Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My notebook is infected


  • This topic is locked This topic is locked
14 replies to this topic

#1 Neumahn

Neumahn

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 11 May 2012 - 12:45 PM

I have a Windows Vista 32bit HP Pavillion dv9000 running ZoneAlarm and Microsoft SEcurity Essentials that keep finding Trojans. I quarantine and delete them but they keep returning. Their are usually all different. Sometimes it is Zbot, sometimes it is Waprox, sometimes it is Trojan-Downloader.Win32.CodecPack.bagh. I have tried IOBit Malware Remover, Search and Destroy, ZoneAlarm, Microsoft Malicious Software Remover, and things have improved (in the beginning all of my malware searches in Google were leading to 404 errors but that has been corrected) but I cannot get rid of it. I suspect there is something in the HiJackThis Log that needs to be taken care of. I wish HiJackThis did a better job of analyzing its log for you. My machine should be all up to date with the latest Windows updates and the latest version of Java and Adobe Flash. Here is the HiJackThis file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:23 AM, on 5/11/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Douglas\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Douglas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2381103534-903276012-2617231151-1006\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySQL - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
O23 - Service: VMC NetFlix Download Manager (NetFlixDownloadManager) - Unknown owner - C:\Program Files\Luttmann\vmcNetFlix\NetFlixDownloadManager.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SonicWALL Global VPN Client Service (SWGVCSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: UsbClientService - Unknown owner - C:\Program Files\Synology\Assistant\UsbClientService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

--
End of file - 9667 bytes

DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Douglas at 10:49:06 on 2012-05-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1098 [GMT -7:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files\Synology\Assistant\UsbClientService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehsched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Douglas\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Google Update] "c:\users\douglas\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: DhcpNameServer = 192.168.237.1
TCP: Interfaces\{385A36C3-A54F-497D-9031-C14D66FA1840} : DhcpNameServer = 192.168.237.1
TCP: Interfaces\{4C83E503-4CEE-48E1-996D-556907CD0D2D} : DhcpNameServer = 68.238.64.12 68.238.96.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\douglas\appdata\roaming\mozilla\firefox\profiles\0t6gsqs5.default\
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\douglas\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2012-5-8 11352]
R1 MpKslfaab483b;MpKslfaab483b;c:\programdata\microsoft\microsoft antimalware\definition updates\{998fccc4-872f-49ae-a56b-790b1cb8caff}\MpKslfaab483b.sys [2012-5-10 29904]
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2010-2-22 87064]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-5-10 913752]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-10 21504]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2012-5-10 821592]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-4-30 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-4-30 497280]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-2-13 2253120]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-5-11 1153368]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\sonicwall\sonicwall global vpn client\SWGVCSvc.exe [2009-3-6 227352]
R2 UsbClientService;UsbClientService;c:\program files\synology\assistant\UsbClientService.exe [2011-2-17 245760]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [2011-2-17 46304]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-4-5 6630912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-21 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 257696]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [1999-12-31 44432]
S3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2012-5-10 20336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-21 136176]
S3 hcw85bda;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-4-25 622080]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-6-18 19968]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]
S3 NetFlixDownloadManager;VMC NetFlix Download Manager;c:\program files\luttmann\vmcnetflix\NetFlixDownloadManager.exe [2009-4-16 26624]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2012-5-10 30600]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-5-3 12112]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2012-5-10 19792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-10-26 2799808]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-05-11 15:18:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-11 15:18:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-10 20:35:28 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{998fccc4-872f-49ae-a56b-790b1cb8caff}\offreg.dll
2012-05-10 20:35:28 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{998fccc4-872f-49ae-a56b-790b1cb8caff}\MpKslfaab483b.sys
2012-05-10 20:15:15 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f2811951-0f0f-4bd1-a814-99a525f61f15}\gapaengine.dll
2012-05-10 20:15:08 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{998fccc4-872f-49ae-a56b-790b1cb8caff}\mpengine.dll
2012-05-10 20:10:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-10 19:46:28 -------- d-----w- c:\users\douglas\appdata\roaming\#ISW.FS#
2012-05-10 18:35:09 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-10 18:35:09 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-05-10 18:35:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-10 18:35:09 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-10 16:59:55 -------- d-----w- c:\windows\Temp6AA19140-BEFA-91B4-D3DB-016123437D7C-Signatures
2012-05-10 16:10:31 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-10 16:10:02 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-05-10 16:10:02 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-10 16:10:01 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-10 16:10:01 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-10 16:10:01 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 16:10:00 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-05-10 16:05:45 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 16:05:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 16:05:44 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 16:05:44 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 16:05:44 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 16:05:42 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-05-10 15:59:28 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 15:59:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 15:59:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 15:58:05 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-05-10 15:47:57 -------- d-----w- C:\sh4ldr
2012-05-10 15:47:57 -------- d-----w- c:\program files\Enigma Software Group
2012-05-10 15:47:07 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-05-10 15:47:07 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-10 15:45:42 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-05-10 15:45:31 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-05-09 03:58:31 -------- d-----w- c:\users\douglas\appdata\roaming\CheckPoint
2012-05-09 03:56:18 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
2012-05-09 03:56:16 133208 ----a-w- c:\windows\system32\drivers\kl1.sys
2012-05-09 03:26:05 -------- d-----w- c:\program files\CheckPoint
2012-05-09 02:46:59 -------- d-----w- c:\programdata\CheckPoint
2012-05-09 00:57:36 -------- d-----w- c:\users\douglas\appdata\roaming\Laudw
2012-05-09 00:57:36 -------- d-----w- c:\users\douglas\appdata\roaming\Ariq
2012-05-08 23:18:17 -------- d-----w- c:\program files\SlimCleaner
2012-05-08 21:09:17 -------- d-----w- c:\users\douglas\appdata\roaming\Umfa
2012-05-08 21:09:17 -------- d-----w- c:\users\douglas\appdata\roaming\Rasis
2012-05-08 21:09:17 -------- d-----w- c:\users\douglas\appdata\roaming\Byxiig
2012-05-08 21:05:02 -------- d-----w- c:\users\douglas\appdata\roaming\Ikg
2012-05-08 21:04:57 -------- d-----w- c:\program files\common files\Win
2012-05-08 21:04:47 -------- d-----w- c:\users\douglas\appdata\roaming\Security Data
2012-05-02 01:57:42 86016 ----a-w- c:\windows\unvise32.exe
2012-04-25 23:16:46 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 23:16:42 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-25 23:16:42 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-19 03:10:20 -------- d-----w- c:\windows\system32\s
2012-04-11 21:05:37 -------- d-----w- c:\users\douglas\appdata\roaming\EDrawings
2012-04-11 19:00:15 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-05-04 22:07:19 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-05 01:47:08 772504 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-05 01:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-21 03:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-02-14 19:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
============= FINISH: 10:53:10.07 ===============






Any help would be appreciated. I have a lot of data on this laptop I don't want to lose.

Thank you!

Neumahn

Attached Files


Edited by Neumahn, 11 May 2012 - 03:48 PM.


BC AdBot (Login to Remove)

 


#2 Neumahn

Neumahn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 11 May 2012 - 06:41 PM

I have followed the directions that were given to other people with similar issues. I have run SecurityCheck and also run ComboFix after disabling all my security software. I have attached the logs.

Please help me! Thank you!

Neumster

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 12 May 2012 - 12:06 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: ZoneAlarm Antivirus
AV: Microsoft Security Essentials


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Neumahn

Neumahn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 12 May 2012 - 01:53 PM

Hello and thank you for your reply. If you look at my second post I already ran the two software packages you recommended and provided the logs for them as well. Prior to running the ComboFix program I deleted all antivirus programs and disabled the firewall.

I understand than one should not run multiple Anti-Virus programs and normally I just use the Microsoft products however I guess I went a little crazy on my own the last day or so and installed a few others trying to hunt this thing down on my own. I am now back to just the Windows Defender / Microsoft Security Essentials and Windows Firewall. Last night after sending the logs in my second post I re-installed those programs and ran a full scan with Microsoft Security Essentials. Again it found Waprox and said it was active. It quarantined it and then deleted it. This happens again and again. I suspect it is being rerun each time I reboot but cannot find where and cannot decipher the HiJackThis file on my own.

Again, please refer to my second post for the files you are looking for.

Thank you for your help!

Neumahn

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 12 May 2012 - 05:45 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Neumahn

Neumahn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 13 May 2012 - 02:13 AM

21:38:02.0719 5796 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
21:38:03.0274 5796 ============================================================
21:38:03.0274 5796 Current date / time: 2012/05/12 21:38:03.0274
21:38:03.0274 5796 SystemInfo:
21:38:03.0274 5796
21:38:03.0275 5796 OS Version: 6.0.6002 ServicePack: 2.0
21:38:03.0275 5796 Product type: Workstation
21:38:03.0275 5796 ComputerName: DOUGLAS-LAPTOP
21:38:03.0275 5796 UserName: Douglas
21:38:03.0275 5796 Windows directory: C:\Windows
21:38:03.0275 5796 System windows directory: C:\Windows
21:38:03.0275 5796 Processor architecture: Intel x86
21:38:03.0275 5796 Number of processors: 2
21:38:03.0275 5796 Page size: 0x1000
21:38:03.0275 5796 Boot type: Normal boot
21:38:03.0275 5796 ============================================================
21:38:07.0223 5796 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:38:07.0309 5796 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:38:07.0314 5796 ============================================================
21:38:07.0314 5796 \Device\Harddisk0\DR0:
21:38:07.0320 5796 MBR partitions:
21:38:07.0320 5796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCEE8342
21:38:07.0320 5796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xCEE8381, BlocksNum 0x10AB440
21:38:07.0320 5796 \Device\Harddisk1\DR1:
21:38:07.0321 5796 MBR partitions:
21:38:07.0321 5796 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
21:38:07.0321 5796 ============================================================
21:38:07.0343 5796 C: <-> \Device\Harddisk0\DR0\Partition0
21:38:07.0369 5796 D: <-> \Device\Harddisk1\DR1\Partition0
21:38:07.0595 5796 E: <-> \Device\Harddisk0\DR0\Partition1
21:38:07.0596 5796 ============================================================
21:38:07.0596 5796 Initialize success
21:38:07.0596 5796 ============================================================
21:38:33.0436 5624 ============================================================
21:38:33.0436 5624 Scan started
21:38:33.0436 5624 Mode: Manual;
21:38:33.0436 5624 ============================================================
21:38:33.0936 5624 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
21:38:33.0939 5624 61883 - ok
21:38:34.0011 5624 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:38:34.0016 5624 ACPI - ok
21:38:34.0153 5624 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:38:34.0156 5624 AdobeARMservice - ok
21:38:34.0237 5624 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:38:34.0245 5624 AdobeFlashPlayerUpdateSvc - ok
21:38:34.0319 5624 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:38:34.0341 5624 adp94xx - ok
21:38:34.0384 5624 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:38:34.0397 5624 adpahci - ok
21:38:34.0421 5624 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:38:34.0424 5624 adpu160m - ok
21:38:34.0459 5624 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:38:34.0464 5624 adpu320 - ok
21:38:34.0659 5624 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
21:38:34.0697 5624 AdvancedSystemCareService5 - ok
21:38:34.0722 5624 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:38:34.0724 5624 AeLookupSvc - ok
21:38:34.0810 5624 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:38:34.0828 5624 AFD - ok
21:38:34.0859 5624 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:38:34.0862 5624 agp440 - ok
21:38:34.0884 5624 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:38:34.0887 5624 aic78xx - ok
21:38:34.0919 5624 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:38:34.0921 5624 ALG - ok
21:38:34.0937 5624 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:38:34.0939 5624 aliide - ok
21:38:34.0960 5624 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:38:34.0962 5624 amdagp - ok
21:38:34.0980 5624 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:38:34.0983 5624 amdide - ok
21:38:35.0008 5624 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:38:35.0010 5624 AmdK7 - ok
21:38:35.0033 5624 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:38:35.0036 5624 AmdK8 - ok
21:38:35.0066 5624 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:38:35.0068 5624 Appinfo - ok
21:38:35.0162 5624 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:38:35.0165 5624 Apple Mobile Device - ok
21:38:35.0238 5624 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:38:35.0241 5624 arc - ok
21:38:35.0271 5624 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:38:35.0275 5624 arcsas - ok
21:38:35.0373 5624 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:38:35.0375 5624 aspnet_state - ok
21:38:35.0412 5624 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:38:35.0414 5624 AsyncMac - ok
21:38:35.0456 5624 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:38:35.0457 5624 atapi - ok
21:38:35.0549 5624 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:38:35.0593 5624 AudioEndpointBuilder - ok
21:38:35.0603 5624 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:38:35.0609 5624 Audiosrv - ok
21:38:35.0650 5624 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
21:38:35.0652 5624 Avc - ok
21:38:35.0720 5624 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:38:35.0743 5624 BCM43XV - ok
21:38:35.0773 5624 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:38:35.0775 5624 Beep - ok
21:38:35.0857 5624 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
21:38:35.0862 5624 BFE - ok
21:38:36.0010 5624 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
21:38:36.0044 5624 BITS - ok
21:38:36.0051 5624 blbdrive - ok
21:38:36.0165 5624 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:38:36.0181 5624 Bonjour Service - ok
21:38:36.0214 5624 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:38:36.0217 5624 bowser - ok
21:38:36.0241 5624 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:38:36.0243 5624 BrFiltLo - ok
21:38:36.0257 5624 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:38:36.0258 5624 BrFiltUp - ok
21:38:36.0301 5624 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:38:36.0304 5624 Browser - ok
21:38:36.0328 5624 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:38:36.0332 5624 Brserid - ok
21:38:36.0355 5624 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:38:36.0358 5624 BrSerWdm - ok
21:38:36.0381 5624 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:38:36.0383 5624 BrUsbMdm - ok
21:38:36.0399 5624 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:38:36.0401 5624 BrUsbSer - ok
21:38:36.0423 5624 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
21:38:36.0425 5624 BTCFilterService - ok
21:38:36.0452 5624 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:38:36.0454 5624 BTHMODEM - ok
21:38:36.0494 5624 busenum (2c3022623c60770442424e24224e4a25) C:\Windows\system32\DRIVERS\busenum.sys
21:38:36.0495 5624 busenum - ok
21:38:36.0555 5624 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
21:38:36.0557 5624 BVRPMPR5 - ok
21:38:36.0634 5624 catchme - ok
21:38:36.0665 5624 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:38:36.0667 5624 cdfs - ok
21:38:36.0694 5624 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:38:36.0697 5624 cdrom - ok
21:38:36.0743 5624 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:38:36.0745 5624 CertPropSvc - ok
21:38:36.0778 5624 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
21:38:36.0780 5624 circlass - ok
21:38:36.0849 5624 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:38:36.0855 5624 CLFS - ok
21:38:36.0944 5624 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:38:36.0948 5624 clr_optimization_v2.0.50727_32 - ok
21:38:37.0071 5624 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:38:37.0076 5624 clr_optimization_v4.0.30319_32 - ok
21:38:37.0103 5624 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:38:37.0105 5624 CmBatt - ok
21:38:37.0134 5624 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:38:37.0136 5624 cmdide - ok
21:38:37.0221 5624 Com4Qlb (a5aaa656403e5e7afa9647ce73dbf944) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
21:38:37.0309 5624 Com4Qlb - ok
21:38:37.0346 5624 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:38:37.0348 5624 Compbatt - ok
21:38:37.0355 5624 COMSysApp - ok
21:38:37.0370 5624 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:38:37.0373 5624 crcdisk - ok
21:38:37.0397 5624 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:38:37.0399 5624 Crusoe - ok
21:38:37.0461 5624 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
21:38:37.0463 5624 CryptSvc - ok
21:38:37.0509 5624 dc3d (91c1736e77cff029302728b431d0eedb) C:\Windows\system32\DRIVERS\dc3d.sys
21:38:37.0511 5624 dc3d - ok
21:38:37.0627 5624 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:38:37.0648 5624 DcomLaunch - ok
21:38:37.0680 5624 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:38:37.0683 5624 DfsC - ok
21:38:37.0951 5624 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:38:38.0031 5624 DFSR - ok
21:38:38.0221 5624 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:38:38.0228 5624 Dhcp - ok
21:38:38.0288 5624 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:38:38.0291 5624 disk - ok
21:38:38.0342 5624 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
21:38:38.0346 5624 DNE - ok
21:38:38.0386 5624 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:38:38.0390 5624 Dnscache - ok
21:38:38.0469 5624 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:38:38.0475 5624 dot3svc - ok
21:38:38.0518 5624 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:38:38.0522 5624 DPS - ok
21:38:38.0544 5624 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:38:38.0546 5624 drmkaud - ok
21:38:38.0659 5624 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:38:38.0682 5624 DXGKrnl - ok
21:38:38.0727 5624 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
21:38:38.0732 5624 E100B - ok
21:38:38.0755 5624 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:38:38.0759 5624 E1G60 - ok
21:38:38.0794 5624 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
21:38:38.0796 5624 eabfiltr - ok
21:38:38.0828 5624 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:38:38.0832 5624 EapHost - ok
21:38:38.0839 5624 easytether - ok
21:38:38.0916 5624 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:38:38.0921 5624 Ecache - ok
21:38:38.0999 5624 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
21:38:39.0014 5624 ehRecvr - ok
21:38:39.0045 5624 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
21:38:39.0048 5624 ehSched - ok
21:38:39.0064 5624 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
21:38:39.0066 5624 ehstart - ok
21:38:39.0121 5624 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:38:39.0128 5624 elxstor - ok
21:38:39.0245 5624 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:38:39.0265 5624 EMDMgmt - ok
21:38:39.0308 5624 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:38:39.0324 5624 EventSystem - ok
21:38:39.0387 5624 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:38:39.0391 5624 exfat - ok
21:38:39.0465 5624 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:38:39.0469 5624 fastfat - ok
21:38:39.0499 5624 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:38:39.0501 5624 fdc - ok
21:38:39.0527 5624 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:38:39.0530 5624 fdPHost - ok
21:38:39.0546 5624 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:38:39.0548 5624 FDResPub - ok
21:38:39.0587 5624 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:38:39.0590 5624 FileInfo - ok
21:38:39.0617 5624 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:38:39.0619 5624 Filetrace - ok
21:38:39.0637 5624 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:38:39.0639 5624 flpydisk - ok
21:38:39.0709 5624 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:38:39.0713 5624 FltMgr - ok
21:38:39.0815 5624 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
21:38:39.0850 5624 FontCache - ok
21:38:39.0942 5624 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:38:39.0944 5624 FontCache3.0.0.0 - ok
21:38:39.0980 5624 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
21:38:39.0981 5624 Fs_Rec - ok
21:38:40.0012 5624 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:38:40.0015 5624 gagp30kx - ok
21:38:40.0058 5624 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:38:40.0060 5624 GEARAspiWDM - ok
21:38:40.0164 5624 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:38:40.0195 5624 gpsvc - ok
21:38:40.0278 5624 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:38:40.0281 5624 gupdate - ok
21:38:40.0287 5624 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:38:40.0288 5624 gupdatem - ok
21:38:40.0312 5624 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
21:38:40.0313 5624 HBtnKey - ok
21:38:40.0398 5624 hcw85bda (659bd528db5390f1f1329f42a78be79f) C:\Windows\system32\drivers\HCW85BDA.sys
21:38:40.0425 5624 hcw85bda - ok
21:38:40.0462 5624 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:38:40.0467 5624 HdAudAddService - ok
21:38:40.0551 5624 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:38:40.0579 5624 HDAudBus - ok
21:38:40.0624 5624 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:38:40.0626 5624 HidBth - ok
21:38:40.0650 5624 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
21:38:40.0651 5624 HidIr - ok
21:38:40.0717 5624 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
21:38:40.0719 5624 hidserv - ok
21:38:40.0756 5624 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:38:40.0758 5624 HidUsb - ok
21:38:40.0789 5624 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:38:40.0793 5624 hkmsvc - ok
21:38:40.0866 5624 HP Health Check Service (2ceeb349216febd91a907013d4abcff7) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:38:40.0868 5624 HP Health Check Service - ok
21:38:40.0889 5624 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:38:40.0891 5624 HpCISSs - ok
21:38:40.0934 5624 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:38:40.0936 5624 hpqwmiex - ok
21:38:40.0992 5624 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:38:41.0000 5624 HSFHWAZL - ok
21:38:41.0121 5624 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:38:41.0156 5624 HSF_DPV - ok
21:38:41.0232 5624 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:38:41.0249 5624 HTTP - ok
21:38:41.0275 5624 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:38:41.0276 5624 i2omp - ok
21:38:41.0312 5624 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:38:41.0314 5624 i8042prt - ok
21:38:41.0464 5624 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:38:41.0510 5624 ialm - ok
21:38:41.0655 5624 iaStor - ok
21:38:41.0703 5624 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:38:41.0711 5624 iaStorV - ok
21:38:41.0852 5624 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:38:41.0855 5624 IDriverT - ok
21:38:42.0047 5624 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:38:42.0089 5624 idsvc - ok
21:38:42.0249 5624 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:38:42.0251 5624 iirsp - ok
21:38:42.0347 5624 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:38:42.0362 5624 IKEEXT - ok
21:38:42.0669 5624 IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
21:38:42.0758 5624 IntcAzAudAddService - ok
21:38:42.0880 5624 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
21:38:42.0882 5624 intelide - ok
21:38:42.0917 5624 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:38:42.0918 5624 intelppm - ok
21:38:42.0958 5624 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:38:42.0963 5624 IPBusEnum - ok
21:38:43.0003 5624 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:38:43.0006 5624 IpFilterDriver - ok
21:38:43.0070 5624 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
21:38:43.0075 5624 iphlpsvc - ok
21:38:43.0091 5624 IpInIp - ok
21:38:43.0134 5624 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:38:43.0137 5624 IPMIDRV - ok
21:38:43.0181 5624 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:38:43.0185 5624 IPNAT - ok
21:38:43.0338 5624 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
21:38:43.0379 5624 iPod Service - ok
21:38:43.0419 5624 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:38:43.0422 5624 IRENUM - ok
21:38:43.0443 5624 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:38:43.0446 5624 isapnp - ok
21:38:43.0507 5624 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:38:43.0512 5624 iScsiPrt - ok
21:38:43.0548 5624 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:38:43.0550 5624 iteatapi - ok
21:38:43.0574 5624 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:38:43.0577 5624 iteraid - ok
21:38:43.0610 5624 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:38:43.0615 5624 kbdclass - ok
21:38:43.0658 5624 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:38:43.0660 5624 kbdhid - ok
21:38:43.0705 5624 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:38:43.0708 5624 KeyIso - ok
21:38:43.0782 5624 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:38:43.0800 5624 KSecDD - ok
21:38:43.0858 5624 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:38:43.0882 5624 KtmRm - ok
21:38:43.0926 5624 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
21:38:43.0932 5624 LanmanServer - ok
21:38:43.0998 5624 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:38:44.0005 5624 LanmanWorkstation - ok
21:38:44.0094 5624 LightScribeService (511e99ac5e322283df6a752001cebf05) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:38:44.0186 5624 LightScribeService - ok
21:38:44.0248 5624 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:38:44.0251 5624 lltdio - ok
21:38:44.0305 5624 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:38:44.0310 5624 lltdsvc - ok
21:38:44.0338 5624 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:38:44.0342 5624 lmhosts - ok
21:38:44.0385 5624 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:38:44.0388 5624 LSI_FC - ok
21:38:44.0409 5624 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:38:44.0413 5624 LSI_SAS - ok
21:38:44.0440 5624 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:38:44.0443 5624 LSI_SCSI - ok
21:38:44.0471 5624 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:38:44.0474 5624 luafv - ok
21:38:44.0555 5624 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
21:38:44.0558 5624 mcdbus - ok
21:38:44.0600 5624 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
21:38:44.0603 5624 Mcx2Svc - ok
21:38:44.0620 5624 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:38:44.0622 5624 megasas - ok
21:38:44.0705 5624 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:38:44.0708 5624 Microsoft Office Groove Audit Service - ok
21:38:44.0740 5624 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:38:44.0743 5624 MMCSS - ok
21:38:44.0777 5624 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:38:44.0779 5624 Modem - ok
21:38:44.0832 5624 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
21:38:44.0834 5624 MODEMCSA - ok
21:38:44.0875 5624 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:38:44.0877 5624 monitor - ok
21:38:44.0903 5624 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\Windows\system32\Drivers\motoandroid.sys
21:38:44.0905 5624 motandroidusb - ok
21:38:44.0939 5624 motccgp (7b8d7bb9ae3ae9cd133bbc5aa91dd3cc) C:\Windows\system32\DRIVERS\motccgp.sys
21:38:44.0941 5624 motccgp - ok
21:38:44.0987 5624 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
21:38:44.0989 5624 motccgpfl - ok
21:38:45.0018 5624 motmodem (c3b0fd4f463e90b3917ff6ccea853bb6) C:\Windows\system32\DRIVERS\motmodem.sys
21:38:45.0021 5624 motmodem - ok
21:38:45.0086 5624 MotoHelper (36ac4deceae4226a5b5dd038c49658e1) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
21:38:45.0091 5624 MotoHelper - ok
21:38:45.0103 5624 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
21:38:45.0107 5624 MotoSwitchService - ok
21:38:45.0131 5624 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys
21:38:45.0135 5624 Motousbnet - ok
21:38:45.0151 5624 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\Windows\system32\DRIVERS\motusbdevice.sys
21:38:45.0153 5624 motusbdevice - ok
21:38:45.0176 5624 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:38:45.0178 5624 mouclass - ok
21:38:45.0202 5624 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:38:45.0204 5624 mouhid - ok
21:38:45.0247 5624 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:38:45.0250 5624 MountMgr - ok
21:38:45.0335 5624 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:38:45.0338 5624 MozillaMaintenance - ok
21:38:45.0392 5624 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
21:38:45.0396 5624 MpFilter - ok
21:38:45.0442 5624 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:38:45.0445 5624 mpio - ok
21:38:45.0635 5624 MpKsl885ea5d1 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9AAB742F-B2A2-422A-BCE0-68EE834BA62F}\MpKsl885ea5d1.sys
21:38:45.0636 5624 MpKsl885ea5d1 - ok
21:38:45.0670 5624 MpKsl8d2c61da (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9AAB742F-B2A2-422A-BCE0-68EE834BA62F}\MpKsl8d2c61da.sys
21:38:45.0673 5624 MpKsl8d2c61da - ok
21:38:45.0725 5624 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:38:45.0728 5624 mpsdrv - ok
21:38:45.0827 5624 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
21:38:45.0835 5624 MpsSvc - ok
21:38:45.0872 5624 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:38:45.0875 5624 Mraid35x - ok
21:38:45.0942 5624 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:38:45.0946 5624 MRxDAV - ok
21:38:46.0001 5624 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:38:46.0006 5624 mrxsmb - ok
21:38:46.0068 5624 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:38:46.0075 5624 mrxsmb10 - ok
21:38:46.0109 5624 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:38:46.0113 5624 mrxsmb20 - ok
21:38:46.0148 5624 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\DRIVERS\msahci.sys
21:38:46.0151 5624 msahci - ok
21:38:46.0260 5624 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
21:38:46.0263 5624 MSCSPTISRV - ok
21:38:46.0302 5624 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:38:46.0306 5624 msdsm - ok
21:38:46.0354 5624 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:38:46.0360 5624 MSDTC - ok
21:38:46.0406 5624 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
21:38:46.0408 5624 MSDV - ok
21:38:46.0450 5624 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:38:46.0452 5624 Msfs - ok
21:38:46.0479 5624 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:38:46.0481 5624 msisadrv - ok
21:38:46.0519 5624 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:38:46.0523 5624 MSiSCSI - ok
21:38:46.0531 5624 msiserver - ok
21:38:46.0578 5624 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:38:46.0579 5624 MSKSSRV - ok
21:38:46.0680 5624 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:38:46.0680 5624 MsMpSvc - ok
21:38:46.0719 5624 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:38:46.0720 5624 MSPCLOCK - ok
21:38:46.0741 5624 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:38:46.0743 5624 MSPQM - ok
21:38:46.0816 5624 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:38:46.0822 5624 MsRPC - ok
21:38:46.0851 5624 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:38:46.0853 5624 mssmbios - ok
21:38:46.0956 5624 MSSQL$MYMOVIES - ok
21:38:47.0030 5624 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:38:47.0033 5624 MSSQLServerADHelper - ok
21:38:47.0058 5624 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:38:47.0060 5624 MSTEE - ok
21:38:47.0430 5624 msvsmon80 (73fa09b84b23a1897809a84f976d5d99) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
21:38:47.0527 5624 msvsmon80 - ok
21:38:47.0730 5624 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:38:47.0732 5624 Mup - ok
21:38:47.0818 5624 MySQL - ok
21:38:47.0911 5624 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:38:47.0936 5624 napagent - ok
21:38:48.0010 5624 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:38:48.0015 5624 NativeWifiP - ok
21:38:48.0137 5624 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:38:48.0165 5624 NDIS - ok
21:38:48.0202 5624 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:38:48.0204 5624 NdisTapi - ok
21:38:48.0239 5624 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:38:48.0242 5624 Ndisuio - ok
21:38:48.0282 5624 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:38:48.0286 5624 NdisWan - ok
21:38:48.0330 5624 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:38:48.0333 5624 NDProxy - ok
21:38:48.0373 5624 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
21:38:48.0377 5624 Net Driver HPZ12 - ok
21:38:48.0394 5624 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:38:48.0396 5624 NetBIOS - ok
21:38:48.0475 5624 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:38:48.0482 5624 netbt - ok
21:38:48.0600 5624 NetFlixDownloadManager (cec4a6d1f2c6e805935e7448d552f5da) C:\Program Files\Luttmann\vmcNetFlix\NetFlixDownloadManager.exe
21:38:48.0625 5624 NetFlixDownloadManager - ok
21:38:48.0672 5624 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:38:48.0674 5624 Netlogon - ok
21:38:48.0736 5624 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:38:48.0744 5624 Netman - ok
21:38:48.0885 5624 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:38:48.0889 5624 NetMsmqActivator - ok
21:38:48.0896 5624 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:38:48.0900 5624 NetPipeActivator - ok
21:38:48.0957 5624 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:38:48.0963 5624 netprofm - ok
21:38:48.0974 5624 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:38:48.0977 5624 NetTcpActivator - ok
21:38:48.0991 5624 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:38:48.0994 5624 NetTcpPortSharing - ok
21:38:49.0247 5624 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
21:38:49.0326 5624 NETw4v32 - ok
21:38:50.0194 5624 NETw5v32 (396ac7cc025d1bb582edba1d43576c44) C:\Windows\system32\DRIVERS\NETw5v32.sys
21:38:50.0405 5624 NETw5v32 - ok
21:38:50.0554 5624 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:38:50.0557 5624 nfrd960 - ok
21:38:50.0614 5624 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:38:50.0617 5624 NisDrv - ok
21:38:50.0741 5624 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
21:38:50.0748 5624 NisSrv - ok
21:38:50.0813 5624 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:38:50.0820 5624 NlaSvc - ok
21:38:50.0883 5624 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:38:50.0886 5624 Npfs - ok
21:38:50.0912 5624 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:38:50.0917 5624 nsi - ok
21:38:50.0953 5624 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:38:50.0956 5624 nsiproxy - ok
21:38:51.0143 5624 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:38:51.0185 5624 Ntfs - ok
21:38:51.0213 5624 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:38:51.0216 5624 ntrigdigi - ok
21:38:51.0242 5624 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:38:51.0244 5624 Null - ok
21:38:52.0586 5624 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:38:52.0941 5624 nvlddmkm - ok
21:38:53.0093 5624 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:38:53.0096 5624 nvraid - ok
21:38:53.0114 5624 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:38:53.0116 5624 nvstor - ok
21:38:53.0255 5624 nvsvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe
21:38:53.0291 5624 nvsvc - ok
21:38:53.0624 5624 nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:38:53.0697 5624 nvUpdatusService - ok
21:38:53.0828 5624 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:38:53.0832 5624 nv_agp - ok
21:38:53.0842 5624 NwlnkFlt - ok
21:38:53.0853 5624 NwlnkFwd - ok
21:38:53.0961 5624 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:38:53.0978 5624 odserv - ok
21:38:54.0017 5624 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:38:54.0019 5624 ohci1394 - ok
21:38:54.0079 5624 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:38:54.0083 5624 ose - ok
21:38:54.0636 5624 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:38:54.0793 5624 osppsvc - ok
21:38:55.0053 5624 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:38:55.0061 5624 p2pimsvc - ok
21:38:55.0074 5624 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:38:55.0082 5624 p2psvc - ok
21:38:55.0191 5624 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
21:38:55.0194 5624 PACSPTISVR - ok
21:38:55.0246 5624 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:38:55.0249 5624 Parport - ok
21:38:55.0297 5624 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
21:38:55.0300 5624 partmgr - ok
21:38:55.0331 5624 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:38:55.0332 5624 Parvdm - ok
21:38:55.0367 5624 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:38:55.0371 5624 PcaSvc - ok
21:38:55.0435 5624 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:38:55.0440 5624 pci - ok
21:38:55.0487 5624 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
21:38:55.0489 5624 pciide - ok
21:38:55.0527 5624 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:38:55.0531 5624 pcmcia - ok
21:38:55.0653 5624 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:38:55.0684 5624 PEAUTH - ok
21:38:55.0884 5624 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:38:55.0941 5624 pla - ok
21:38:56.0135 5624 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:38:56.0144 5624 PlugPlay - ok
21:38:56.0191 5624 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
21:38:56.0193 5624 Pml Driver HPZ12 - ok
21:38:56.0317 5624 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:38:56.0328 5624 PNRPAutoReg - ok
21:38:56.0348 5624 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:38:56.0359 5624 PNRPsvc - ok
21:38:56.0442 5624 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\Windows\system32\DRIVERS\point32k.sys
21:38:56.0445 5624 Point32 - ok
21:38:56.0510 5624 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:38:56.0517 5624 PolicyAgent - ok
21:38:56.0574 5624 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:38:56.0577 5624 PptpMiniport - ok
21:38:56.0615 5624 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:38:56.0617 5624 Processor - ok
21:38:56.0695 5624 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:38:56.0701 5624 ProfSvc - ok
21:38:56.0751 5624 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:38:56.0754 5624 ProtectedStorage - ok
21:38:56.0829 5624 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:38:56.0831 5624 PSched - ok
21:38:56.0872 5624 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
21:38:56.0874 5624 PxHelp20 - ok
21:38:56.0993 5624 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:38:57.0029 5624 ql2300 - ok
21:38:57.0061 5624 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:38:57.0066 5624 ql40xx - ok
21:38:57.0126 5624 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:38:57.0136 5624 QWAVE - ok
21:38:57.0184 5624 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:38:57.0187 5624 QWAVEdrv - ok
21:38:57.0244 5624 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:38:57.0252 5624 RasAcd - ok
21:38:57.0305 5624 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:38:57.0312 5624 RasAuto - ok
21:38:57.0403 5624 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:38:57.0406 5624 Rasl2tp - ok
21:38:57.0492 5624 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:38:57.0503 5624 RasMan - ok
21:38:57.0568 5624 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:38:57.0571 5624 RasPppoe - ok
21:38:57.0631 5624 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:38:57.0634 5624 RasSstp - ok
21:38:57.0718 5624 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:38:57.0726 5624 rdbss - ok
21:38:57.0752 5624 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:38:57.0755 5624 RDPCDD - ok
21:38:57.0830 5624 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:38:57.0836 5624 rdpdr - ok
21:38:57.0847 5624 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:38:57.0851 5624 RDPENCDD - ok
21:38:57.0913 5624 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
21:38:57.0918 5624 RDPWD - ok
21:38:57.0966 5624 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:38:57.0970 5624 RemoteAccess - ok
21:38:58.0036 5624 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:38:58.0041 5624 RemoteRegistry - ok
21:38:58.0086 5624 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:38:58.0088 5624 rimmptsk - ok
21:38:58.0107 5624 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:38:58.0109 5624 rimsptsk - ok
21:38:58.0128 5624 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:38:58.0130 5624 rismxdp - ok
21:38:58.0320 5624 RoxMediaDB9 (08fb7d968805001c7adcbb14b0651fa2) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
21:38:58.0571 5624 RoxMediaDB9 - ok
21:38:58.0607 5624 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:38:58.0609 5624 RpcLocator - ok
21:38:58.0717 5624 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:38:58.0725 5624 RpcSs - ok
21:38:58.0789 5624 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:38:58.0792 5624 rspndr - ok
21:38:58.0866 5624 RTL8169 (53892cbd9735a80712ee9439268344b4) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:38:58.0870 5624 RTL8169 - ok
21:38:58.0917 5624 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:38:58.0920 5624 SamSs - ok
21:38:58.0955 5624 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:38:58.0958 5624 sbp2port - ok
21:38:59.0023 5624 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:38:59.0029 5624 SCardSvr - ok
21:38:59.0115 5624 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:38:59.0123 5624 Schedule - ok
21:38:59.0145 5624 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:38:59.0146 5624 SCPolicySvc - ok
21:38:59.0194 5624 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:38:59.0197 5624 sdbus - ok
21:38:59.0245 5624 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:38:59.0249 5624 SDRSVC - ok
21:38:59.0294 5624 se32 (695745cce49c346dab9620519b3e1970) C:\Windows\system32\drivers\se32.sys
21:38:59.0309 5624 se32 - ok
21:38:59.0414 5624 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:38:59.0419 5624 SeaPort - ok
21:38:59.0447 5624 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:38:59.0449 5624 secdrv - ok
21:38:59.0501 5624 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:38:59.0508 5624 seclogon - ok
21:38:59.0535 5624 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
21:38:59.0541 5624 SENS - ok
21:38:59.0574 5624 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:38:59.0577 5624 Serenum - ok
21:38:59.0615 5624 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:38:59.0619 5624 Serial - ok
21:38:59.0659 5624 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:38:59.0661 5624 sermouse - ok
21:38:59.0747 5624 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:38:59.0755 5624 SessionEnv - ok
21:38:59.0796 5624 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
21:38:59.0798 5624 sffdisk - ok
21:38:59.0824 5624 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:38:59.0827 5624 sffp_mmc - ok
21:38:59.0875 5624 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:38:59.0877 5624 sffp_sd - ok
21:38:59.0901 5624 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:38:59.0903 5624 sfloppy - ok
21:38:59.0956 5624 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:38:59.0964 5624 SharedAccess - ok
21:39:00.0030 5624 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:39:00.0040 5624 ShellHWDetection - ok
21:39:00.0069 5624 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:39:00.0072 5624 sisagp - ok
21:39:00.0114 5624 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:39:00.0117 5624 SiSRaid2 - ok
21:39:00.0144 5624 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:39:00.0147 5624 SiSRaid4 - ok
21:39:00.0544 5624 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:39:00.0667 5624 slsvc - ok
21:39:00.0874 5624 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:39:00.0879 5624 SLUINotify - ok
21:39:00.0973 5624 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:39:00.0977 5624 Smb - ok
21:39:01.0162 5624 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
21:39:01.0227 5624 smserial - ok
21:39:01.0289 5624 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:39:01.0295 5624 SNMPTRAP - ok
21:39:01.0345 5624 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:39:01.0347 5624 spldr - ok
21:39:01.0420 5624 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:39:01.0426 5624 Spooler - ok
21:39:01.0534 5624 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
21:39:01.0537 5624 SPTISRV - ok
21:39:01.0635 5624 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:39:01.0640 5624 SQLBrowser - ok
21:39:01.0683 5624 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:39:01.0685 5624 SQLWriter - ok
21:39:01.0757 5624 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:39:01.0766 5624 srv - ok
21:39:01.0821 5624 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:39:01.0826 5624 srv2 - ok
21:39:01.0865 5624 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:39:01.0869 5624 srvnet - ok
21:39:01.0917 5624 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:39:01.0926 5624 SSDPSRV - ok
21:39:01.0978 5624 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:39:01.0984 5624 SstpSvc - ok
21:39:02.0088 5624 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:39:02.0115 5624 stisvc - ok
21:39:02.0202 5624 stllssvr (a9a23c8af361f7a93fd632e91a8c346f) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:39:02.0261 5624 stllssvr - ok
21:39:02.0300 5624 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:39:02.0302 5624 swenum - ok
21:39:02.0377 5624 SWGVCSvc (c966e60968f0ef114606eefd3e5ef1c2) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
21:39:02.0382 5624 SWGVCSvc - ok
21:39:02.0430 5624 SWIPsec (ebd83e322b4eb50f6a1d8d7b42d3745e) C:\Windows\system32\Drivers\SWIPsec.sys
21:39:02.0503 5624 SWIPsec - ok
21:39:02.0636 5624 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:39:02.0766 5624 SwitchBoard - ok
21:39:02.0847 5624 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:39:02.0853 5624 swprv - ok
21:39:02.0892 5624 SWVNIC (962b13026b10b82d2874bfda4ecc048d) C:\Windows\system32\DRIVERS\swvnic.sys
21:39:02.0894 5624 SWVNIC - ok
21:39:02.0920 5624 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:39:02.0922 5624 Symc8xx - ok
21:39:02.0954 5624 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:39:02.0956 5624 Sym_hi - ok
21:39:02.0984 5624 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:39:02.0986 5624 Sym_u3 - ok
21:39:03.0070 5624 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
21:39:03.0076 5624 SynTP - ok
21:39:03.0193 5624 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:39:03.0225 5624 SysMain - ok
21:39:03.0272 5624 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:39:03.0279 5624 TabletInputService - ok
21:39:03.0376 5624 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:39:03.0384 5624 TapiSrv - ok
21:39:03.0435 5624 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:39:03.0441 5624 TBS - ok
21:39:03.0612 5624 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
21:39:03.0643 5624 Tcpip - ok
21:39:03.0666 5624 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
21:39:03.0676 5624 Tcpip6 - ok
21:39:03.0721 5624 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
21:39:03.0723 5624 tcpipreg - ok
21:39:03.0763 5624 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:39:03.0766 5624 TDPIPE - ok
21:39:03.0789 5624 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:39:03.0791 5624 TDTCP - ok
21:39:03.0856 5624 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:39:03.0859 5624 tdx - ok
21:39:03.0894 5624 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:39:03.0896 5624 TermDD - ok
21:39:03.0992 5624 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:39:04.0000 5624 TermService - ok
21:39:04.0060 5624 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:39:04.0065 5624 Themes - ok
21:39:04.0098 5624 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:39:04.0100 5624 THREADORDER - ok
21:39:04.0132 5624 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:39:04.0138 5624 TrkWks - ok
21:39:04.0218 5624 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:39:04.0219 5624 TrustedInstaller - ok
21:39:04.0263 5624 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:39:04.0265 5624 tssecsrv - ok
21:39:04.0310 5624 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:39:04.0312 5624 tunmp - ok
21:39:04.0356 5624 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:39:04.0359 5624 tunnel - ok
21:39:04.0409 5624 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:39:04.0412 5624 uagp35 - ok
21:39:04.0445 5624 ucglofdw - ok
21:39:04.0537 5624 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:39:04.0567 5624 udfs - ok
21:39:04.0637 5624 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:39:04.0643 5624 UI0Detect - ok
21:39:04.0675 5624 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:39:04.0678 5624 uliagpkx - ok
21:39:04.0731 5624 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:39:04.0738 5624 uliahci - ok
21:39:04.0766 5624 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:39:04.0771 5624 UlSata - ok
21:39:04.0807 5624 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:39:04.0812 5624 ulsata2 - ok
21:39:04.0852 5624 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:39:04.0855 5624 umbus - ok
21:39:04.0940 5624 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:39:04.0952 5624 upnphost - ok
21:39:05.0011 5624 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:39:05.0014 5624 USBAAPL - ok
21:39:05.0077 5624 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:39:05.0081 5624 usbaudio - ok
21:39:05.0110 5624 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:39:05.0114 5624 usbccgp - ok
21:39:05.0160 5624 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
21:39:05.0163 5624 usbcir - ok
21:39:05.0287 5624 UsbClientService (6af12011c88c80920d0543616e107cff) C:\Program Files\Synology\Assistant\UsbClientService.exe
21:39:05.0290 5624 UsbClientService - ok
21:39:05.0326 5624 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:39:05.0329 5624 usbehci - ok
21:39:05.0378 5624 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:39:05.0384 5624 usbhub - ok
21:39:05.0428 5624 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:39:05.0430 5624 usbohci - ok
21:39:05.0479 5624 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:39:05.0481 5624 usbprint - ok
21:39:05.0530 5624 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:39:05.0532 5624 USBSTOR - ok
21:39:05.0571 5624 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:39:05.0573 5624 usbuhci - ok
21:39:05.0619 5624 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:39:05.0623 5624 usbvideo - ok
21:39:05.0662 5624 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:39:05.0666 5624 UxSms - ok
21:39:05.0718 5624 V0070VID (912ea0103c9e4154cd78ab385763586f) C:\Windows\system32\DRIVERS\V0070Vid.sys
21:39:05.0723 5624 V0070VID - ok
21:39:05.0794 5624 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
21:39:05.0796 5624 VClone - ok
21:39:05.0896 5624 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:39:05.0923 5624 vds - ok
21:39:05.0953 5624 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:39:05.0956 5624 vga - ok
21:39:05.0994 5624 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:39:05.0996 5624 VgaSave - ok
21:39:06.0037 5624 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:39:06.0041 5624 viaagp - ok
21:39:06.0069 5624 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:39:06.0072 5624 ViaC7 - ok
21:39:06.0099 5624 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:39:06.0101 5624 viaide - ok
21:39:06.0156 5624 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:39:06.0158 5624 volmgr - ok
21:39:06.0241 5624 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:39:06.0258 5624 volmgrx - ok
21:39:06.0318 5624 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:39:06.0324 5624 volsnap - ok
21:39:06.0354 5624 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:39:06.0358 5624 vsmraid - ok
21:39:06.0521 5624 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:39:06.0568 5624 VSS - ok
21:39:06.0668 5624 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:39:06.0678 5624 W32Time - ok
21:39:06.0755 5624 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:39:06.0758 5624 WacomPen - ok
21:39:06.0825 5624 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:06.0828 5624 Wanarp - ok
21:39:06.0843 5624 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:06.0847 5624 Wanarpv6 - ok
21:39:06.0916 5624 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:39:06.0928 5624 wcncsvc - ok
21:39:06.0970 5624 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:39:06.0977 5624 WcsPlugInService - ok
21:39:07.0011 5624 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:39:07.0015 5624 Wd - ok
21:39:07.0121 5624 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:39:07.0145 5624 Wdf01000 - ok
21:39:07.0193 5624 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:39:07.0198 5624 WdiServiceHost - ok
21:39:07.0215 5624 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:39:07.0220 5624 WdiSystemHost - ok
21:39:07.0307 5624 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:39:07.0316 5624 WebClient - ok
21:39:07.0390 5624 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:39:07.0397 5624 Wecsvc - ok
21:39:07.0450 5624 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:39:07.0455 5624 wercplsupport - ok
21:39:07.0525 5624 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:39:07.0531 5624 WerSvc - ok
21:39:07.0639 5624 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:39:07.0674 5624 winachsf - ok
21:39:07.0793 5624 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:39:07.0808 5624 WinDefend - ok
21:39:07.0840 5624 WinHttpAutoProxySvc - ok
21:39:07.0957 5624 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:39:07.0962 5624 Winmgmt - ok
21:39:08.0158 5624 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:39:08.0216 5624 WinRM - ok
21:39:08.0347 5624 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:39:08.0360 5624 Wlansvc - ok
21:39:08.0652 5624 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:39:08.0724 5624 wlidsvc - ok
21:39:08.0885 5624 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:39:08.0886 5624 WmiAcpi - ok
21:39:08.0994 5624 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:39:08.0998 5624 wmiApSrv - ok
21:39:09.0172 5624 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:39:09.0212 5624 WMPNetworkSvc - ok
21:39:09.0266 5624 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
21:39:09.0273 5624 WPCSvc - ok
21:39:09.0345 5624 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:39:09.0352 5624 WPDBusEnum - ok
21:39:09.0425 5624 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:39:09.0428 5624 WpdUsb - ok
21:39:09.0648 5624 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:39:09.0677 5624 WPFFontCache_v0400 - ok
21:39:09.0720 5624 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:39:09.0722 5624 ws2ifsl - ok
21:39:09.0788 5624 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
21:39:09.0794 5624 wscsvc - ok
21:39:09.0809 5624 WSearch - ok
21:39:10.0061 5624 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
21:39:10.0136 5624 wuauserv - ok
21:39:10.0325 5624 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:39:10.0328 5624 WUDFRd - ok
21:39:10.0367 5624 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:39:10.0373 5624 wudfsvc - ok
21:39:10.0434 5624 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
21:39:10.0479 5624 \Device\Harddisk0\DR0 - ok
21:39:10.0483 5624 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:39:10.0488 5624 \Device\Harddisk1\DR1 - ok
21:39:10.0493 5624 Boot (0x1200) (10b944499688ef9cc58bf131a275ceae) \Device\Harddisk0\DR0\Partition0
21:39:10.0496 5624 \Device\Harddisk0\DR0\Partition0 - ok
21:39:10.0500 5624 Boot (0x1200) (1a8b0da98a264c143111e975fc95071b) \Device\Harddisk0\DR0\Partition1
21:39:10.0503 5624 \Device\Harddisk0\DR0\Partition1 - ok
21:39:10.0507 5624 Boot (0x1200) (ba9cb6e4bceffecaaeec4b1f7064bae8) \Device\Harddisk1\DR1\Partition0
21:39:10.0511 5624 \Device\Harddisk1\DR1\Partition0 - ok
21:39:10.0512 5624 ============================================================
21:39:10.0512 5624 Scan finished
21:39:10.0512 5624 ============================================================
21:39:10.0583 2108 Detected object count: 0
21:39:10.0583 2108 Actual detected object count: 0

Attached Files



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 13 May 2012 - 02:25 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Neumahn

Neumahn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 13 May 2012 - 02:22 PM

Gringo,

Thank you for your help. I did as you said and created the CFScript file and then drag and dropped it onto ComboFix. It reminded me to disable the firewall and security which I did and it downloaded and update. Then it created this log file:

ComboFix 12-05-13.03 - Douglas 05/13/2012 11:20:06.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1665 [GMT -7:00]
Running from: c:\users\Douglas\Desktop\ComboFix.exe
Command switches used :: c:\users\Douglas\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))
.
.
2012-05-13 18:29 . 2012-05-13 18:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-13 18:29 . 2012-05-13 18:29 -------- d-----w- c:\users\Natasha\AppData\Local\temp
2012-05-13 18:29 . 2012-05-13 18:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-12 00:42 . 2012-04-18 10:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1646E609-21B6-4007-B23F-D69F72649E73}\mpengine.dll
2012-05-11 15:18 . 2012-05-11 23:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-11 15:18 . 2012-05-11 23:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-10 18:35 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-10 18:35 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-05-10 18:35 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-10 18:35 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-10 16:59 . 2012-05-10 16:59 -------- d-----w- c:\windows\Temp6AA19140-BEFA-91B4-D3DB-016123437D7C-Signatures
2012-05-10 16:10 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-10 16:10 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 16:10 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-10 16:10 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 16:10 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 16:10 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 16:10 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-05-10 16:05 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 16:05 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 16:05 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 16:05 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 16:05 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 16:05 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-05-10 15:59 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 15:59 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 15:59 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 15:58 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-05-10 15:47 . 2012-05-10 20:03 -------- d-----w- C:\sh4ldr
2012-05-10 15:47 . 2012-05-10 15:47 -------- d-----w- c:\program files\Enigma Software Group
2012-05-10 15:47 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-05-10 15:47 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-10 15:45 . 2012-05-10 20:03 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-05-10 15:45 . 2012-05-10 15:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-05-09 03:58 . 2012-05-09 03:58 -------- d-----w- c:\users\Douglas\AppData\Roaming\CheckPoint
2012-05-09 02:46 . 2012-05-09 02:46 -------- d-----w- c:\programdata\CheckPoint
2012-05-09 00:57 . 2012-05-10 02:34 -------- d-----w- c:\users\Douglas\AppData\Roaming\Laudw
2012-05-09 00:57 . 2012-05-09 01:08 -------- d-----w- c:\users\Douglas\AppData\Roaming\Ariq
2012-05-08 23:18 . 2012-05-11 23:12 -------- d-----w- c:\program files\SlimCleaner
2012-05-08 21:09 . 2012-05-10 15:53 -------- d-----w- c:\users\Douglas\AppData\Roaming\Umfa
2012-05-08 21:09 . 2012-05-10 05:55 -------- d-----w- c:\users\Douglas\AppData\Roaming\Byxiig
2012-05-08 21:05 . 2012-05-08 21:17 -------- d-----w- c:\users\Douglas\AppData\Roaming\Ikg
2012-05-08 21:04 . 2012-05-10 22:06 -------- d-----w- c:\program files\Common Files\Win
2012-05-08 21:04 . 2012-05-11 15:42 -------- d-----w- c:\users\Douglas\AppData\Roaming\Security Data
2012-05-03 16:29 . 2012-05-03 16:29 -------- d-----w- c:\users\CURRENT_USER
2012-05-02 01:57 . 1999-12-17 17:13 86016 ----a-w- c:\windows\unvise32.exe
2012-04-25 23:16 . 2012-04-25 23:16 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 23:16 . 2012-04-25 23:16 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 23:16 . 2012-04-25 23:16 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-19 03:10 . 2012-04-19 03:10 -------- d-----w- c:\windows\system32\s
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-11 22:43 . 2007-06-19 11:22 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-05-04 22:07 . 2012-04-11 19:00 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 22:07 . 2011-05-24 00:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-05 01:47 . 2011-12-15 18:10 772504 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-05 01:47 . 2010-07-12 03:07 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-19 20:55 . 2012-03-19 20:54 10134560 ----a-w- c:\users\UpdatusUser\AppData\Roaming\lpuninstall.exe
2012-03-19 20:54 . 2012-03-19 20:54 10134560 ----a-w- c:\users\Natasha\AppData\Roaming\lpuninstall.exe
2012-02-23 17:18 . 2009-10-09 15:30 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-04-25 23:16 . 2011-10-17 20:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Douglas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Douglas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Douglas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Douglas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2000-01-01 7703072]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Natasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\users\Natasha\AppData\Roaming\lpuninstall.exe [2012-3-19 10134560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HDHomeRun Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HDHomeRun Manager.lnk
backup=c:\windows\pss\HDHomeRun Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Douglas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EventGhost.lnk]
path=c:\users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk
backup=c:\windows\pss\EventGhost.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-28 02:00 299008 ------w- c:\program files\Creative\Shared Files\CamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2007-03-20 22:23 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2381103534-903276012-2617231151-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-15 913752]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 06919205
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL885EA5D1
*NewlyCreated* - WS2IFSL
*Deregistered* - 06919205
*Deregistered* - aswMBR
*Deregistered* - MpKsl885ea5d1
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-01-19 23:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 22:07]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-22 03:11]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-22 03:11]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2381103534-903276012-2617231151-1000Core.job
- c:\users\Douglas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 23:56]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2381103534-903276012-2617231151-1000UA.job
- c:\users\Douglas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 23:56]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2381103534-903276012-2617231151-1001Core.job
- c:\users\Natasha\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 19:36]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2381103534-903276012-2617231151-1001UA.job
- c:\users\Natasha\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 19:36]
.
2012-05-13 c:\windows\Tasks\updater.exe.job
- c:\program files\Silicondust\HDHomeRun\hdhomerun_checkforupdates.exe [2008-07-27 16:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\0t6gsqs5.default\
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-13 11:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5192)
c:\users\Douglas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-05-13 11:34:36
ComboFix-quarantined-files.txt 2012-05-13 18:34
ComboFix2.txt 2012-05-11 23:36
.
Pre-Run: 25,153,191,936 bytes free
Post-Run: 25,232,510,976 bytes free
.
- - End Of File - - 07813DAA018E2176A038A3B3F1BC032E


Also I noticed that after it is run I keep getting a new icon on my desktop. It is a Microsoft Explorer 'e' with "The Internet" written under it. Other than that I have not seen anything else strange. I am re-enabling my firewall and my Security Essentials. The problem I have seen has been intermittent discover of Waprox. I will keep you posted if it returns again. Now what should I do?

Thank you,

Neumahn

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 13 May 2012 - 09:48 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 15 May 2012 - 11:15 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Neumahn

Neumahn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 16 May 2012 - 12:49 PM

Gringo,

Thank you for the help. I am sorry but I myself have been down with a virus the last three days and now, not quite ready to return to work, I need to travel to a convention. I will not be able to review the last instructions you gave me until sometime this weekend.

On a more positive note I have not found any more infections on my machine and I have run several tools through complete scans.

Neumahn

Edited by Neumahn, 16 May 2012 - 12:49 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 17 May 2012 - 01:02 AM

thank you for letting me know and see you this weekend


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 20 May 2012 - 12:23 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 23 May 2012 - 06:09 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 AM

Posted 26 May 2012 - 12:20 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users