:18.0096 0836 p2pimsvc - ok
00:30:18.0143 0836 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:30:18.0143 0836 p2psvc - ok
00:30:18.0174 0836 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:30:18.0174 0836 Parport - ok
00:30:18.0190 0836 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:30:18.0190 0836 partmgr - ok
00:30:18.0221 0836 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:30:18.0221 0836 PcaSvc - ok
00:30:18.0237 0836 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:30:18.0237 0836 pci - ok
00:30:18.0252 0836 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:30:18.0268 0836 pciide - ok
00:30:18.0284 0836 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:30:18.0284 0836 pcmcia - ok
00:30:18.0299 0836 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:30:18.0299 0836 pcw - ok
00:30:18.0346 0836 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:30:18.0346 0836 PEAUTH - ok
00:30:18.0440 0836 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
00:30:18.0455 0836 PeerDistSvc - ok
00:30:18.0767 0836 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:30:18.0767 0836 PerfHost - ok
00:30:18.0954 0836 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:30:18.0954 0836 pla - ok
00:30:19.0017 0836 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:30:19.0032 0836 PlugPlay - ok
00:30:19.0048 0836 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:30:19.0064 0836 PNRPAutoReg - ok
00:30:19.0095 0836 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:30:19.0095 0836 PNRPsvc - ok
00:30:19.0142 0836 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:30:19.0142 0836 PolicyAgent - ok
00:30:19.0173 0836 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:30:19.0173 0836 Power - ok
00:30:19.0220 0836 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:30:19.0220 0836 PptpMiniport - ok
00:30:19.0235 0836 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:30:19.0235 0836 Processor - ok
00:30:19.0282 0836 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:30:19.0298 0836 ProfSvc - ok
00:30:19.0329 0836 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:30:19.0329 0836 ProtectedStorage - ok
00:30:19.0344 0836 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:30:19.0344 0836 Psched - ok
00:30:19.0391 0836 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
00:30:19.0407 0836 PSI - ok
00:30:19.0563 0836 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:30:19.0578 0836 ql2300 - ok
00:30:19.0688 0836 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:30:19.0703 0836 ql40xx - ok
00:30:19.0734 0836 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:30:19.0750 0836 QWAVE - ok
00:30:19.0766 0836 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:30:19.0781 0836 QWAVEdrv - ok
00:30:19.0797 0836 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:30:19.0797 0836 RasAcd - ok
00:30:19.0812 0836 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:30:19.0812 0836 RasAgileVpn - ok
00:30:19.0828 0836 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:30:19.0844 0836 RasAuto - ok
00:30:19.0875 0836 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:30:19.0875 0836 Rasl2tp - ok
00:30:19.0906 0836 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:30:19.0906 0836 RasMan - ok
00:30:19.0922 0836 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:30:19.0922 0836 RasPppoe - ok
00:30:19.0937 0836 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:30:19.0937 0836 RasSstp - ok
00:30:19.0968 0836 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:30:19.0968 0836 rdbss - ok
00:30:19.0984 0836 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:30:19.0984 0836 rdpbus - ok
00:30:20.0000 0836 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:30:20.0000 0836 RDPCDD - ok
00:30:20.0031 0836 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
00:30:20.0031 0836 RDPDR - ok
00:30:20.0031 0836 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:30:20.0046 0836 RDPENCDD - ok
00:30:20.0062 0836 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:30:20.0062 0836 RDPREFMP - ok
00:30:20.0078 0836 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
00:30:20.0078 0836 RdpVideoMiniport - ok
00:30:20.0109 0836 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
00:30:20.0109 0836 RDPWD - ok
00:30:20.0140 0836 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:30:20.0156 0836 rdyboost - ok
00:30:20.0187 0836 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:30:20.0187 0836 RemoteAccess - ok
00:30:20.0218 0836 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:30:20.0218 0836 RemoteRegistry - ok
00:30:20.0234 0836 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:30:20.0234 0836 RpcEptMapper - ok
00:30:20.0265 0836 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:30:20.0265 0836 RpcLocator - ok
00:30:20.0312 0836 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:30:20.0312 0836 RpcSs - ok
00:30:20.0327 0836 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:30:20.0327 0836 rspndr - ok
00:30:20.0358 0836 RTHDMIAzAudService (116d03e901246ac7af006121e1e22842) C:\Windows\system32\drivers\RtHDMIVX.sys
00:30:20.0358 0836 RTHDMIAzAudService - ok
00:30:20.0421 0836 RTL8187 (333224d4d25f9bcca488e08345083e1c) C:\Windows\system32\DRIVERS\rtl8187.sys
00:30:20.0421 0836 RTL8187 - ok
00:30:20.0452 0836 rzudd (668256c178f0b90acd5ddcbf3216764f) C:\Windows\system32\DRIVERS\rzudd.sys
00:30:20.0452 0836 rzudd - ok
00:30:20.0483 0836 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
00:30:20.0483 0836 s3cap - ok
00:30:20.0514 0836 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:30:20.0514 0836 SamSs - ok
00:30:20.0592 0836 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:30:20.0592 0836 SASDIFSV - ok
00:30:20.0608 0836 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:30:20.0608 0836 SASKUTIL - ok
00:30:20.0639 0836 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:30:20.0639 0836 sbp2port - ok
00:30:20.0670 0836 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:30:20.0670 0836 SCardSvr - ok
00:30:20.0702 0836 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:30:20.0702 0836 scfilter - ok
00:30:20.0780 0836 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:30:20.0780 0836 Schedule - ok
00:30:20.0811 0836 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:30:20.0811 0836 SCPolicySvc - ok
00:30:20.0842 0836 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:30:20.0842 0836 SDRSVC - ok
00:30:20.0873 0836 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:30:20.0873 0836 secdrv - ok
00:30:20.0904 0836 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:30:20.0920 0836 seclogon - ok
00:30:21.0123 0836 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
00:30:21.0138 0836 Secunia PSI Agent - ok
00:30:21.0170 0836 Secunia Update Agent - ok
00:30:21.0185 0836 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:30:21.0185 0836 SENS - ok
00:30:21.0201 0836 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:30:21.0201 0836 SensrSvc - ok
00:30:21.0232 0836 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:30:21.0232 0836 Serenum - ok
00:30:21.0263 0836 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:30:21.0263 0836 Serial - ok
00:30:21.0279 0836 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:30:21.0279 0836 sermouse - ok
00:30:21.0326 0836 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:30:21.0326 0836 SessionEnv - ok
00:30:21.0357 0836 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:30:21.0357 0836 sffdisk - ok
00:30:21.0372 0836 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:30:21.0372 0836 sffp_mmc - ok
00:30:21.0404 0836 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:30:21.0404 0836 sffp_sd - ok
00:30:21.0404 0836 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:30:21.0419 0836 sfloppy - ok
00:30:21.0466 0836 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:30:21.0466 0836 SharedAccess - ok
00:30:21.0513 0836 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:30:21.0528 0836 ShellHWDetection - ok
00:30:21.0544 0836 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:30:21.0544 0836 SiSRaid2 - ok
00:30:21.0560 0836 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:30:21.0560 0836 SiSRaid4 - ok
00:30:21.0653 0836 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
00:30:21.0653 0836 SkypeUpdate - ok
00:30:21.0700 0836 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:30:21.0700 0836 Smb - ok
00:30:21.0731 0836 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:30:21.0731 0836 SNMPTRAP - ok
00:30:21.0747 0836 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:30:21.0747 0836 spldr - ok
00:30:21.0778 0836 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:30:21.0794 0836 Spooler - ok
00:30:21.0996 0836 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:30:22.0028 0836 sppsvc - ok
00:30:22.0137 0836 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:30:22.0152 0836 sppuinotify - ok
00:30:22.0215 0836 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:30:22.0215 0836 srv - ok
00:30:22.0246 0836 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:30:22.0246 0836 srv2 - ok
00:30:22.0262 0836 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:30:22.0262 0836 srvnet - ok
00:30:22.0277 0836 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:30:22.0277 0836 SSDPSRV - ok
00:30:22.0308 0836 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:30:22.0308 0836 SstpSvc - ok
00:30:22.0340 0836 Steam Client Service - ok
00:30:22.0402 0836 Stereo Service (b126a9953508b9f52b289e45591615c8) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:30:22.0402 0836 Stereo Service - ok
00:30:22.0418 0836 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:30:22.0418 0836 stexstor - ok
00:30:22.0480 0836 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:30:22.0496 0836 stisvc - ok
00:30:22.0511 0836 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
00:30:22.0511 0836 storflt - ok
00:30:22.0527 0836 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
00:30:22.0527 0836 storvsc - ok
00:30:22.0542 0836 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:30:22.0542 0836 swenum - ok
00:30:22.0589 0836 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:30:22.0605 0836 swprv - ok
00:30:22.0605 0836 Synth3dVsc - ok
00:30:22.0714 0836 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:30:22.0730 0836 SysMain - ok
00:30:22.0823 0836 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:30:22.0823 0836 TabletInputService - ok
00:30:22.0870 0836 tap0901 (4ef44915e522f3ecd1a3ff540aa64126) C:\Windows\system32\DRIVERS\tap0901.sys
00:30:22.0870 0836 tap0901 - ok
00:30:22.0917 0836 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:30:22.0932 0836 TapiSrv - ok
00:30:22.0964 0836 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:30:22.0964 0836 TBS - ok
00:30:23.0073 0836 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:30:23.0088 0836 Tcpip - ok
00:30:23.0260 0836 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:30:23.0276 0836 TCPIP6 - ok
00:30:23.0354 0836 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:30:23.0354 0836 tcpipreg - ok
00:30:23.0385 0836 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:30:23.0385 0836 TDPIPE - ok
00:30:23.0416 0836 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:30:23.0432 0836 TDTCP - ok
00:30:23.0494 0836 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:30:23.0494 0836 tdx - ok
00:30:23.0541 0836 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:30:23.0541 0836 TermDD - ok
00:30:23.0681 0836 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:30:23.0697 0836 TermService - ok
00:30:23.0728 0836 Themes (9201be2bab8a9ff8e20d8439ae3bb04d) C:\Windows\system32\themeservice.dll
00:30:23.0728 0836 Themes - ok
00:30:23.0837 0836 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:30:23.0837 0836 THREADORDER - ok
00:30:24.0056 0836 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:30:24.0071 0836 TrkWks - ok
00:30:24.0149 0836 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:30:24.0149 0836 TrustedInstaller - ok
00:30:24.0196 0836 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:30:24.0196 0836 tssecsrv - ok
00:30:24.0258 0836 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:30:24.0258 0836 TsUsbFlt - ok
00:30:24.0258 0836 tsusbhub - ok
00:30:24.0290 0836 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:30:24.0290 0836 tunnel - ok
00:30:24.0321 0836 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:30:24.0321 0836 uagp35 - ok
00:30:24.0352 0836 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:30:24.0352 0836 udfs - ok
00:30:24.0383 0836 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:30:24.0383 0836 UI0Detect - ok
00:30:24.0399 0836 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:30:24.0399 0836 uliagpkx - ok
00:30:24.0430 0836 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:30:24.0430 0836 umbus - ok
00:30:24.0446 0836 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:30:24.0461 0836 UmPass - ok
00:30:24.0492 0836 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
00:30:24.0508 0836 UmRdpService - ok
00:30:24.0617 0836 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
00:30:24.0617 0836 UMVPFSrv - ok
00:30:24.0664 0836 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:30:24.0680 0836 upnphost - ok
00:30:24.0726 0836 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:30:24.0726 0836 usbaudio - ok
00:30:24.0758 0836 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:30:24.0758 0836 usbccgp - ok
00:30:24.0789 0836 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:30:24.0789 0836 usbcir - ok
00:30:24.0804 0836 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:30:24.0804 0836 usbehci - ok
00:30:24.0836 0836 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:30:24.0836 0836 usbhub - ok
00:30:24.0851 0836 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
00:30:24.0851 0836 usbohci - ok
00:30:24.0882 0836 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:30:24.0882 0836 usbprint - ok
00:30:24.0898 0836 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:30:24.0898 0836 USBSTOR - ok
00:30:24.0914 0836 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:30:24.0914 0836 usbuhci - ok
00:30:24.0960 0836 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
00:30:24.0960 0836 usbvideo - ok
00:30:24.0976 0836 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:30:24.0992 0836 UxSms - ok
00:30:25.0007 0836 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:30:25.0007 0836 VaultSvc - ok
00:30:25.0023 0836 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:30:25.0023 0836 vdrvroot - ok
00:30:25.0070 0836 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:30:25.0085 0836 vds - ok
00:30:25.0101 0836 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:30:25.0101 0836 vga - ok
00:30:25.0116 0836 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:30:25.0116 0836 VgaSave - ok
00:30:25.0116 0836 VGPU - ok
00:30:25.0148 0836 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:30:25.0148 0836 vhdmp - ok
00:30:25.0241 0836 VIAHdAudAddService (ba1da5cd689e9473d99731a2e1ff2fb5) C:\Windows\system32\drivers\viahduaa.sys
00:30:25.0241 0836 VIAHdAudAddService - ok
00:30:25.0257 0836 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:30:25.0257 0836 viaide - ok
00:30:25.0288 0836 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
00:30:25.0288 0836 vmbus - ok
00:30:25.0304 0836 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
00:30:25.0304 0836 VMBusHID - ok
00:30:25.0319 0836 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:30:25.0319 0836 volmgr - ok
00:30:25.0366 0836 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:30:25.0366 0836 volmgrx - ok
00:30:25.0382 0836 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:30:25.0382 0836 volsnap - ok
00:30:25.0413 0836 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:30:25.0413 0836 vsmraid - ok
00:30:25.0569 0836 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:30:25.0584 0836 VSS - ok
00:30:25.0678 0836 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:30:25.0694 0836 vwifibus - ok
00:30:25.0709 0836 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:30:25.0709 0836 vwififlt - ok
00:30:25.0740 0836 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:30:25.0740 0836 vwifimp - ok
00:30:25.0787 0836 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:30:25.0787 0836 W32Time - ok
00:30:25.0818 0836 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:30:25.0818 0836 WacomPen - ok
00:30:25.0834 0836 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:30:25.0834 0836 WANARP - ok
00:30:25.0834 0836 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:30:25.0850 0836 Wanarpv6 - ok
00:30:25.0974 0836 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:30:25.0990 0836 WatAdminSvc - ok
00:30:26.0068 0836 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:30:26.0084 0836 wbengine - ok
00:30:26.0208 0836 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:30:26.0208 0836 WbioSrvc - ok
00:30:26.0255 0836 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:30:26.0271 0836 wcncsvc - ok
00:30:26.0286 0836 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:30:26.0286 0836 WcsPlugInService - ok
00:30:26.0318 0836 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:30:26.0318 0836 Wd - ok
00:30:26.0380 0836 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:30:26.0380 0836 Wdf01000 - ok
00:30:26.0396 0836 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:30:26.0396 0836 WdiServiceHost - ok
00:30:26.0411 0836 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:30:26.0411 0836 WdiSystemHost - ok
00:30:26.0442 0836 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:30:26.0458 0836 WebClient - ok
00:30:26.0474 0836 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:30:26.0474 0836 Wecsvc - ok
00:30:26.0489 0836 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:30:26.0505 0836 wercplsupport - ok
00:30:26.0520 0836 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:30:26.0520 0836 WerSvc - ok
00:30:26.0552 0836 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:30:26.0552 0836 WfpLwf - ok
00:30:26.0567 0836 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:30:26.0567 0836 WIMMount - ok
00:30:26.0583 0836 WinDefend - ok
00:30:26.0598 0836 WinHttpAutoProxySvc - ok
00:30:26.0645 0836 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:30:26.0645 0836 Winmgmt - ok
00:30:26.0754 0836 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:30:26.0770 0836 WinRM - ok
00:30:26.0879 0836 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:30:26.0895 0836 Wlansvc - ok
00:30:27.0160 0836 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:30:27.0176 0836 wlidsvc - ok
00:30:27.0269 0836 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:30:27.0285 0836 WmiAcpi - ok
00:30:27.0347 0836 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:30:27.0347 0836 wmiApSrv - ok
00:30:27.0378 0836 WMPNetworkSvc - ok
00:30:27.0410 0836 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:30:27.0410 0836 WPCSvc - ok
00:30:27.0441 0836 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:30:27.0456 0836 WPDBusEnum - ok
00:30:27.0472 0836 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:30:27.0472 0836 ws2ifsl - ok
00:30:27.0488 0836 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
00:30:27.0503 0836 wscsvc - ok
00:30:27.0503 0836 WSearch - ok
00:30:27.0659 0836 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
00:30:27.0675 0836 wuauserv - ok
00:30:27.0768 0836 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:30:27.0768 0836 WudfPf - ok
00:30:27.0800 0836 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:30:27.0800 0836 WUDFRd - ok
00:30:27.0831 0836 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:30:27.0831 0836 wudfsvc - ok
00:30:27.0878 0836 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:30:27.0893 0836 WwanSvc - ok
00:30:27.0924 0836 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:30:27.0971 0836 \Device\Harddisk0\DR0 - ok
00:30:27.0987 0836 Boot (0x1200) (271eb2ec31b3437eff89c7c86dae5d9d) \Device\Harddisk0\DR0\Partition0
00:30:27.0987 0836 \Device\Harddisk0\DR0\Partition0 - ok
00:30:28.0002 0836 Boot (0x1200) (c3d813ae706952e9e30b32a7b7af2977) \Device\Harddisk0\DR0\Partition1
00:30:28.0002 0836 \Device\Harddisk0\DR0\Partition1 - ok
00:30:28.0002 0836 ============================================================
00:30:28.0002 0836 Scan finished
00:30:28.0002 0836 ============================================================
00:30:28.0018 2900 Detected object count: 0
00:30:28.0018 2900 Actual detected object count: 0

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-01 00:32:08
-----------------------------
00:32:08.175 OS Version: Windows x64 6.1.7601 Service Pack 1
00:32:08.175 Number of processors: 4 586 0x503
00:32:08.175 ComputerName: KELVIN-PC UserName: Kelvin
00:32:09.189 Initialize success
00:32:09.283 AVAST engine defs: 12042901
00:32:10.858 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:32:10.874 Disk 0 Vendor: Maxtor_7H500F0 HA431DD0 Size: 476940MB BusType: 3
00:32:10.889 Disk 0 MBR read successfully
00:32:10.889 Disk 0 MBR scan
00:32:10.889 Disk 0 Windows 7 default MBR code
00:32:10.905 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:32:10.905 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
00:32:10.936 Disk 0 scanning C:\Windows\system32\drivers
00:32:16.583 Service scanning
00:32:33.010 Modules scanning
00:32:33.026 Disk 0 trace - called modules:
00:32:33.041 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:32:33.041 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b81060]
00:32:33.556 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80046899b0]
00:32:33.556 5 ACPI.sys[fffff88000f517a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b09060]
00:32:34.555 AVAST engine scan C:\Windows
00:32:36.895 AVAST engine scan C:\Windows\system32
00:34:39.740 AVAST engine scan C:\Windows\system32\drivers
00:34:47.446 AVAST engine scan C:\Users\Kelvin
00:37:02.373 AVAST engine scan C:\ProgramData
00:39:08.405 Scan finished successfully
00:40:11.164 Disk 0 MBR has been saved successfully to "C:\Users\Kelvin\Desktop\MBR.dat"
00:40:11.164 The log file has been saved successfully to "C:\Users\Kelvin\Desktop\aswMBR.txt"

Edited by meepwn, 02 May 2012 - 01:54 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 02 May 2012 - 02:33 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 05 May 2012 - 12:31 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 meepwn

meepwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 05 May 2012 - 02:23 AM

Sorry for being late, so far my computer is running fine. I'm no longer being redirected to happili sites.

Combofix log

ComboFix 12-05-05.05 - Kelvin 05/04/2012 23:44:15.6.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2470 [GMT -7:00]
Running from: c:\users\Kelvin\Desktop\recording\happy\ComboFix.exe
Command switches used :: c:\users\Kelvin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 06:52 . 2012-05-05 06:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 02:48 . 2012-04-13 08:46 8917360 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5066274-33D5-47CC-A6E7-F4D48422EA9C}\mpengine.dll
2012-04-28 10:32 . 2012-04-28 10:32 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-28 10:29 . 2012-04-28 10:29 -------- d-----w- c:\program files (x86)\mIRC
2012-04-27 10:38 . 2012-05-05 06:22 -------- d-----w- c:\program files (x86)\Warcraft III
2012-04-27 03:37 . 2012-04-27 03:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-27 03:37 . 2012-04-27 03:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-23 08:02 . 2012-04-23 08:02 -------- d-----w- c:\windows\SysWow64\spool
2012-04-23 08:02 . 2012-04-23 08:02 -------- d-----w- c:\programdata\Sony
2012-04-22 07:40 . 2012-05-05 06:40 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-22 07:23 . 2012-05-05 06:40 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-22 06:24 . 2012-04-22 06:24 -------- d-----w- c:\program files (x86)\AutoHotkey
2012-04-21 23:49 . 2012-04-21 23:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-21 23:44 . 2012-04-21 23:44 -------- d-----w- c:\program files (x86)\Secunia
2012-04-21 22:07 . 2012-04-21 22:07 -------- d-----w- c:\program files (x86)\ESET
2012-04-21 20:47 . 2012-04-21 20:47 -------- d-----w- c:\program files (x86)\ShiftWindow
2012-04-21 17:30 . 2012-04-24 05:42 -------- d-----w- c:\users\Kel
2012-04-20 02:30 . 2012-04-20 02:30 -------- d-----w- c:\program files (x86)\ICCup
2012-04-20 01:48 . 2012-04-20 01:48 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2012-04-20 01:14 . 2012-04-20 18:31 -------- d-----w- c:\program files (x86)\Anvisoft
2012-04-10 22:40 . 2012-04-10 22:43 -------- d-----w- c:\program files (x86)\Razer
2012-04-10 22:40 . 2012-04-10 22:40 -------- d-----w- c:\programdata\Razer
2012-04-10 19:24 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 19:24 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-10 19:24 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-10 19:22 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 19:22 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 19:22 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 19:22 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 19:22 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 19:22 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 19:22 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-07 06:50 . 2012-04-07 06:50 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2012-04-07 06:50 . 2012-04-07 06:50 -------- d-----w- c:\program files\Common Files\logishrd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 06:40 . 2011-06-25 00:05 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-21 23:49 . 2011-07-12 05:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 22:56 . 2012-03-25 09:27 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 07:20 . 2011-03-29 01:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-09 01:50 . 2012-03-09 01:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 05:46 . 2012-03-08 05:46 138752 ----a-w- c:\windows\SysWow64\rztouchdll.dll
2012-03-06 23:15 . 2012-03-25 08:54 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-03-25 08:54 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2012-03-25 08:54 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-03-25 08:54 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2012-03-25 08:54 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-25 08:54 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2012-03-25 08:54 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-03-25 08:54 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2012-03-25 08:54 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 08:32 . 2012-03-01 08:32 284672 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
2012-02-23 17:18 . 2011-08-24 05:40 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 08:20 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2012-02-21 08:19 . 2011-06-25 20:12 2851840 ----a-w- c:\windows\system32\themeui.dll
2012-02-21 08:19 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2012-02-18 02:20 . 2012-02-18 02:20 164864 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
2012-02-17 06:38 . 2012-03-15 17:54 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-15 17:54 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-15 17:54 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-15 17:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-15 17:54 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-13 02:57 . 2012-02-13 02:57 76800 ----a-w- c:\windows\system32\drivers\rzudd.sys
2012-02-10 06:36 . 2012-03-15 17:55 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 17:55 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-23_17.29.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-23 17:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-05 06:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-05 06:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-23 17:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-23 17:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-05 06:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-24 22:53 . 2012-05-05 05:35 63098 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-05 05:35 34580 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-24 22:41 . 2012-05-05 05:35 23364 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3341797973-912224214-452476523-1001_UserData.bin
+ 2009-07-14 05:30 . 2012-04-30 09:12 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-04-10 23:38 86016 c:\windows\system32\DriverStore\infpub.dat
- 2011-06-24 22:37 . 2012-04-22 07:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-24 22:37 . 2012-05-05 06:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-05 00:17 . 2012-05-05 06:40 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-05 06:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-22 07:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-24 22:41 . 2012-05-05 05:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-24 22:41 . 2012-04-23 17:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-04-29 00:45 89968 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-06-24 22:41 . 2012-04-23 17:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-24 22:41 . 2012-05-05 05:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-24 22:41 . 2012-05-05 05:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-24 22:41 . 2012-04-23 17:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-24 22:41 . 2012-04-23 17:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-24 22:41 . 2012-05-05 06:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-24 22:41 . 2012-05-05 06:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-24 22:41 . 2012-04-23 17:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-23 17:28 . 2012-04-23 17:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-05 06:53 . 2012-05-05 06:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-23 17:28 . 2012-04-23 17:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-05 06:53 . 2012-05-05 06:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-05 06:40 . 2012-05-05 06:40 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-05-05 05:40 . 2012-05-05 05:40 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-05-05 05:40 . 2012-05-05 05:40 424096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-04-22 07:23 . 2012-05-05 06:40 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-05-05 06:40 . 2012-05-05 06:40 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe
+ 2012-05-05 05:40 . 2012-05-05 05:40 631456 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe
+ 2012-05-05 05:40 . 2012-05-05 05:40 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.dll
+ 2009-07-14 05:30 . 2012-04-30 09:12 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-04-10 23:38 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:01 . 2012-05-05 06:52 259168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-23 17:27 259168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-05 06:40 . 2012-05-05 06:40 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
+ 2011-06-29 04:46 . 2012-05-05 06:52 6116160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3341797973-912224214-452476523-1001-12288.dat
+ 2012-05-05 06:40 . 2012-05-05 06:40 11590304 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll
+ 2011-06-25 00:12 . 2012-05-05 06:52 12838712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3341797973-912224214-452476523-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-07-06 2443376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-03-01 318344]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2011-07-05 2428968]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-24 641832]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-04 240232]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 06:40]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3341797973-912224214-452476523-1001Core.job
- c:\users\Kelvin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 23:51]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3341797973-912224214-452476523-1001UA.job
- c:\users\Kelvin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 23:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\kl7q447b.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Completion time: 2012-05-04 23:58:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-05 06:58
ComboFix2.txt 2012-04-30 00:43
ComboFix3.txt 2012-04-23 17:33
ComboFix4.txt 2012-04-21 22:04
.
Pre-Run: 360,584,560,640 bytes free
Post-Run: 360,699,154,432 bytes free
.
- - End Of File - - 553692C005A11EA179D2AB5F09823346

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 05 May 2012 - 03:23 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Ask Toolbar Updater
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 meepwn

meepwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 05 May 2012 - 08:40 PM

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Thanks so much, the revoinstaller worked wonders, and got rid of the ask updater. Before revo, my computer would never let me uninstall it!

Here are the logs, and I did get this pop up before running hijack;
"For some reason your system denied write access to the Host files. If any hijacked domains are in this file, HijackThis may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run and type: notepad C:\Windows\System32\drivers\etc\hosts and press Enter. The find the line(s) HijackThis reports and delete them. Save the file as 'hosts' (with quotes), and reboot."
But it still ran, and I posted the log.

So far the computer is running fine. I'm not longer being redirected to happili sites.

MBAM Log
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.06.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Kelvin :: KELVIN-PC [administrator]

Protection: Disabled

5/5/2012 6:28:56 PM
mbam-log-2012-05-05 (18-28-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219630
Time elapsed: 2 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

HIJACK this log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:39:40 PM, on 5/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Kelvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kelvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kelvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Kelvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Kelvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Unknown owner - C:\Program Files (x86)\Secunia\PSI\sua.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8503 bytes

Edited by meepwn, 05 May 2012 - 08:45 PM.


#11 meepwn

meepwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 05 May 2012 - 08:49 PM

Also, quick question.

I want to install an antirvirus, what would you recommend? Atm I'm using Avast

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 05 May 2012 - 09:00 PM

Greetings


at this time I use Microsoft Security Essentials -

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 meepwn

meepwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 08 May 2012 - 03:53 AM

I ran eset scanner twice, and didn't get a log. I don't see where I can copy and paste a log.

All it says is

No threats found
Scanned files: 238528
Infected files: 0
Cleaned files: 0
Total scan time: 01:23:32
Scan status: Finished

I added a screenshot if it helps.

Attached Files

  • Attached File  scan.png   116.01KB   2 downloads

Edited by meepwn, 08 May 2012 - 03:56 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 08 May 2012 - 07:36 AM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 meepwn

meepwn
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 09 May 2012 - 06:27 AM

Okay! So I decided to install mse and winpatrol, and uninstall my useless avast 7.

However, winpatrol gave me a notice about "C:\Windows\SysWOW64\webcheck.dll". I'm not sure if this is safe or not. I googled it, and it seems like it might be? I would like to make sure.

Thanks again, my computer is better now! I'm definitely going to leave the revouninstaller, ccleaner etc.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users