Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think my computer has malware


  • This topic is locked This topic is locked
14 replies to this topic

#1 camron140th

camron140th

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 12 May 2012 - 12:51 PM

Hi everyone, my computer freezes every once in a while and is slow, i've done scans, defragged,disk cleaned and have done scans in safe
mode but haven't found anything. i think it's malware, i've done everything i can imagine but the computer is still slow and freezes.
i also got the "blue screen of death" it is a lenovo 4446-23U laptop and my OS is windows vista 32 bit.
any help is greatly appreciated, i seem to have bad luck with computers. here is the DDS log, i've also added the attachments.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Sarah at 13:58:45 on 2012-05-12
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2008.1357 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com/mb139?a=6R8svVaiJA&i=26
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [Akamai NetSession Interface] "c:\users\sarah\appdata\local\akamai\netsession_win.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SmartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 24.222.0.94 24.222.0.95
TCP: Interfaces\{8E07CC35-60B3-4EA0-B751-342DBE574C9D} : DhcpNameServer = 24.222.0.94 24.222.0.95
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sarah\appdata\roaming\mozilla\firefox\profiles\1xkxcc53.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8svVaiJA&&i=26&search=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8svVaiJA&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - fecd10ac00000000000000242ce43cf5
FF - user.js: extensions.incredibar_i.instlDay - 15470
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:44:46
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8svVaiJA
FF - user.js: extensions.incredibar_i.upn2n - 92824337441851058
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 77%5F2
.
============= SERVICES / DRIVERS ===============
.
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
.
=============== Created Last 30 ================
.
2012-05-12 06:04:44 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8b1e65e6-69bf-4405-86a9-e20dd0b76163}\gapaengine.dll
2012-05-12 06:04:31 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a54f2360-ca76-45bb-b3e2-6087226400f3}\mpengine.dll
2012-05-12 06:01:41 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-12 06:00:36 -------- d-----w- c:\users\sarah\appdata\local\temp
2012-05-12 05:59:59 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-12 05:35:34 98816 ----a-w- c:\windows\sed.exe
2012-05-12 05:35:34 518144 ----a-w- c:\windows\SWREG.exe
2012-05-12 05:35:34 256000 ----a-w- c:\windows\PEV.exe
2012-05-12 05:35:34 208896 ----a-w- c:\windows\MBR.exe
2012-05-12 02:32:36 -------- d-----w- c:\program files\CCleaner
2012-05-11 04:41:08 -------- d-----w- c:\users\sarah\appdata\roaming\Malwarebytes
2012-05-11 04:40:56 -------- d-----w- c:\programdata\Malwarebytes
2012-05-11 04:40:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-11 04:40:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-11 01:41:48 -------- d-----w- c:\program files\VideoLAN
2012-05-10 23:43:27 -------- d-----w- c:\programdata\Codecv
2012-05-10 23:43:23 -------- d-----w- C:\codec-info
2012-05-10 23:43:10 -------- d-----w- c:\programdata\InstallMate
2012-05-10 23:23:39 -------- d-----w- c:\users\sarah\appdata\local\Ares
2012-05-10 22:42:48 -------- d-----w- c:\users\sarah\appdata\local\Google
2012-05-10 22:42:48 -------- d-----w- c:\users\sarah\appdata\local\CRE
2012-05-10 22:42:42 -------- d-----w- c:\program files\Conduit
2012-05-10 22:42:39 -------- d-----w- c:\users\sarah\appdata\local\Conduit
2012-05-10 22:42:29 -------- d-----w- c:\program files\uTorrent
2012-05-10 22:41:36 -------- d-----w- c:\users\sarah\appdata\roaming\uTorrent
2012-05-10 21:27:58 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-10 21:13:28 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-05-10 20:40:39 125 ----a-w- c:\windows\xUninstall.bat
2012-05-10 20:38:54 110080 ----a-w- c:\windows\system32\JmCrIcon.dll
2012-05-10 20:38:53 -------- d-----w- c:\windows\JMCR_DIR
2012-05-10 20:38:33 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-05-10 20:38:32 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-05-10 20:38:32 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-05-10 20:38:32 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-05-10 20:38:32 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-05-10 20:38:32 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-05-10 20:38:31 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-05-10 20:38:31 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-05-10 20:16:11 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-05-10 20:15:59 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-05-10 20:15:59 3506176 ----a-w- c:\windows\system32\bcmihvui.dll
2012-05-10 20:15:59 1326584 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-05-10 20:15:58 3813376 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-05-10 20:15:58 -------- d-----w- c:\program files\Lenovo
2012-05-10 20:15:31 -------- d-----w- C:\temp
2012-05-10 20:02:34 -------- d-----w- c:\program files\CONEXANT
2012-05-10 20:01:07 -------- d-----w- c:\program files\Cisco
2012-05-10 20:00:59 -------- d-----w- c:\program files\common files\Intel
2012-05-10 20:00:23 229376 ----a-w- c:\windows\system32\UCI32M27.dll
2012-05-10 20:00:22 980992 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2012-05-10 20:00:22 8704 ----a-w- c:\windows\system32\drivers\XAudio.sys
2012-05-10 20:00:22 661504 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2012-05-10 20:00:22 386560 ----a-w- c:\windows\system32\drivers\XAudio.exe
2012-05-10 20:00:22 207872 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys
2012-05-10 19:56:06 -------- d-----w- C:\DRIVERS2
2012-05-10 19:24:32 -------- d-----w- c:\users\sarah\appdata\local\Akamai
2012-05-10 18:27:56 17920 ----a-w- c:\windows\system32\netevent.dll
2012-05-10 18:27:56 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-05-10 18:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-10 18:27:40 411648 ----a-w- c:\windows\system32\drivers\http.sys
2012-05-10 18:27:40 30720 ----a-w- c:\windows\system32\httpapi.dll
2012-05-10 18:27:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-05-10 18:27:23 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 18:27:22 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 18:27:22 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 18:27:21 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 18:27:21 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 07:13:29 -------- d-----w- c:\program files\Windows Portable Devices
2012-05-10 06:41:06 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-05-10 06:41:05 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-05-10 06:41:05 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-05-10 06:39:39 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-05-10 06:39:36 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-05-10 06:39:36 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-05-10 06:39:36 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-05-10 06:39:36 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-05-10 06:39:36 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-05-10 06:39:35 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-05-10 06:30:49 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-10 06:30:49 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-05-10 06:30:49 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-10 06:30:49 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-10 06:17:52 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-05-10 06:17:52 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-05-10 06:17:52 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-05-10 06:17:52 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-05-10 06:17:51 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-05-10 06:05:16 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-05-10 02:41:37 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-05-10 02:40:59 389632 ----a-w- c:\windows\system32\html.iec
2012-05-10 02:39:57 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-05-10 02:38:55 502272 ----a-w- c:\windows\system32\usp10.dll
2012-05-10 02:37:59 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2012-05-10 02:36:58 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-05-10 02:34:58 60928 ----a-w- c:\windows\system32\msasn1.dll
2012-05-10 02:34:49 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2012-05-10 02:34:38 2067968 ----a-w- c:\windows\system32\mstscax.dll
2012-05-10 02:34:37 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-05-10 02:34:25 243712 ----a-w- c:\windows\system32\rastls.dll
2012-05-10 02:34:16 355328 ----a-w- c:\windows\system32\WSDApi.dll
2012-05-10 02:34:08 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-05-09 22:44:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-09 22:44:26 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-09 13:11:43 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-05-09 13:11:43 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-09 08:10:42 -------- d-----w- c:\windows\system32\eu-ES
2012-05-09 08:10:42 -------- d-----w- c:\windows\system32\ca-ES
2012-05-09 08:10:40 -------- d-----w- c:\windows\system32\vi-VN
2012-05-09 08:06:29 -------- d-----w- c:\windows\system32\SPReview
2012-05-09 07:55:01 928768 ----a-w- c:\windows\system32\scavenge.dll
2012-05-09 07:53:56 93696 ----a-w- c:\windows\system32\eappgnui.dll
2012-05-09 07:52:59 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-05-09 07:52:59 615424 ----a-w- c:\windows\system32\themeui.dll
2012-05-09 07:52:59 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2012-05-09 07:52:59 449024 ----a-w- c:\windows\system32\termsrv.dll
2012-05-09 07:52:59 313344 ----a-w- c:\windows\system32\thawbrkr.dll
2012-05-09 07:52:59 1152000 ----a-w- c:\windows\system32\themecpl.dll
2012-05-09 07:50:50 -------- d-----w- c:\windows\system32\EventProviders
2012-05-09 06:19:10 17536 ------w- c:\windows\system32\drivers\NtpaSp50.sys
2012-05-09 06:17:40 -------- d-----w- c:\users\sarah\appdata\roaming\SBG-SVG
2012-05-09 06:16:43 -------- d-----w- c:\users\sarah\appdata\local\Adobe
2012-05-09 05:56:49 -------- d--h--w- c:\programdata\Common Files
2012-05-09 05:55:00 -------- d-----w- c:\program files\AVG
2012-05-09 05:51:37 -------- d-----w- c:\programdata\MFAData
2012-05-09 05:46:00 98304 ----a-w- c:\windows\system32\cabview.dll
2012-05-09 05:33:32 -------- d-----w- c:\users\sarah\appdata\roaming\Intel
2012-05-08 23:23:27 -------- d-----w- c:\windows\Panther
2012-05-08 22:55:00 -------- d-----w- c:\users\sarah\Roaming
2012-05-08 22:53:52 -------- d-sh--w- c:\windows\Installer
2012-05-08 22:19:40 2421760 ----a-w- c:\windows\system32\wucltux.dll
2012-05-08 22:19:19 87552 ----a-w- c:\windows\system32\wudriver.dll
2012-05-08 22:19:05 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-08 22:19:05 171608 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-21 03:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-02-28 15:26:16 834048 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 13:56:50 1383424 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 14:01:39.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 12 May 2012 - 11:55 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 camron140th

camron140th
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 13 May 2012 - 02:42 PM

hi, here is the log from combofix. the computer doesn't seem to be freezing or slow as much as it was for the last couple of days so i don't know what's going on. thanks again for your help.

ComboFix 12-05-13.03 - Sarah 05/13/2012 16:30:22.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2008.1226 [GMT -7:00]
Running from: c:\users\Sarah\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))
.
.
2012-05-13 23:34 . 2012-05-13 23:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-13 23:20 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0888B68F-06A9-453A-821E-B430C29F1A28}\mpengine.dll
2012-05-12 06:04 . 2012-05-12 06:03 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B1E65E6-69BF-4405-86A9-E20DD0B76163}\gapaengine.dll
2012-05-12 06:04 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-12 06:01 . 2012-05-12 06:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-12 02:32 . 2012-05-12 02:32 -------- d-----w- c:\program files\CCleaner
2012-05-11 15:59 . 2012-05-11 15:59 -------- d-----w- c:\programdata\WindowsSearch
2012-05-11 04:40 . 2012-05-11 04:40 -------- d-----w- c:\programdata\Malwarebytes
2012-05-11 04:40 . 2012-05-11 04:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-11 04:40 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-11 01:41 . 2012-05-11 01:41 -------- d-----w- c:\program files\VideoLAN
2012-05-10 23:44 . 2012-05-10 23:44 453 ----a-w- C:\user.js
2012-05-10 23:43 . 2012-05-10 23:45 -------- d-----w- c:\programdata\Codecv
2012-05-10 23:43 . 2012-05-10 23:43 -------- d-----w- C:\codec-info
2012-05-10 23:43 . 2012-05-10 23:43 -------- d-----w- c:\programdata\InstallMate
2012-05-10 22:42 . 2012-05-10 22:42 -------- d-----w- c:\program files\Conduit
2012-05-10 22:42 . 2012-05-12 15:08 -------- d-----w- c:\program files\uTorrent
2012-05-10 21:27 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-10 21:13 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-05-10 20:40 . 2012-05-10 20:40 125 ----a-w- c:\windows\xUninstall.bat
2012-05-10 20:38 . 2008-05-15 02:53 110080 ----a-w- c:\windows\system32\JmCrIcon.dll
2012-05-10 20:38 . 2012-05-10 20:40 -------- d-----w- c:\windows\JMCR_DIR
2012-05-10 20:38 . 2012-05-10 20:38 -------- d-----w- c:\program files\Common Files\InstallShield
2012-05-10 20:16 . 2008-02-22 20:06 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-05-10 20:15 . 2008-09-11 02:18 1326584 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-05-10 20:15 . 2008-09-11 02:18 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-05-10 20:15 . 2008-09-11 02:18 3506176 ----a-w- c:\windows\system32\bcmihvui.dll
2012-05-10 20:15 . 2012-05-10 20:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-05-10 20:15 . 2012-05-10 20:15 -------- d-----w- c:\program files\Lenovo
2012-05-10 20:15 . 2008-09-11 02:18 3813376 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-05-10 20:15 . 2012-05-10 20:15 -------- d-----w- C:\temp
2012-05-10 20:02 . 2012-05-10 20:07 -------- d-----w- c:\program files\CONEXANT
2012-05-10 20:01 . 2012-05-10 20:01 -------- d-----w- c:\program files\Cisco
2012-05-10 20:00 . 2012-05-10 20:00 -------- d-----w- c:\program files\Common Files\Intel
2012-05-10 20:00 . 2012-05-10 20:00 -------- d-----w- c:\programdata\Intel
2012-05-10 20:00 . 2008-01-25 18:55 229376 ----a-w- c:\windows\system32\UCI32M27.dll
2012-05-10 20:00 . 2008-03-25 22:41 980992 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2012-05-10 20:00 . 2008-03-25 22:39 207872 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys
2012-05-10 20:00 . 2008-03-25 22:38 661504 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2012-05-10 20:00 . 2007-10-18 22:37 386560 ----a-w- c:\windows\system32\drivers\XAudio.exe
2012-05-10 20:00 . 2007-10-18 22:36 8704 ----a-w- c:\windows\system32\drivers\XAudio.sys
2012-05-10 19:56 . 2012-05-10 19:56 -------- d-----w- C:\DRIVERS2
2012-05-10 18:27 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-05-10 18:27 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2012-05-10 18:27 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-10 18:27 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2012-05-10 18:27 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2012-05-10 18:27 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-05-10 18:27 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 18:27 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 18:27 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 18:27 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 18:27 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 07:13 . 2012-05-10 07:13 -------- d-----w- c:\program files\Windows Portable Devices
2012-05-10 06:41 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-05-10 06:41 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-05-10 06:41 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-05-10 06:39 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-05-10 06:39 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-05-10 06:39 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-05-10 06:39 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-05-10 06:39 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-05-10 06:39 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-05-10 06:39 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-05-10 06:30 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-10 06:30 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-05-10 06:30 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-10 06:30 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-10 06:17 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-05-10 06:17 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-05-10 06:17 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-05-10 06:17 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-05-10 06:17 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-05-10 06:05 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-05-10 02:41 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-10 02:39 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-05-10 02:38 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2012-05-10 02:37 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2012-05-10 02:36 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-05-10 02:34 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2012-05-10 02:34 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2012-05-10 02:34 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2012-05-10 02:34 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-05-10 02:34 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2012-05-10 02:34 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2012-05-10 02:34 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-05-09 22:44 . 2012-05-09 22:44 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-09 22:44 . 2012-05-09 22:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-09 22:44 . 2012-05-09 22:44 -------- d-----w- c:\windows\system32\Macromed
2012-05-09 13:11 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-05-09 13:11 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-09 08:10 . 2012-05-09 08:12 -------- d-----w- c:\windows\system32\ca-ES
2012-05-09 08:10 . 2012-05-09 08:12 -------- d-----w- c:\windows\system32\eu-ES
2012-05-09 08:10 . 2012-05-09 08:12 -------- d-----w- c:\windows\system32\vi-VN
2012-05-09 08:06 . 2012-05-09 08:06 -------- d-----w- c:\windows\system32\SPReview
2012-05-09 07:55 . 2009-04-11 06:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2012-05-09 07:53 . 2009-04-11 06:32 141288 ----a-w- c:\windows\system32\drivers\ecache.sys
2012-05-09 07:52 . 2009-04-11 06:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2012-05-09 07:52 . 2009-04-11 06:28 615424 ----a-w- c:\windows\system32\themeui.dll
2012-05-09 07:52 . 2009-04-11 06:28 449024 ----a-w- c:\windows\system32\termsrv.dll
2012-05-09 07:52 . 2009-04-11 06:28 313344 ----a-w- c:\windows\system32\thawbrkr.dll
2012-05-09 07:52 . 2009-04-11 06:28 1152000 ----a-w- c:\windows\system32\themecpl.dll
2012-05-09 07:52 . 2009-04-11 04:45 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-05-09 07:50 . 2012-05-09 07:50 -------- d-----w- c:\windows\system32\EventProviders
2012-05-09 06:19 . 2008-10-09 16:55 17536 ------w- c:\windows\system32\drivers\NtpaSp50.sys
2012-05-09 06:13 . 2012-05-09 06:13 -------- d-----w- c:\program files\Common Files\Adobe
2012-05-09 06:11 . 2012-05-09 06:11 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-09 05:56 . 2012-05-09 05:56 -------- d--h--w- c:\programdata\Common Files
2012-05-09 05:55 . 2012-05-11 17:31 -------- d-----w- c:\program files\AVG
2012-05-09 05:51 . 2012-05-11 20:27 -------- d-----w- c:\programdata\MFAData
2012-05-09 05:46 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2012-05-08 23:23 . 2012-05-08 22:39 -------- d-----w- c:\windows\Panther
2012-05-08 23:03 . 2012-05-08 23:03 -------- d-----w- c:\program files\DIFX
2012-05-08 23:03 . 2012-05-08 23:03 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-08 22:55 . 2012-05-08 22:55 -------- d-----w- c:\users\Public\Roaming
2012-05-08 22:55 . 2012-05-08 22:55 -------- d-----w- c:\users\Default\Roaming
2012-05-08 22:54 . 2012-05-10 20:16 -------- d-----w- c:\program files\Intel
2012-05-08 22:53 . 2012-05-12 06:02 -------- d-sh--w- c:\windows\Installer
2012-05-08 22:45 . 2012-05-11 17:25 -------- d-----w- c:\users\Sarah
2012-05-08 22:42 . 2012-05-10 06:42 -------- d-----w- c:\windows\Debug
2012-05-08 22:19 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2012-05-08 22:19 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2012-05-08 22:19 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-08 22:19 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2012-05-08 22:19 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 03:44 . 2012-03-21 03:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-04-21 01:19 . 2012-05-09 06:11 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Sarah\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-12 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb139?a=6R8svVaiJA&i=26
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 24.222.0.94 24.222.0.95
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1xkxcc53.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8svVaiJA&&i=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8svVaiJA&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - fecd10ac00000000000000242ce43cf5
FF - user.js: extensions.incredibar_i.instlDay - 15470
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:44
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8svVaiJA
FF - user.js: extensions.incredibar_i.upn2n - 92824337441851058
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 77%5F2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-13 16:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1612318576-1598330715-1155918686-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n¶İ4]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1612318576-1598330715-1155918686-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n¶İ4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1612318576-1598330715-1155918686-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*n¶İ4]
@Allowed: (Read) (RestrictedCode)
"0"=hex:30,00,30,00,2e,00,6e,b6,dd,34,00,00,5e,00,36,00,00,00,00,00,00,00,00,
00,00,00,30,00,30,00,2e,00,6e,b6,dd,34,2e,00,6c,00,6e,00,6b,00,00,00,3c,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000020
.
Completion time: 2012-05-13 16:36:25
ComboFix-quarantined-files.txt 2012-05-13 23:36
ComboFix2.txt 2012-05-12 06:00
ComboFix3.txt 2012-05-12 05:42
.
Pre-Run: 104,750,256,128 bytes free
Post-Run: 104,729,993,216 bytes free
.
- - End Of File - - F18A1E48FA402663ACB2D4AE8DAB878F

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 13 May 2012 - 06:09 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 camron140th

camron140th
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 13 May 2012 - 07:53 PM

hey, when i was running the aswMBR scan and i got the blue screen, also when it was scanning something highlighted in yellow. so i did a scan in safe mode and it finished. here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-13 21:12:32
-----------------------------
21:12:32.113 OS Version: Windows 6.0.6002 Service Pack 2
21:12:32.113 Number of processors: 2 586 0xF0D
21:12:32.113 ComputerName: SARAH-PC UserName: Sarah
21:12:57.244 Initialize success
21:13:08.180 AVAST engine defs: 12051301
21:13:12.954 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:13:12.954 Disk 0 Vendor: HITACHI_HTS543216L9SA00 FB2ZC4EC Size: 152627MB BusType: 3
21:13:12.985 Disk 0 MBR read successfully
21:13:12.985 Disk 0 MBR scan
21:13:13.000 Disk 0 Windows VISTA default MBR code
21:13:13.016 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
21:13:13.032 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 141125 MB offset 3074048
21:13:13.063 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 292098048
21:13:13.078 Disk 0 scanning sectors +312578048
21:13:13.141 Disk 0 scanning C:\Windows\system32\drivers
21:13:22.298 Service scanning
21:13:51.501 Modules scanning
21:13:58.069 Disk 0 trace - called modules:
21:13:58.599 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
21:13:58.615 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ac9888]
21:13:58.615 3 CLASSPNP.SYS[87ba28b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x849d0b98]
21:14:00.003 AVAST engine scan C:\Windows
21:14:03.357 AVAST engine scan C:\Windows\system32
21:16:25.582 AVAST engine scan C:\Windows\system32\drivers
21:16:38.624 AVAST engine scan C:\Users\Sarah
21:17:44.706 AVAST engine scan C:\ProgramData
21:17:57.576 Scan finished successfully
21:39:28.632 Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat"
21:39:28.647 The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBR.txt"


here is the other log:




20:52:19.0357 0716 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
20:52:19.0814 0716 ============================================================
20:52:19.0814 0716 Current date / time: 2012/05/13 20:52:19.0814
20:52:19.0814 0716 SystemInfo:
20:52:19.0814 0716
20:52:19.0814 0716 OS Version: 6.0.6002 ServicePack: 2.0
20:52:19.0814 0716 Product type: Workstation
20:52:19.0814 0716 ComputerName: SARAH-PC
20:52:19.0815 0716 UserName: Sarah
20:52:19.0815 0716 Windows directory: C:\Windows
20:52:19.0815 0716 System windows directory: C:\Windows
20:52:19.0815 0716 Processor architecture: Intel x86
20:52:19.0815 0716 Number of processors: 2
20:52:19.0815 0716 Page size: 0x1000
20:52:19.0815 0716 Boot type: Normal boot
20:52:19.0815 0716 ============================================================
20:52:21.0628 0716 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:52:27.0853 0716 Drive \Device\Harddisk1\DR1 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:52:27.0854 0716 ============================================================
20:52:27.0854 0716 \Device\Harddisk0\DR0:
20:52:27.0855 0716 MBR partitions:
20:52:27.0855 0716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
20:52:27.0855 0716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x113A2800
20:52:27.0855 0716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11691000, BlocksNum 0x1388000
20:52:27.0855 0716 \Device\Harddisk1\DR1:
20:52:27.0855 0716 MBR partitions:
20:52:27.0855 0716 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
20:52:27.0855 0716 ============================================================
20:52:27.0900 0716 C: <-> \Device\Harddisk0\DR0\Partition1
20:52:27.0929 0716 D: <-> \Device\Harddisk0\DR0\Partition0
20:52:27.0980 0716 E: <-> \Device\Harddisk0\DR0\Partition2
20:52:27.0985 0716 G: <-> \Device\Harddisk1\DR1\Partition0
20:52:27.0985 0716 ============================================================
20:52:27.0985 0716 Initialize success
20:52:27.0985 0716 ============================================================
20:53:39.0592 1172 ============================================================
20:53:39.0592 1172 Scan started
20:53:39.0592 1172 Mode: Manual;
20:53:39.0592 1172 ============================================================
20:53:40.0278 1172 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:53:40.0281 1172 ACPI - ok
20:53:40.0388 1172 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:53:40.0390 1172 AdobeARMservice - ok
20:53:40.0481 1172 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:53:40.0491 1172 adp94xx - ok
20:53:40.0536 1172 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:53:40.0543 1172 adpahci - ok
20:53:40.0567 1172 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:53:40.0568 1172 adpu160m - ok
20:53:40.0623 1172 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:53:40.0627 1172 adpu320 - ok
20:53:40.0670 1172 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:53:40.0671 1172 AeLookupSvc - ok
20:53:40.0739 1172 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:53:40.0745 1172 AFD - ok
20:53:40.0793 1172 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:53:40.0795 1172 agp440 - ok
20:53:40.0812 1172 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:53:40.0813 1172 aic78xx - ok
20:53:40.0839 1172 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:53:40.0841 1172 ALG - ok
20:53:40.0866 1172 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:53:40.0868 1172 aliide - ok
20:53:40.0891 1172 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:53:40.0893 1172 amdagp - ok
20:53:40.0900 1172 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:53:40.0901 1172 amdide - ok
20:53:40.0921 1172 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:53:40.0922 1172 AmdK7 - ok
20:53:40.0943 1172 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:53:40.0945 1172 AmdK8 - ok
20:53:40.0986 1172 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:53:40.0987 1172 Appinfo - ok
20:53:41.0038 1172 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:53:41.0041 1172 arc - ok
20:53:41.0112 1172 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:53:41.0114 1172 arcsas - ok
20:53:41.0148 1172 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:53:41.0149 1172 AsyncMac - ok
20:53:41.0182 1172 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:53:41.0183 1172 atapi - ok
20:53:41.0253 1172 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:53:41.0257 1172 AudioEndpointBuilder - ok
20:53:41.0262 1172 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:53:41.0266 1172 Audiosrv - ok
20:53:41.0341 1172 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:53:41.0343 1172 b57nd60x - ok
20:53:41.0516 1172 BCM43XX (142f6d053da0d7a53a3b70d25907335e) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:53:41.0528 1172 BCM43XX - ok
20:53:41.0570 1172 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:53:41.0571 1172 Beep - ok
20:53:41.0647 1172 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:53:41.0650 1172 BFE - ok
20:53:41.0763 1172 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
20:53:41.0772 1172 BITS - ok
20:53:41.0796 1172 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:53:41.0798 1172 blbdrive - ok
20:53:41.0833 1172 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:53:41.0836 1172 bowser - ok
20:53:41.0882 1172 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:53:41.0882 1172 BrFiltLo - ok
20:53:41.0895 1172 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:53:41.0897 1172 BrFiltUp - ok
20:53:41.0934 1172 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:53:41.0936 1172 Browser - ok
20:53:41.0981 1172 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:53:41.0983 1172 Brserid - ok
20:53:42.0005 1172 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:53:42.0006 1172 BrSerWdm - ok
20:53:42.0012 1172 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:53:42.0013 1172 BrUsbMdm - ok
20:53:42.0020 1172 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:53:42.0021 1172 BrUsbSer - ok
20:53:42.0050 1172 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:53:42.0051 1172 BTHMODEM - ok
20:53:42.0172 1172 catchme - ok
20:53:42.0212 1172 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:53:42.0213 1172 cdfs - ok
20:53:42.0265 1172 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:53:42.0267 1172 cdrom - ok
20:53:42.0337 1172 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:53:42.0339 1172 CertPropSvc - ok
20:53:42.0372 1172 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:53:42.0373 1172 circlass - ok
20:53:42.0415 1172 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:53:42.0417 1172 CLFS - ok
20:53:42.0494 1172 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:53:42.0496 1172 clr_optimization_v2.0.50727_32 - ok
20:53:42.0529 1172 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:53:42.0531 1172 CmBatt - ok
20:53:42.0547 1172 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:53:42.0548 1172 cmdide - ok
20:53:42.0623 1172 CnxtHdAudService (8b7a0ce6613f991359ff95212900396c) C:\Windows\system32\drivers\CHDRT32.sys
20:53:42.0626 1172 CnxtHdAudService - ok
20:53:42.0671 1172 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:53:42.0672 1172 Compbatt - ok
20:53:42.0676 1172 COMSysApp - ok
20:53:42.0688 1172 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:53:42.0690 1172 crcdisk - ok
20:53:42.0711 1172 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:53:42.0712 1172 Crusoe - ok
20:53:42.0800 1172 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:53:42.0802 1172 CryptSvc - ok
20:53:42.0896 1172 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:53:42.0903 1172 DcomLaunch - ok
20:53:42.0945 1172 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:53:42.0948 1172 DfsC - ok
20:53:43.0266 1172 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:53:43.0313 1172 DFSR - ok
20:53:43.0493 1172 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:53:43.0495 1172 Dhcp - ok
20:53:43.0550 1172 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:53:43.0552 1172 disk - ok
20:53:43.0604 1172 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:53:43.0605 1172 Dnscache - ok
20:53:43.0632 1172 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:53:43.0634 1172 dot3svc - ok
20:53:43.0684 1172 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:53:43.0686 1172 DPS - ok
20:53:43.0736 1172 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:53:43.0737 1172 drmkaud - ok
20:53:43.0836 1172 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:53:43.0850 1172 DXGKrnl - ok
20:53:43.0897 1172 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:53:43.0899 1172 E1G60 - ok
20:53:43.0946 1172 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:53:43.0947 1172 EapHost - ok
20:53:44.0005 1172 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:53:44.0006 1172 Ecache - ok
20:53:44.0071 1172 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:53:44.0075 1172 elxstor - ok
20:53:44.0158 1172 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:53:44.0164 1172 EMDMgmt - ok
20:53:44.0194 1172 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:53:44.0195 1172 ErrDev - ok
20:53:44.0263 1172 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:53:44.0266 1172 EventSystem - ok
20:53:44.0424 1172 EvtEng (306ac856622864c761cbdb5e816bb9d8) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:53:44.0442 1172 EvtEng - ok
20:53:44.0497 1172 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:53:44.0501 1172 exfat - ok
20:53:44.0539 1172 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:53:44.0542 1172 fastfat - ok
20:53:44.0600 1172 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:53:44.0602 1172 fdc - ok
20:53:44.0631 1172 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:53:44.0632 1172 fdPHost - ok
20:53:44.0643 1172 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:53:44.0644 1172 FDResPub - ok
20:53:44.0667 1172 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:53:44.0669 1172 FileInfo - ok
20:53:44.0676 1172 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:53:44.0678 1172 Filetrace - ok
20:53:44.0687 1172 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:53:44.0689 1172 flpydisk - ok
20:53:44.0739 1172 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:53:44.0740 1172 FltMgr - ok
20:53:44.0858 1172 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:53:44.0871 1172 FontCache - ok
20:53:44.0966 1172 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:53:44.0967 1172 FontCache3.0.0.0 - ok
20:53:45.0066 1172 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:53:45.0068 1172 Fs_Rec - ok
20:53:45.0093 1172 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:53:45.0095 1172 gagp30kx - ok
20:53:45.0186 1172 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:53:45.0192 1172 gpsvc - ok
20:53:45.0261 1172 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
20:53:45.0266 1172 HdAudAddService - ok
20:53:45.0347 1172 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:53:45.0357 1172 HDAudBus - ok
20:53:45.0387 1172 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:53:45.0388 1172 HidBth - ok
20:53:45.0408 1172 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:53:45.0408 1172 HidIr - ok
20:53:45.0446 1172 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
20:53:45.0447 1172 hidserv - ok
20:53:45.0480 1172 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
20:53:45.0481 1172 HidUsb - ok
20:53:45.0525 1172 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:53:45.0527 1172 hkmsvc - ok
20:53:45.0553 1172 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:53:45.0554 1172 HpCISSs - ok
20:53:45.0698 1172 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:53:45.0716 1172 HSF_DPV - ok
20:53:45.0751 1172 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:53:45.0756 1172 HSXHWAZL - ok
20:53:45.0822 1172 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
20:53:45.0832 1172 HTTP - ok
20:53:45.0865 1172 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:53:45.0867 1172 i2omp - ok
20:53:45.0915 1172 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:53:45.0917 1172 i8042prt - ok
20:53:46.0013 1172 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:53:46.0019 1172 iaStorV - ok
20:53:46.0197 1172 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:53:46.0214 1172 idsvc - ok
20:53:47.0167 1172 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:53:47.0390 1172 igfx - ok
20:53:47.0554 1172 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:53:47.0556 1172 iirsp - ok
20:53:47.0627 1172 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:53:47.0636 1172 IKEEXT - ok
20:53:47.0682 1172 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:53:47.0683 1172 intelide - ok
20:53:47.0701 1172 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:53:47.0702 1172 intelppm - ok
20:53:47.0752 1172 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:53:47.0754 1172 IPBusEnum - ok
20:53:47.0786 1172 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:53:47.0788 1172 IpFilterDriver - ok
20:53:47.0841 1172 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:53:47.0844 1172 iphlpsvc - ok
20:53:47.0848 1172 IpInIp - ok
20:53:47.0882 1172 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:53:47.0884 1172 IPMIDRV - ok
20:53:47.0906 1172 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:53:47.0908 1172 IPNAT - ok
20:53:47.0924 1172 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:53:47.0925 1172 IRENUM - ok
20:53:47.0940 1172 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:53:47.0941 1172 isapnp - ok
20:53:48.0000 1172 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:53:48.0004 1172 iScsiPrt - ok
20:53:48.0053 1172 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:53:48.0054 1172 iteatapi - ok
20:53:48.0077 1172 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:53:48.0079 1172 iteraid - ok
20:53:48.0163 1172 JMCR (a69a1b991824b98f744913555f665893) C:\Windows\system32\DRIVERS\jmcr.sys
20:53:48.0166 1172 JMCR - ok
20:53:48.0193 1172 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:53:48.0195 1172 kbdclass - ok
20:53:48.0242 1172 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
20:53:48.0244 1172 kbdhid - ok
20:53:48.0283 1172 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:53:48.0285 1172 KeyIso - ok
20:53:48.0350 1172 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:53:48.0354 1172 KSecDD - ok
20:53:48.0432 1172 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:53:48.0436 1172 KtmRm - ok
20:53:48.0483 1172 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:53:48.0486 1172 LanmanServer - ok
20:53:48.0545 1172 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:53:48.0551 1172 LanmanWorkstation - ok
20:53:48.0588 1172 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:53:48.0590 1172 lltdio - ok
20:53:48.0642 1172 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:53:48.0645 1172 lltdsvc - ok
20:53:48.0685 1172 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:53:48.0686 1172 lmhosts - ok
20:53:48.0716 1172 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:53:48.0719 1172 LSI_FC - ok
20:53:48.0734 1172 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:53:48.0737 1172 LSI_SAS - ok
20:53:48.0762 1172 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:53:48.0765 1172 LSI_SCSI - ok
20:53:48.0793 1172 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:53:48.0796 1172 luafv - ok
20:53:48.0830 1172 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
20:53:48.0831 1172 MBAMProtector - ok
20:53:48.0970 1172 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:53:48.0982 1172 MBAMService - ok
20:53:49.0011 1172 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:53:49.0012 1172 mdmxsdk - ok
20:53:49.0047 1172 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:53:49.0049 1172 megasas - ok
20:53:49.0103 1172 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:53:49.0112 1172 MegaSR - ok
20:53:49.0157 1172 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:53:49.0160 1172 MMCSS - ok
20:53:49.0188 1172 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:53:49.0189 1172 Modem - ok
20:53:49.0213 1172 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:53:49.0214 1172 monitor - ok
20:53:49.0240 1172 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:53:49.0242 1172 mouclass - ok
20:53:49.0277 1172 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:53:49.0278 1172 mouhid - ok
20:53:49.0305 1172 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:53:49.0306 1172 MountMgr - ok
20:53:49.0371 1172 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:53:49.0374 1172 MozillaMaintenance - ok
20:53:49.0463 1172 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
20:53:49.0467 1172 MpFilter - ok
20:53:49.0523 1172 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:53:49.0527 1172 mpio - ok
20:53:49.0607 1172 MpKslfb1d3145 - ok
20:53:49.0624 1172 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:53:49.0625 1172 mpsdrv - ok
20:53:49.0709 1172 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:53:49.0716 1172 MpsSvc - ok
20:53:49.0740 1172 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:53:49.0742 1172 Mraid35x - ok
20:53:49.0771 1172 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:53:49.0774 1172 MRxDAV - ok
20:53:49.0816 1172 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:53:49.0819 1172 mrxsmb - ok
20:53:49.0853 1172 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:53:49.0858 1172 mrxsmb10 - ok
20:53:49.0879 1172 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:53:49.0882 1172 mrxsmb20 - ok
20:53:49.0930 1172 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
20:53:49.0932 1172 msahci - ok
20:53:49.0972 1172 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:53:49.0975 1172 msdsm - ok
20:53:50.0022 1172 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:53:50.0026 1172 MSDTC - ok
20:53:50.0044 1172 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:53:50.0046 1172 Msfs - ok
20:53:50.0111 1172 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:53:50.0112 1172 msisadrv - ok
20:53:50.0277 1172 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:53:50.0279 1172 MSiSCSI - ok
20:53:50.0301 1172 msiserver - ok
20:53:50.0339 1172 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:53:50.0340 1172 MSKSSRV - ok
20:53:50.0414 1172 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:53:50.0414 1172 MsMpSvc - ok
20:53:50.0431 1172 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:53:50.0432 1172 MSPCLOCK - ok
20:53:50.0439 1172 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:53:50.0440 1172 MSPQM - ok
20:53:50.0491 1172 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:53:50.0495 1172 MsRPC - ok
20:53:50.0522 1172 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:53:50.0523 1172 mssmbios - ok
20:53:50.0551 1172 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:53:50.0553 1172 MSTEE - ok
20:53:50.0576 1172 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:53:50.0578 1172 Mup - ok
20:53:50.0637 1172 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:53:50.0642 1172 napagent - ok
20:53:50.0669 1172 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:53:50.0673 1172 NativeWifiP - ok
20:53:50.0750 1172 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:53:50.0762 1172 NDIS - ok
20:53:50.0800 1172 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:53:50.0801 1172 NdisTapi - ok
20:53:50.0817 1172 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:53:50.0818 1172 Ndisuio - ok
20:53:50.0848 1172 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:53:50.0850 1172 NdisWan - ok
20:53:50.0880 1172 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:53:50.0882 1172 NDProxy - ok
20:53:50.0891 1172 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:53:50.0893 1172 NetBIOS - ok
20:53:50.0943 1172 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:53:50.0947 1172 netbt - ok
20:53:50.0983 1172 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:53:50.0985 1172 Netlogon - ok
20:53:51.0042 1172 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:53:51.0046 1172 Netman - ok
20:53:51.0080 1172 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:53:51.0083 1172 netprofm - ok
20:53:51.0198 1172 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:53:51.0199 1172 NetTcpPortSharing - ok
20:53:51.0481 1172 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
20:53:51.0506 1172 NETw2v32 - ok
20:53:51.0704 1172 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:53:51.0705 1172 nfrd960 - ok
20:53:51.0749 1172 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:53:51.0751 1172 NisDrv - ok
20:53:51.0828 1172 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
20:53:51.0833 1172 NisSrv - ok
20:53:51.0886 1172 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:53:51.0889 1172 NlaSvc - ok
20:53:51.0920 1172 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:53:51.0923 1172 Npfs - ok
20:53:51.0959 1172 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:53:51.0962 1172 nsi - ok
20:53:51.0972 1172 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:53:51.0974 1172 nsiproxy - ok
20:53:52.0096 1172 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:53:52.0121 1172 Ntfs - ok
20:53:52.0154 1172 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:53:52.0155 1172 ntrigdigi - ok
20:53:52.0169 1172 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:53:52.0171 1172 Null - ok
20:53:52.0195 1172 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:53:52.0198 1172 nvraid - ok
20:53:52.0212 1172 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:53:52.0214 1172 nvstor - ok
20:53:52.0244 1172 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:53:52.0245 1172 nv_agp - ok
20:53:52.0250 1172 NwlnkFlt - ok
20:53:52.0257 1172 NwlnkFwd - ok
20:53:52.0275 1172 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:53:52.0278 1172 ohci1394 - ok
20:53:52.0376 1172 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:53:52.0383 1172 p2pimsvc - ok
20:53:52.0392 1172 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:53:52.0400 1172 p2psvc - ok
20:53:52.0427 1172 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:53:52.0430 1172 Parport - ok
20:53:52.0469 1172 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
20:53:52.0470 1172 partmgr - ok
20:53:52.0494 1172 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:53:52.0495 1172 Parvdm - ok
20:53:52.0535 1172 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:53:52.0538 1172 PcaSvc - ok
20:53:52.0582 1172 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:53:52.0586 1172 pci - ok
20:53:52.0619 1172 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:53:52.0620 1172 pciide - ok
20:53:52.0648 1172 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:53:52.0652 1172 pcmcia - ok
20:53:52.0764 1172 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:53:52.0783 1172 PEAUTH - ok
20:53:52.0970 1172 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:53:52.0986 1172 pla - ok
20:53:53.0147 1172 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:53:53.0151 1172 PlugPlay - ok
20:53:53.0241 1172 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:53:53.0248 1172 PNRPAutoReg - ok
20:53:53.0258 1172 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:53:53.0265 1172 PNRPsvc - ok
20:53:53.0339 1172 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:53:53.0343 1172 PolicyAgent - ok
20:53:53.0410 1172 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:53:53.0411 1172 PptpMiniport - ok
20:53:53.0429 1172 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:53:53.0430 1172 Processor - ok
20:53:53.0479 1172 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:53:53.0484 1172 ProfSvc - ok
20:53:53.0517 1172 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:53:53.0519 1172 ProtectedStorage - ok
20:53:53.0566 1172 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:53:53.0567 1172 PSched - ok
20:53:53.0716 1172 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:53:53.0738 1172 ql2300 - ok
20:53:53.0764 1172 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:53:53.0765 1172 ql40xx - ok
20:53:53.0824 1172 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:53:53.0828 1172 QWAVE - ok
20:53:53.0845 1172 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:53:53.0846 1172 QWAVEdrv - ok
20:53:53.0878 1172 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:53:53.0879 1172 RasAcd - ok
20:53:53.0906 1172 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:53:53.0909 1172 RasAuto - ok
20:53:53.0949 1172 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:53:53.0952 1172 Rasl2tp - ok
20:53:54.0008 1172 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:53:54.0012 1172 RasMan - ok
20:53:54.0029 1172 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:53:54.0030 1172 RasPppoe - ok
20:53:54.0057 1172 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:53:54.0058 1172 RasSstp - ok
20:53:54.0101 1172 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:53:54.0106 1172 rdbss - ok
20:53:54.0127 1172 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:53:54.0129 1172 RDPCDD - ok
20:53:54.0173 1172 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:53:54.0179 1172 rdpdr - ok
20:53:54.0185 1172 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:53:54.0186 1172 RDPENCDD - ok
20:53:54.0241 1172 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
20:53:54.0245 1172 RDPWD - ok
20:53:54.0412 1172 RegSrvc (b33c88df3588acf250b87a004526c31a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:53:54.0522 1172 RegSrvc - ok
20:53:54.0561 1172 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:53:54.0564 1172 RemoteAccess - ok
20:53:54.0608 1172 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:53:54.0612 1172 RemoteRegistry - ok
20:53:54.0631 1172 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:53:54.0633 1172 RpcLocator - ok
20:53:54.0738 1172 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:53:54.0746 1172 RpcSs - ok
20:53:54.0805 1172 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:53:54.0807 1172 rspndr - ok
20:53:54.0839 1172 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:53:54.0841 1172 SamSs - ok
20:53:54.0864 1172 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:53:54.0867 1172 sbp2port - ok
20:53:54.0901 1172 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:53:54.0903 1172 SCardSvr - ok
20:53:55.0010 1172 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:53:55.0026 1172 Schedule - ok
20:53:55.0070 1172 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:53:55.0071 1172 SCPolicySvc - ok
20:53:55.0112 1172 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:53:55.0113 1172 sdbus - ok
20:53:55.0149 1172 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:53:55.0152 1172 SDRSVC - ok
20:53:55.0181 1172 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:53:55.0183 1172 secdrv - ok
20:53:55.0197 1172 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:53:55.0199 1172 seclogon - ok
20:53:55.0216 1172 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:53:55.0220 1172 SENS - ok
20:53:55.0250 1172 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:53:55.0251 1172 Serenum - ok
20:53:55.0270 1172 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:53:55.0274 1172 Serial - ok
20:53:55.0302 1172 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:53:55.0303 1172 sermouse - ok
20:53:55.0337 1172 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:53:55.0340 1172 SessionEnv - ok
20:53:55.0347 1172 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:53:55.0348 1172 sffdisk - ok
20:53:55.0370 1172 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:53:55.0371 1172 sffp_mmc - ok
20:53:55.0387 1172 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:53:55.0389 1172 sffp_sd - ok
20:53:55.0414 1172 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:53:55.0415 1172 sfloppy - ok
20:53:55.0472 1172 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:53:55.0476 1172 SharedAccess - ok
20:53:55.0537 1172 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:53:55.0545 1172 ShellHWDetection - ok
20:53:55.0561 1172 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:53:55.0562 1172 sisagp - ok
20:53:55.0580 1172 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:53:55.0581 1172 SiSRaid2 - ok
20:53:55.0622 1172 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:53:55.0624 1172 SiSRaid4 - ok
20:53:55.0991 1172 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:53:56.0067 1172 slsvc - ok
20:53:56.0220 1172 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:53:56.0223 1172 SLUINotify - ok
20:53:56.0269 1172 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:53:56.0271 1172 Smb - ok
20:53:56.0309 1172 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:53:56.0312 1172 SNMPTRAP - ok
20:53:56.0345 1172 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:53:56.0347 1172 spldr - ok
20:53:56.0394 1172 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:53:56.0400 1172 Spooler - ok
20:53:56.0465 1172 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:53:56.0472 1172 srv - ok
20:53:56.0518 1172 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:53:56.0522 1172 srv2 - ok
20:53:56.0547 1172 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:53:56.0550 1172 srvnet - ok
20:53:56.0589 1172 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:53:56.0595 1172 SSDPSRV - ok
20:53:56.0636 1172 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:53:56.0639 1172 SstpSvc - ok
20:53:56.0711 1172 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:53:56.0717 1172 stisvc - ok
20:53:56.0744 1172 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:53:56.0746 1172 swenum - ok
20:53:56.0809 1172 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:53:56.0814 1172 swprv - ok
20:53:56.0831 1172 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:53:56.0832 1172 Symc8xx - ok
20:53:56.0850 1172 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:53:56.0852 1172 Sym_hi - ok
20:53:56.0862 1172 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:53:56.0863 1172 Sym_u3 - ok
20:53:56.0938 1172 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:53:56.0945 1172 SysMain - ok
20:53:56.0988 1172 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:53:56.0990 1172 TabletInputService - ok
20:53:57.0048 1172 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:53:57.0052 1172 TapiSrv - ok
20:53:57.0078 1172 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:53:57.0081 1172 TBS - ok
20:53:57.0198 1172 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
20:53:57.0207 1172 Tcpip - ok
20:53:57.0237 1172 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
20:53:57.0246 1172 Tcpip6 - ok
20:53:57.0267 1172 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
20:53:57.0269 1172 tcpipreg - ok
20:53:57.0298 1172 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:53:57.0300 1172 TDPIPE - ok
20:53:57.0319 1172 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:53:57.0321 1172 TDTCP - ok
20:53:57.0360 1172 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:53:57.0361 1172 tdx - ok
20:53:57.0388 1172 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:53:57.0389 1172 TermDD - ok
20:53:57.0453 1172 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:53:57.0459 1172 TermService - ok
20:53:57.0515 1172 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:53:57.0519 1172 Themes - ok
20:53:57.0589 1172 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:53:57.0591 1172 THREADORDER - ok
20:53:57.0631 1172 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:53:57.0634 1172 TrkWks - ok
20:53:57.0686 1172 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:53:57.0687 1172 TrustedInstaller - ok
20:53:57.0743 1172 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:53:57.0743 1172 tssecsrv - ok
20:53:57.0766 1172 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:53:57.0768 1172 tunmp - ok
20:53:57.0796 1172 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:53:57.0798 1172 tunnel - ok
20:53:57.0824 1172 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:53:57.0825 1172 uagp35 - ok
20:53:57.0875 1172 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:53:57.0880 1172 udfs - ok
20:53:57.0929 1172 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:53:57.0933 1172 UI0Detect - ok
20:53:57.0977 1172 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:53:57.0978 1172 uliagpkx - ok
20:53:58.0015 1172 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:53:58.0017 1172 uliahci - ok
20:53:58.0037 1172 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:53:58.0040 1172 UlSata - ok
20:53:58.0064 1172 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:53:58.0067 1172 ulsata2 - ok
20:53:58.0083 1172 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:53:58.0084 1172 umbus - ok
20:53:58.0126 1172 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:53:58.0135 1172 upnphost - ok
20:53:58.0180 1172 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:53:58.0181 1172 usbccgp - ok
20:53:58.0222 1172 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:53:58.0224 1172 usbcir - ok
20:53:58.0275 1172 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:53:58.0276 1172 usbehci - ok
20:53:58.0327 1172 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:53:58.0331 1172 usbhub - ok
20:53:58.0351 1172 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:53:58.0353 1172 usbohci - ok
20:53:58.0360 1172 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
20:53:58.0362 1172 usbprint - ok
20:53:58.0391 1172 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:53:58.0392 1172 USBSTOR - ok
20:53:58.0420 1172 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:53:58.0421 1172 usbuhci - ok
20:53:58.0479 1172 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:53:58.0480 1172 usbvideo - ok
20:53:58.0517 1172 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:53:58.0520 1172 UxSms - ok
20:53:58.0578 1172 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:53:58.0585 1172 vds - ok
20:53:58.0601 1172 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:53:58.0603 1172 vga - ok
20:53:58.0628 1172 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:53:58.0629 1172 VgaSave - ok
20:53:58.0658 1172 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:53:58.0660 1172 viaagp - ok
20:53:58.0677 1172 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:53:58.0679 1172 ViaC7 - ok
20:53:58.0704 1172 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:53:58.0705 1172 viaide - ok
20:53:58.0728 1172 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:53:58.0729 1172 volmgr - ok
20:53:58.0787 1172 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:53:58.0794 1172 volmgrx - ok
20:53:58.0851 1172 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:53:58.0857 1172 volsnap - ok
20:53:58.0903 1172 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:53:58.0906 1172 vsmraid - ok
20:53:59.0041 1172 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:53:59.0067 1172 VSS - ok
20:53:59.0125 1172 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:53:59.0133 1172 W32Time - ok
20:53:59.0191 1172 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:53:59.0193 1172 WacomPen - ok
20:53:59.0214 1172 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:53:59.0216 1172 Wanarp - ok
20:53:59.0222 1172 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:53:59.0223 1172 Wanarpv6 - ok
20:53:59.0296 1172 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:53:59.0303 1172 wcncsvc - ok
20:53:59.0335 1172 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:53:59.0337 1172 WcsPlugInService - ok
20:53:59.0349 1172 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:53:59.0350 1172 Wd - ok
20:53:59.0395 1172 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
20:53:59.0396 1172 WDC_SAM - ok
20:53:59.0463 1172 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:53:59.0474 1172 Wdf01000 - ok
20:53:59.0492 1172 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:53:59.0496 1172 WdiServiceHost - ok
20:53:59.0500 1172 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:53:59.0504 1172 WdiSystemHost - ok
20:53:59.0555 1172 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:53:59.0561 1172 WebClient - ok
20:53:59.0606 1172 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:53:59.0611 1172 Wecsvc - ok
20:53:59.0642 1172 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:53:59.0646 1172 wercplsupport - ok
20:53:59.0678 1172 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:53:59.0681 1172 WerSvc - ok
20:53:59.0778 1172 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:53:59.0793 1172 winachsf - ok
20:53:59.0904 1172 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:53:59.0911 1172 WinDefend - ok
20:53:59.0918 1172 WinHttpAutoProxySvc - ok
20:53:59.0999 1172 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:54:00.0003 1172 Winmgmt - ok
20:54:00.0138 1172 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:54:00.0152 1172 WinRM - ok
20:54:00.0241 1172 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:54:00.0248 1172 Wlansvc - ok
20:54:00.0297 1172 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:54:00.0299 1172 WmiAcpi - ok
20:54:00.0365 1172 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:54:00.0367 1172 wmiApSrv - ok
20:54:00.0535 1172 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:54:00.0548 1172 WMPNetworkSvc - ok
20:54:00.0580 1172 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:54:00.0584 1172 WPCSvc - ok
20:54:00.0626 1172 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:54:00.0629 1172 WPDBusEnum - ok
20:54:00.0686 1172 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:54:00.0687 1172 ws2ifsl - ok
20:54:00.0726 1172 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
20:54:00.0730 1172 wscsvc - ok
20:54:00.0735 1172 WSearch - ok
20:54:00.0955 1172 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:54:00.0995 1172 wuauserv - ok
20:54:01.0167 1172 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:54:01.0170 1172 WUDFRd - ok
20:54:01.0203 1172 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:54:01.0206 1172 wudfsvc - ok
20:54:01.0233 1172 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
20:54:01.0234 1172 XAudio - ok
20:54:01.0291 1172 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
20:54:01.0299 1172 XAudioService - ok
20:54:01.0328 1172 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:54:01.0389 1172 \Device\Harddisk0\DR0 - ok
20:54:01.0394 1172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:54:01.0401 1172 \Device\Harddisk1\DR1 - ok
20:54:01.0406 1172 Boot (0x1200) (a065bee152ac593ede276c76684ca808) \Device\Harddisk0\DR0\Partition0
20:54:01.0408 1172 \Device\Harddisk0\DR0\Partition0 - ok
20:54:01.0420 1172 Boot (0x1200) (066b9a5deab1f03c092296b8495b4fc1) \Device\Harddisk0\DR0\Partition1
20:54:01.0422 1172 \Device\Harddisk0\DR0\Partition1 - ok
20:54:01.0446 1172 Boot (0x1200) (b715e88566935b0d1a6412cd0eefb742) \Device\Harddisk0\DR0\Partition2
20:54:01.0449 1172 \Device\Harddisk0\DR0\Partition2 - ok
20:54:01.0454 1172 Boot (0x1200) (1fd882ec7cadd6b126a7cbedc350e524) \Device\Harddisk1\DR1\Partition0
20:54:01.0455 1172 \Device\Harddisk1\DR1\Partition0 - ok
20:54:01.0456 1172 ============================================================
20:54:01.0457 1172 Scan finished
20:54:01.0457 1172 ============================================================
20:54:01.0471 1332 Detected object count: 0
20:54:01.0471 1332 Actual detected object count: 0
20:55:48.0117 0196 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 13 May 2012 - 08:16 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\user.js

Folder::
c:\programdata\Codecv
C:\codec-info
c:\programdata\InstallMate
c:\program files\Conduit

FireFox::
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1xkxcc53.default\
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8svVaiJA&&i=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8svVaiJA&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - fecd10ac00000000000000242ce43cf5
FF - user.js: extensions.incredibar_i.instlDay - 15470
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:44
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6R8svVaiJA
FF - user.js: extensions.incredibar_i.upn2n - 92824337441851058
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 77%5F2

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 camron140th

camron140th
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 14 May 2012 - 08:38 AM

i think it deleted what was causing the problems. the other day when i was trying to stream a show,the player said i was missing a plugin i downloaded it forgot to scan it and then the computer started acting weird, now when i ran combofix it said it was deleting codecv, im pretty sure it came from that site and now the computer is alot better. here is the log. thanks again



ComboFix 12-05-14.02 - Sarah 05/14/2012 10:25:43.4.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2008.1168 [GMT -7:00]
Running from: c:\users\Sarah\Downloads\ComboFix.exe
Command switches used :: c:\users\Sarah\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\user.js"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\codec-info
c:\codec-info\codec_info.html
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\programdata\Codecv
c:\programdata\Codecv\background.html
c:\programdata\Codecv\bhoclass.dll
c:\programdata\Codecv\content.js
c:\programdata\Codecv\nagngigieempbmcnfbapcgaiadkclmln.crx
c:\programdata\Codecv\settings.ini
c:\programdata\InstallMate
c:\programdata\InstallMate\081B860E\cfg\1.ini
c:\programdata\InstallMate\081B860E\cfg\1_1.ini
c:\programdata\InstallMate\081B860E\cfg\1_4.ini
C:\user.js
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 17:31 . 2012-05-14 17:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-14 17:22 . 2012-05-14 17:22 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B12EA229-2663-4521-9CDD-79C99135EABA}\offreg.dll
2012-05-14 17:22 . 2012-05-14 17:22 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B12EA229-2663-4521-9CDD-79C99135EABA}\MpKsl40344c58.sys
2012-05-14 03:51 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B12EA229-2663-4521-9CDD-79C99135EABA}\mpengine.dll
2012-05-12 06:04 . 2012-05-12 06:03 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B1E65E6-69BF-4405-86A9-E20DD0B76163}\gapaengine.dll
2012-05-12 06:04 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-12 06:01 . 2012-05-12 06:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-12 02:32 . 2012-05-12 02:32 -------- d-----w- c:\program files\CCleaner
2012-05-11 15:59 . 2012-05-11 15:59 -------- d-----w- c:\programdata\WindowsSearch
2012-05-11 04:40 . 2012-05-11 04:40 -------- d-----w- c:\programdata\Malwarebytes
2012-05-11 04:40 . 2012-05-11 04:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-11 04:40 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-11 01:41 . 2012-05-11 01:41 -------- d-----w- c:\program files\VideoLAN
2012-05-10 22:42 . 2012-05-12 15:08 -------- d-----w- c:\program files\uTorrent
2012-05-10 21:27 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-10 21:13 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-05-10 20:40 . 2012-05-10 20:40 125 ----a-w- c:\windows\xUninstall.bat
2012-05-10 20:38 . 2008-05-15 02:53 110080 ----a-w- c:\windows\system32\JmCrIcon.dll
2012-05-10 20:38 . 2012-05-10 20:40 -------- d-----w- c:\windows\JMCR_DIR
2012-05-10 20:38 . 2012-05-10 20:38 -------- d-----w- c:\program files\Common Files\InstallShield
2012-05-10 20:16 . 2008-02-22 20:06 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-05-10 20:15 . 2008-09-11 02:18 1326584 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-05-10 20:15 . 2008-09-11 02:18 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-05-10 20:15 . 2008-09-11 02:18 3506176 ----a-w- c:\windows\system32\bcmihvui.dll
2012-05-10 20:15 . 2012-05-10 20:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-05-10 20:15 . 2012-05-10 20:15 -------- d-----w- c:\program files\Lenovo
2012-05-10 20:15 . 2008-09-11 02:18 3813376 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-05-10 20:15 . 2012-05-10 20:15 -------- d-----w- C:\temp
2012-05-10 20:02 . 2012-05-10 20:07 -------- d-----w- c:\program files\CONEXANT
2012-05-10 20:01 . 2012-05-10 20:01 -------- d-----w- c:\program files\Cisco
2012-05-10 20:00 . 2012-05-10 20:00 -------- d-----w- c:\program files\Common Files\Intel
2012-05-10 20:00 . 2012-05-10 20:00 -------- d-----w- c:\programdata\Intel
2012-05-10 20:00 . 2008-01-25 18:55 229376 ----a-w- c:\windows\system32\UCI32M27.dll
2012-05-10 20:00 . 2008-03-25 22:41 980992 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2012-05-10 20:00 . 2008-03-25 22:39 207872 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys
2012-05-10 20:00 . 2008-03-25 22:38 661504 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2012-05-10 20:00 . 2007-10-18 22:37 386560 ----a-w- c:\windows\system32\drivers\XAudio.exe
2012-05-10 20:00 . 2007-10-18 22:36 8704 ----a-w- c:\windows\system32\drivers\XAudio.sys
2012-05-10 19:56 . 2012-05-10 19:56 -------- d-----w- C:\DRIVERS2
2012-05-10 18:27 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-05-10 18:27 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2012-05-10 18:27 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-10 18:27 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2012-05-10 18:27 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2012-05-10 18:27 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-05-10 18:27 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 18:27 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 18:27 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 18:27 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 18:27 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 07:13 . 2012-05-10 07:13 -------- d-----w- c:\program files\Windows Portable Devices
2012-05-10 06:41 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-05-10 06:41 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-05-10 06:41 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-05-10 06:39 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-05-10 06:39 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-05-10 06:39 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-05-10 06:39 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-05-10 06:39 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-05-10 06:39 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-05-10 06:39 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-05-10 06:30 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-10 06:30 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-05-10 06:30 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-10 06:30 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-10 06:17 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-05-10 06:17 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-05-10 06:17 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-05-10 06:17 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-05-10 06:17 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-05-10 06:05 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-05-10 02:41 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-10 02:39 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-05-10 02:38 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2012-05-10 02:37 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2012-05-10 02:36 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-05-10 02:34 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2012-05-10 02:34 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2012-05-10 02:34 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2012-05-10 02:34 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-05-10 02:34 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2012-05-10 02:34 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2012-05-10 02:34 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-05-09 22:44 . 2012-05-09 22:44 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-09 22:44 . 2012-05-09 22:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-09 22:44 . 2012-05-09 22:44 -------- d-----w- c:\windows\system32\Macromed
2012-05-09 13:11 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-05-09 13:11 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-09 08:10 . 2012-05-09 08:12 -------- d-----w- c:\windows\system32\ca-ES
2012-05-09 08:10 . 2012-05-09 08:12 -------- d-----w- c:\windows\system32\eu-ES
2012-05-09 08:10 . 2012-05-09 08:12 -------- d-----w- c:\windows\system32\vi-VN
2012-05-09 08:06 . 2012-05-09 08:06 -------- d-----w- c:\windows\system32\SPReview
2012-05-09 07:55 . 2009-04-11 06:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2012-05-09 07:53 . 2009-04-11 06:32 141288 ----a-w- c:\windows\system32\drivers\ecache.sys
2012-05-09 07:52 . 2009-04-11 06:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2012-05-09 07:52 . 2009-04-11 06:28 615424 ----a-w- c:\windows\system32\themeui.dll
2012-05-09 07:52 . 2009-04-11 06:28 449024 ----a-w- c:\windows\system32\termsrv.dll
2012-05-09 07:52 . 2009-04-11 06:28 313344 ----a-w- c:\windows\system32\thawbrkr.dll
2012-05-09 07:52 . 2009-04-11 06:28 1152000 ----a-w- c:\windows\system32\themecpl.dll
2012-05-09 07:52 . 2009-04-11 04:45 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-05-09 07:50 . 2012-05-09 07:50 -------- d-----w- c:\windows\system32\EventProviders
2012-05-09 06:19 . 2008-10-09 16:55 17536 ------w- c:\windows\system32\drivers\NtpaSp50.sys
2012-05-09 06:13 . 2012-05-09 06:13 -------- d-----w- c:\program files\Common Files\Adobe
2012-05-09 06:11 . 2012-05-09 06:11 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-09 05:56 . 2012-05-09 05:56 -------- d--h--w- c:\programdata\Common Files
2012-05-09 05:55 . 2012-05-11 17:31 -------- d-----w- c:\program files\AVG
2012-05-09 05:51 . 2012-05-11 20:27 -------- d-----w- c:\programdata\MFAData
2012-05-09 05:46 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2012-05-08 23:23 . 2012-05-08 22:39 -------- d-----w- c:\windows\Panther
2012-05-08 23:03 . 2012-05-08 23:03 -------- d-----w- c:\program files\DIFX
2012-05-08 23:03 . 2012-05-08 23:03 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-08 22:55 . 2012-05-08 22:55 -------- d-----w- c:\users\Public\Roaming
2012-05-08 22:55 . 2012-05-08 22:55 -------- d-----w- c:\users\Default\Roaming
2012-05-08 22:54 . 2012-05-10 20:16 -------- d-----w- c:\program files\Intel
2012-05-08 22:53 . 2012-05-12 06:02 -------- d-sh--w- c:\windows\Installer
2012-05-08 22:45 . 2012-05-11 17:25 -------- d-----w- c:\users\Sarah
2012-05-08 22:42 . 2012-05-10 06:42 -------- d-----w- c:\windows\Debug
2012-05-08 22:19 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2012-05-08 22:19 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2012-05-08 22:19 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-08 22:19 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2012-05-08 22:19 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2012-05-08 22:19 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2012-05-08 22:19 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2012-05-08 22:19 . 2009-08-07 02:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 03:44 . 2012-03-21 03:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-04-21 01:19 . 2012-05-09 06:11 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Sarah\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-12 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL40344C58
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb139?a=6R8svVaiJA&i=26
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 24.222.0.94 24.222.0.95
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1xkxcc53.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-14 10:31
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1612318576-1598330715-1155918686-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n¶İ4]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1612318576-1598330715-1155918686-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n¶İ4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1612318576-1598330715-1155918686-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*n¶İ4]
@Allowed: (Read) (RestrictedCode)
"0"=hex:30,00,30,00,2e,00,6e,b6,dd,34,00,00,5e,00,36,00,00,00,00,00,00,00,00,
00,00,00,30,00,30,00,2e,00,6e,b6,dd,34,2e,00,6c,00,6e,00,6b,00,00,00,3c,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000020
.
Completion time: 2012-05-14 10:33:10
ComboFix-quarantined-files.txt 2012-05-14 17:33
ComboFix2.txt 2012-05-13 23:36
ComboFix3.txt 2012-05-12 06:00
ComboFix4.txt 2012-05-12 05:42
.
Pre-Run: 95,275,868,160 bytes free
Post-Run: 95,274,242,048 bytes free
.
- - End Of File - - 6966AD7C0244671DDD38A218A6C29624

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 14 May 2012 - 12:17 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 camron140th

camron140th
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 14 May 2012 - 01:21 PM

hi the computer is doing a little better it still freezes sometimes but nothing major. here are the logs. thanks again.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:17:23 PM, on 5/14/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb139?a=6R8svVaiJA&i=26
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 3781 bytes




Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.14.05

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.6002.18005
Sarah :: SARAH-PC [administrator]

Protection: Disabled

5/14/2012 2:58:57 PM
mbam-log-2012-05-14 (14-58-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178250
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 14 May 2012 - 07:21 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe"
      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 camron140th

camron140th
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 14 May 2012 - 08:34 PM

here is the threat the scan found. thanks again

C:\MGtools\Process.exe Win32/PrcView application

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 15 May 2012 - 08:36 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\MGtools\Process.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 camron140th

camron140th
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 15 May 2012 - 12:35 PM

hi the infected file has been removed and the computer is working better. when i watch videos though it still freezes from time to time. what is causing that? just browsing the internet there's no problem though. thank you so much for your help and support.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 15 May 2012 - 12:53 PM

Hello

you can clear the temp files, internet cache and reinstall the flash player and see if it helps that


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:46 AM

Posted 17 May 2012 - 11:55 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users