Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Google Redirect Case


  • This topic is locked This topic is locked
14 replies to this topic

#1 faalexand

faalexand

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 19 May 2012 - 07:57 PM

I work on a Windows 7 laptop and I've had trouble with google chrome and IE browsers redirecting after clicking on links in google searches. Malwarebytes picked up a happili trojan and deleted it and restarted the file. Afterwards it still redirects. I've uninstalled google chrome but will reinstall it when we make this better.

Here's the dds log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by FrankJr at 14:53:50 on 2012-05-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2042.983 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Users\FrankJr\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Apple Computer] rundll32.exe "c:\users\frankjr\appdata\local\autodesk\apple computer\nqxzltcp.dll",DllRegisterServer
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\frankjr\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\frankjr\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\frankjr\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: adobe.com\get
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.usf.edu/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9C820EAF-E7CA-4F39-BD50-475CDA601DC4} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9C820EAF-E7CA-4F39-BD50-475CDA601DC4}\14C4548575C414E4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9C820EAF-E7CA-4F39-BD50-475CDA601DC4}\843405C434D2C4962627162797 : DhcpNameServer = 65.32.5.74 65.32.5.75
TCP: Interfaces\{9C820EAF-E7CA-4F39-BD50-475CDA601DC4}\9445740435072796E6768496C6C635579647563763 : DhcpNameServer = 12.127.16.68 8.8.8.8 12.127.17.72
TCP: Interfaces\{9C820EAF-E7CA-4F39-BD50-475CDA601DC4}\A427C414E4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9C820EAF-E7CA-4F39-BD50-475CDA601DC4}\C696E6B6379737 : DhcpNameServer = 65.32.5.74 65.32.5.75
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: FaSrv - FaSrv.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
R1 FD;FD;c:\windows\system32\drivers\FD.sys [2011-2-15 23552]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-17 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 193288]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-2-26 26168]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-27 315392]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-7 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GAMRYPC5;Gamry Reference Family Driver (GamryPC5.sys);c:\windows\system32\drivers\gamrypc5.sys [2012-4-25 35864]
S3 lwldr1a7;Lumenera USB Loader Driver (lwldr1a7.sys);c:\windows\system32\drivers\lwldr1a7.sys [2011-8-10 49920]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 USBLucam1a7;Lumenera Scientific Camera (1a7);c:\windows\system32\drivers\lwcam1a7.sys [2011-8-10 628736]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-13 1343400]
.
=============== Created Last 30 ================
.
2012-05-19 18:06:28 -------- d-----w- c:\program files\CCleaner
2012-05-09 14:21:26 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 14:21:25 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-09 14:21:24 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-09 14:21:24 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-09 14:21:24 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-09 14:21:19 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 14:21:19 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 14:21:19 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 14:21:16 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 14:21:14 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-08 01:45:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 01:45:57 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 17:35:47 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-05 17:19:59 3993600 ----a-w- c:\program files\GUT8345.tmp
2012-05-05 17:19:59 -------- d-----w- c:\program files\GUM8344.tmp
2012-05-05 16:33:39 -------- d-----w- c:\users\frankjr\appdata\local\temp
2012-05-05 12:37:01 -------- d-----w- c:\users\frankjr\appdata\roaming\Malwarebytes
2012-05-05 12:34:08 -------- d-----w- c:\programdata\Malwarebytes
2012-05-05 12:34:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-05 12:34:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-05 12:07:38 -------- d-----w- c:\windows\pss
2012-04-25 16:36:36 46104 ----a-w- c:\windows\system32\GamryCI.dll
2012-04-25 16:36:36 428568 ----a-w- c:\windows\system32\PC5H.dll
2012-04-25 16:36:36 281112 ----a-w- c:\windows\system32\pci4.dll
2012-04-25 16:36:36 21528 ----a-w- c:\windows\system32\usbioclib.dll
2012-04-25 16:36:35 -------- d-----w- c:\programdata\Gamry Instruments
2012-04-25 16:36:32 35864 ----a-w- c:\windows\system32\drivers\gamrypc5.sys
2012-04-25 16:36:30 -------- d-----w- c:\program files\Gamry Instruments
.
==================== Find3M ====================
.
2012-04-19 08:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-19 09:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-01 05:46:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 05:38:52 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 09:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-04-17 16:51:13 4317184 ----a-w- c:\program files\Parallax USB Oscilloscope v5.1.1.msi
.
============= FINISH: 14:54:31.80 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 19 May 2012 - 08:05 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 faalexand

faalexand
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 20 May 2012 - 07:16 AM

No Issues...
Security Check log
Results of screen317's Security Check version 0.99.32
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

and Combofix log:
ComboFix 12-05-20.04 - FrankJr 05/20/2012 7:59.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2042.690 [GMT -4:00]
Running from: c:\users\FrankJr\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\FrankJr\AppData\Local\Autodesk\Apple Computer\nqxzltcp.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 )))))))))))))))))))))))))))))))
.
.
2012-05-20 12:06 . 2012-05-20 12:08 -------- d-----w- c:\users\FrankJr\AppData\Local\temp
2012-05-20 12:06 . 2012-05-20 12:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-20 12:06 . 2012-05-20 12:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-19 18:06 . 2012-05-19 18:06 -------- d-----w- c:\program files\CCleaner
2012-05-09 14:21 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 14:21 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 14:21 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 14:21 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 14:21 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 14:21 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 14:21 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 14:21 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 14:21 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 14:21 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-08 01:45 . 2012-05-08 02:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 01:45 . 2012-05-08 02:06 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 17:19 . 2012-05-05 17:25 3993600 ----a-w- c:\program files\GUT8345.tmp
2012-05-05 17:19 . 2012-05-05 17:19 -------- d-----w- c:\program files\GUM8344.tmp
2012-05-05 12:37 . 2012-05-05 12:37 -------- d-----w- c:\users\FrankJr\AppData\Roaming\Malwarebytes
2012-05-05 12:34 . 2012-05-05 12:34 -------- d-----w- c:\programdata\Malwarebytes
2012-05-05 12:34 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-05 12:34 . 2012-05-05 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-25 16:36 . 2008-02-29 15:46 46104 ----a-w- c:\windows\system32\GamryCI.dll
2012-04-25 16:36 . 2008-02-29 15:46 428568 ----a-w- c:\windows\system32\PC5H.dll
2012-04-25 16:36 . 2008-02-29 15:46 281112 ----a-w- c:\windows\system32\pci4.dll
2012-04-25 16:36 . 2008-02-29 15:46 21528 ----a-w- c:\windows\system32\usbioclib.dll
2012-04-25 16:36 . 2012-04-25 16:36 -------- d-----w- c:\programdata\Gamry Instruments
2012-04-25 16:36 . 2008-02-29 15:45 35864 ----a-w- c:\windows\system32\drivers\gamrypc5.sys
2012-04-25 16:36 . 2012-04-25 16:50 -------- d-----w- c:\program files\Gamry Instruments
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-19 09:17 . 2012-03-19 09:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-01 05:46 . 2012-04-12 10:34 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 10:34 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 10:34 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 10:34 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 05:38 . 2012-04-12 01:38 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52 . 2012-04-12 01:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-04-17 16:51 . 2011-04-17 16:52 4317184 ----a-w- c:\program files\Parallax USB Oscilloscope v5.1.1.msi
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\FrankJr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\FrankJr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\FrankJr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\FrankJr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\FrankJr\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-4 27087944]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-6-12 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FaSrv]
2009-07-14 01:15 128512 ----a-w- c:\windows\System32\FaSrv.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 257696]
R3 GAMRYPC5;Gamry Reference Family Driver (GamryPC5.sys);c:\windows\system32\Drivers\gamrypc5.sys [2008-02-29 35864]
R3 lwldr1a7;Lumenera USB Loader Driver (lwldr1a7.sys);c:\windows\system32\Drivers\lwldr1a7.sys [2010-04-29 49920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 USBLucam1a7;Lumenera Scientific Camera (1a7);c:\windows\system32\Drivers\lwcam1a7.sys [2010-04-29 628736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-13 1343400]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 65584]
S1 FD;FD;c:\windows\system32\Drivers\FD.SYS [2011-02-15 23552]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-17 176128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-26 26168]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 02:06]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3815976341-3190837427-709777098-1000Core.job
- c:\users\FrankJr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 00:01]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3815976341-3190837427-709777098-1000UA.job
- c:\users\FrankJr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 00:01]
.
.
------- Supplementary Scan -------
.
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
Trusted Zone: adobe.com\get
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Apple Computer - c:\users\FrankJr\AppData\Local\Autodesk\Apple Computer\nqxzltcp.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2140)
c:\users\FrankJr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-05-20 08:12:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-20 12:12
.
Pre-Run: 73,667,039,232 bytes free
Post-Run: 73,735,839,744 bytes free
.
- - End Of File - - 16C65BFEB06F9C90C0107D11C570729E

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 20 May 2012 - 12:30 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 faalexand

faalexand
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 20 May 2012 - 07:11 PM

No reboot necessary for TDSKiller
19:45:28.0540 5800 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
19:45:28.0899 5800 ============================================================
19:45:28.0899 5800 Current date / time: 2012/05/20 19:45:28.0899
19:45:28.0899 5800 SystemInfo:
19:45:28.0899 5800
19:45:28.0899 5800 OS Version: 6.1.7601 ServicePack: 1.0
19:45:28.0899 5800 Product type: Workstation
19:45:28.0899 5800 ComputerName: FRANKJR-PC
19:45:28.0899 5800 UserName: FrankJr
19:45:28.0899 5800 Windows directory: C:\Windows
19:45:28.0899 5800 System windows directory: C:\Windows
19:45:28.0899 5800 Processor architecture: Intel x86
19:45:28.0899 5800 Number of processors: 2
19:45:28.0899 5800 Page size: 0x1000
19:45:28.0899 5800 Boot type: Normal boot
19:45:28.0899 5800 ============================================================
19:45:30.0069 5800 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:45:30.0084 5800 Drive \Device\Harddisk1\DR1 - Size: 0x78000000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:45:30.0084 5800 ============================================================
19:45:30.0084 5800 \Device\Harddisk0\DR0:
19:45:30.0084 5800 MBR partitions:
19:45:30.0116 5800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0xEA54D3E, BlocksNum 0x169D8983
19:45:30.0116 5800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEA54CC0
19:45:30.0116 5800 \Device\Harddisk1\DR1:
19:45:30.0116 5800 MBR partitions:
19:45:30.0116 5800 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0xFF, BlocksNum 0x3BFF01
19:45:30.0116 5800 ============================================================
19:45:30.0162 5800 C: <-> \Device\Harddisk0\DR0\Partition1
19:45:30.0162 5800 D: <-> \Device\Harddisk0\DR0\Partition0
19:45:30.0162 5800 ============================================================
19:45:30.0162 5800 Initialize success
19:45:30.0162 5800 ============================================================
19:45:41.0457 3628 ============================================================
19:45:41.0457 3628 Scan started
19:45:41.0457 3628 Mode: Manual;
19:45:41.0457 3628 ============================================================
19:45:42.0939 3628 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:45:42.0955 3628 1394ohci - ok
19:45:42.0970 3628 Accelerometer (5c41679e1a2e0830069e45d288fa8499) C:\Windows\system32\DRIVERS\Accelerometer.sys
19:45:42.0970 3628 Accelerometer - ok
19:45:43.0017 3628 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:45:43.0017 3628 ACPI - ok
19:45:43.0048 3628 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:45:43.0048 3628 AcpiPmi - ok
19:45:43.0126 3628 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys
19:45:43.0142 3628 ADIHdAudAddService - ok
19:45:43.0251 3628 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:45:43.0251 3628 AdobeARMservice - ok
19:45:43.0313 3628 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:45:43.0329 3628 AdobeFlashPlayerUpdateSvc - ok
19:45:43.0391 3628 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:45:43.0407 3628 adp94xx - ok
19:45:43.0438 3628 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:45:43.0454 3628 adpahci - ok
19:45:43.0469 3628 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:45:43.0469 3628 adpu320 - ok
19:45:43.0516 3628 AEADIFilters (4dc6b0772d1698f04fc79053a21c8260) C:\Windows\system32\AEADISRV.EXE
19:45:43.0516 3628 AEADIFilters - ok
19:45:43.0532 3628 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
19:45:43.0532 3628 AeLookupSvc - ok
19:45:43.0594 3628 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:45:43.0610 3628 AFD - ok
19:45:43.0641 3628 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:45:43.0641 3628 agp440 - ok
19:45:43.0672 3628 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:45:43.0672 3628 aic78xx - ok
19:45:43.0703 3628 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
19:45:43.0703 3628 ALG - ok
19:45:43.0719 3628 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:45:43.0719 3628 aliide - ok
19:45:43.0766 3628 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
19:45:43.0766 3628 AMD External Events Utility - ok
19:45:43.0781 3628 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:45:43.0781 3628 amdagp - ok
19:45:43.0797 3628 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:45:43.0797 3628 amdide - ok
19:45:43.0813 3628 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:45:43.0813 3628 AmdK8 - ok
19:45:43.0813 3628 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:45:43.0828 3628 AmdPPM - ok
19:45:43.0859 3628 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
19:45:43.0859 3628 amdsata - ok
19:45:43.0875 3628 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:45:43.0891 3628 amdsbs - ok
19:45:43.0906 3628 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
19:45:43.0906 3628 amdxata - ok
19:45:43.0953 3628 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:45:43.0953 3628 AppID - ok
19:45:44.0000 3628 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
19:45:44.0000 3628 AppIDSvc - ok
19:45:44.0031 3628 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
19:45:44.0031 3628 Appinfo - ok
19:45:44.0062 3628 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
19:45:44.0062 3628 AppMgmt - ok
19:45:44.0078 3628 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:45:44.0093 3628 arc - ok
19:45:44.0109 3628 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:45:44.0109 3628 arcsas - ok
19:45:44.0140 3628 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:45:44.0140 3628 AsyncMac - ok
19:45:44.0171 3628 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:45:44.0171 3628 atapi - ok
19:45:44.0265 3628 athr (6a661d017c4e5cd313f6a55acf1d7465) C:\Windows\system32\DRIVERS\athr.sys
19:45:44.0296 3628 athr - ok
19:45:44.0561 3628 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
19:45:44.0655 3628 atikmdag - ok
19:45:44.0827 3628 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:45:44.0827 3628 AudioEndpointBuilder - ok
19:45:44.0827 3628 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:45:44.0827 3628 Audiosrv - ok
19:45:45.0185 3628 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
19:45:45.0295 3628 AVGIDSAgent - ok
19:45:45.0388 3628 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
19:45:45.0388 3628 AVGIDSDriver - ok
19:45:45.0404 3628 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
19:45:45.0404 3628 AVGIDSFilter - ok
19:45:45.0451 3628 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
19:45:45.0466 3628 AVGIDSHX - ok
19:45:45.0513 3628 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
19:45:45.0513 3628 AVGIDSShim - ok
19:45:45.0560 3628 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
19:45:45.0575 3628 Avgldx86 - ok
19:45:45.0591 3628 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
19:45:45.0591 3628 Avgmfx86 - ok
19:45:45.0622 3628 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
19:45:45.0622 3628 Avgrkx86 - ok
19:45:45.0653 3628 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
19:45:45.0669 3628 Avgtdix - ok
19:45:45.0778 3628 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:45:45.0778 3628 avgwd - ok
19:45:45.0825 3628 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
19:45:45.0825 3628 AxInstSV - ok
19:45:45.0887 3628 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:45:45.0903 3628 b06bdrv - ok
19:45:45.0950 3628 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:45:45.0965 3628 b57nd60x - ok
19:45:46.0168 3628 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
19:45:46.0184 3628 BDESVC - ok
19:45:46.0199 3628 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:45:46.0199 3628 Beep - ok
19:45:46.0262 3628 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
19:45:46.0277 3628 BFE - ok
19:45:46.0324 3628 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
19:45:46.0324 3628 BITS - ok
19:45:46.0355 3628 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:45:46.0355 3628 blbdrive - ok
19:45:46.0387 3628 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:45:46.0387 3628 bowser - ok
19:45:46.0387 3628 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:45:46.0387 3628 BrFiltLo - ok
19:45:46.0402 3628 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:45:46.0402 3628 BrFiltUp - ok
19:45:46.0449 3628 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
19:45:46.0449 3628 BridgeMP - ok
19:45:46.0480 3628 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
19:45:46.0480 3628 Browser - ok
19:45:46.0511 3628 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:45:46.0527 3628 Brserid - ok
19:45:46.0543 3628 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:45:46.0558 3628 BrSerWdm - ok
19:45:46.0574 3628 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:45:46.0574 3628 BrUsbMdm - ok
19:45:46.0589 3628 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:45:46.0589 3628 BrUsbSer - ok
19:45:46.0589 3628 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:45:46.0589 3628 BTHMODEM - ok
19:45:46.0636 3628 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
19:45:46.0636 3628 bthserv - ok
19:45:46.0745 3628 catchme - ok
19:45:46.0761 3628 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:45:46.0761 3628 cdfs - ok
19:45:46.0823 3628 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
19:45:46.0823 3628 cdrom - ok
19:45:46.0870 3628 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:45:46.0870 3628 CertPropSvc - ok
19:45:46.0886 3628 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:45:46.0886 3628 circlass - ok
19:45:46.0917 3628 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:45:46.0933 3628 CLFS - ok
19:45:47.0011 3628 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:45:47.0011 3628 clr_optimization_v2.0.50727_32 - ok
19:45:47.0026 3628 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:45:47.0026 3628 CmBatt - ok
19:45:47.0042 3628 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:45:47.0042 3628 cmdide - ok
19:45:47.0089 3628 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
19:45:47.0104 3628 CNG - ok
19:45:47.0120 3628 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:45:47.0135 3628 Compbatt - ok
19:45:47.0182 3628 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:45:47.0182 3628 CompositeBus - ok
19:45:47.0182 3628 COMSysApp - ok
19:45:47.0198 3628 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:45:47.0213 3628 crcdisk - ok
19:45:47.0260 3628 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
19:45:47.0260 3628 CryptSvc - ok
19:45:47.0307 3628 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
19:45:47.0323 3628 CSC - ok
19:45:47.0354 3628 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
19:45:47.0369 3628 CscService - ok
19:45:47.0416 3628 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
19:45:47.0416 3628 ctxusbm - ok
19:45:47.0447 3628 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:45:47.0447 3628 DcomLaunch - ok
19:45:47.0479 3628 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
19:45:47.0494 3628 defragsvc - ok
19:45:47.0525 3628 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:45:47.0525 3628 DfsC - ok
19:45:47.0572 3628 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
19:45:47.0572 3628 Dhcp - ok
19:45:47.0603 3628 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:45:47.0603 3628 discache - ok
19:45:47.0635 3628 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:45:47.0635 3628 Disk - ok
19:45:47.0666 3628 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
19:45:47.0666 3628 Dnscache - ok
19:45:47.0697 3628 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
19:45:47.0713 3628 dot3svc - ok
19:45:47.0744 3628 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
19:45:47.0759 3628 DPS - ok
19:45:47.0775 3628 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:45:47.0775 3628 drmkaud - ok
19:45:47.0822 3628 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
19:45:47.0837 3628 dsNcAdpt - ok
19:45:47.0931 3628 dsNcService (586855d6fd2bd978723b502306d6ec78) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
19:45:47.0978 3628 dsNcService - ok
19:45:48.0025 3628 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:45:48.0040 3628 DXGKrnl - ok
19:45:48.0087 3628 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
19:45:48.0087 3628 EapHost - ok
19:45:48.0243 3628 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:45:48.0305 3628 ebdrv - ok
19:45:48.0383 3628 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
19:45:48.0383 3628 EFS - ok
19:45:48.0461 3628 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
19:45:48.0477 3628 ehRecvr - ok
19:45:48.0508 3628 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
19:45:48.0508 3628 ehSched - ok
19:45:48.0649 3628 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:45:48.0664 3628 elxstor - ok
19:45:48.0695 3628 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:45:48.0695 3628 ErrDev - ok
19:45:48.0742 3628 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
19:45:48.0742 3628 EventSystem - ok
19:45:48.0789 3628 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:45:48.0789 3628 exfat - ok
19:45:48.0820 3628 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:45:48.0820 3628 fastfat - ok
19:45:48.0883 3628 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
19:45:48.0898 3628 Fax - ok
19:45:48.0961 3628 FD (2e0ab335349b16ebb1a97fc82869ceb1) C:\Windows\system32\Drivers\FD.SYS
19:45:48.0961 3628 FD - ok
19:45:48.0961 3628 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:45:48.0961 3628 fdc - ok
19:45:48.0976 3628 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
19:45:48.0976 3628 fdPHost - ok
19:45:49.0007 3628 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
19:45:49.0007 3628 FDResPub - ok
19:45:49.0023 3628 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:45:49.0023 3628 FileInfo - ok
19:45:49.0039 3628 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:45:49.0039 3628 Filetrace - ok
19:45:49.0163 3628 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:45:49.0179 3628 FLEXnet Licensing Service - ok
19:45:49.0195 3628 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:45:49.0195 3628 flpydisk - ok
19:45:49.0226 3628 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:45:49.0241 3628 FltMgr - ok
19:45:49.0319 3628 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
19:45:49.0319 3628 FontCache - ok
19:45:49.0413 3628 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:45:49.0413 3628 FontCache3.0.0.0 - ok
19:45:49.0429 3628 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:45:49.0429 3628 FsDepends - ok
19:45:49.0460 3628 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
19:45:49.0460 3628 Fs_Rec - ok
19:45:49.0507 3628 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\Windows\system32\drivers\ftdibus.sys
19:45:49.0507 3628 FTDIBUS - ok
19:45:49.0553 3628 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\Windows\system32\drivers\ftser2k.sys
19:45:49.0553 3628 FTSER2K - ok
19:45:49.0600 3628 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:45:49.0600 3628 fvevol - ok
19:45:49.0631 3628 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:45:49.0631 3628 gagp30kx - ok
19:45:49.0678 3628 GAMRYPC5 (3598e9e06af9accee44e4013d263e396) C:\Windows\system32\Drivers\gamrypc5.sys
19:45:49.0678 3628 GAMRYPC5 - ok
19:45:49.0725 3628 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
19:45:49.0725 3628 gpsvc - ok
19:45:49.0756 3628 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:45:49.0756 3628 hcw85cir - ok
19:45:49.0819 3628 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:45:49.0834 3628 HdAudAddService - ok
19:45:49.0865 3628 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:45:49.0881 3628 HDAudBus - ok
19:45:49.0897 3628 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:45:49.0897 3628 HidBatt - ok
19:45:49.0912 3628 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:45:49.0912 3628 HidBth - ok
19:45:49.0943 3628 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:45:49.0959 3628 HidIr - ok
19:45:49.0990 3628 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
19:45:49.0990 3628 hidserv - ok
19:45:50.0037 3628 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
19:45:50.0037 3628 HidUsb - ok
19:45:50.0068 3628 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
19:45:50.0068 3628 hkmsvc - ok
19:45:50.0115 3628 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
19:45:50.0115 3628 HomeGroupListener - ok
19:45:50.0162 3628 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
19:45:50.0162 3628 HomeGroupProvider - ok
19:45:50.0193 3628 hpdskflt (cc2148a432c351b9b0d289cde198b530) C:\Windows\system32\DRIVERS\hpdskflt.sys
19:45:50.0193 3628 hpdskflt - ok
19:45:50.0224 3628 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:45:50.0224 3628 HpSAMD - ok
19:45:50.0240 3628 hpsrv (b2994326b4b39e643ba52a86c60f8149) C:\Windows\system32\Hpservice.exe
19:45:50.0240 3628 hpsrv - ok
19:45:50.0287 3628 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:45:50.0302 3628 HTTP - ok
19:45:50.0333 3628 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:45:50.0333 3628 hwpolicy - ok
19:45:50.0349 3628 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:45:50.0365 3628 i8042prt - ok
19:45:50.0396 3628 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
19:45:50.0411 3628 iaStorV - ok
19:45:50.0521 3628 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:45:50.0567 3628 idsvc - ok
19:45:50.0599 3628 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:45:50.0599 3628 iirsp - ok
19:45:50.0661 3628 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
19:45:50.0677 3628 IKEEXT - ok
19:45:50.0692 3628 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:45:50.0692 3628 intelide - ok
19:45:50.0723 3628 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:45:50.0723 3628 intelppm - ok
19:45:50.0739 3628 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
19:45:50.0755 3628 IPBusEnum - ok
19:45:50.0770 3628 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:45:50.0770 3628 IpFilterDriver - ok
19:45:50.0801 3628 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
19:45:50.0817 3628 iphlpsvc - ok
19:45:50.0833 3628 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:45:50.0848 3628 IPMIDRV - ok
19:45:50.0848 3628 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:45:50.0864 3628 IPNAT - ok
19:45:50.0864 3628 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:45:50.0879 3628 IRENUM - ok
19:45:50.0911 3628 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:45:50.0911 3628 isapnp - ok
19:45:50.0942 3628 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:45:50.0957 3628 iScsiPrt - ok
19:45:50.0973 3628 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:45:50.0973 3628 kbdclass - ok
19:45:50.0989 3628 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:45:51.0004 3628 kbdhid - ok
19:45:51.0020 3628 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:45:51.0035 3628 KeyIso - ok
19:45:51.0051 3628 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
19:45:51.0051 3628 KSecDD - ok
19:45:51.0067 3628 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
19:45:51.0067 3628 KSecPkg - ok
19:45:51.0113 3628 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
19:45:51.0129 3628 KtmRm - ok
19:45:51.0332 3628 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
19:45:51.0347 3628 LanmanServer - ok
19:45:51.0379 3628 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
19:45:51.0379 3628 LanmanWorkstation - ok
19:45:51.0425 3628 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:45:51.0425 3628 lltdio - ok
19:45:51.0457 3628 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
19:45:51.0457 3628 lltdsvc - ok
19:45:51.0472 3628 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
19:45:51.0472 3628 lmhosts - ok
19:45:51.0488 3628 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:45:51.0503 3628 LSI_FC - ok
19:45:51.0519 3628 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:45:51.0519 3628 LSI_SAS - ok
19:45:51.0535 3628 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:45:51.0535 3628 LSI_SAS2 - ok
19:45:51.0550 3628 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:45:51.0566 3628 LSI_SCSI - ok
19:45:51.0581 3628 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:45:51.0581 3628 luafv - ok
19:45:51.0628 3628 lwldr1a7 (940c93467e661d577461c6d9af3ebf2a) C:\Windows\system32\Drivers\lwldr1a7.sys
19:45:51.0628 3628 lwldr1a7 - ok
19:45:51.0675 3628 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
19:45:51.0691 3628 mcdbus - ok
19:45:51.0722 3628 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
19:45:51.0722 3628 Mcx2Svc - ok
19:45:51.0737 3628 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:45:51.0737 3628 megasas - ok
19:45:51.0769 3628 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:45:51.0769 3628 MegaSR - ok
19:45:51.0800 3628 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:45:51.0800 3628 MMCSS - ok
19:45:51.0815 3628 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:45:51.0815 3628 Modem - ok
19:45:51.0831 3628 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:45:51.0831 3628 monitor - ok
19:45:51.0862 3628 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:45:51.0878 3628 mouclass - ok
19:45:51.0878 3628 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:45:51.0878 3628 mouhid - ok
19:45:51.0925 3628 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:45:51.0925 3628 mountmgr - ok
19:45:51.0956 3628 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:45:51.0971 3628 mpio - ok
19:45:51.0987 3628 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:45:51.0987 3628 mpsdrv - ok
19:45:52.0049 3628 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
19:45:52.0049 3628 MpsSvc - ok
19:45:52.0096 3628 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:45:52.0096 3628 MRxDAV - ok
19:45:52.0127 3628 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:45:52.0127 3628 mrxsmb - ok
19:45:52.0174 3628 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:45:52.0205 3628 mrxsmb10 - ok
19:45:52.0221 3628 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:45:52.0221 3628 mrxsmb20 - ok
19:45:52.0237 3628 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:45:52.0237 3628 msahci - ok
19:45:52.0252 3628 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:45:52.0268 3628 msdsm - ok
19:45:52.0299 3628 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
19:45:52.0299 3628 MSDTC - ok
19:45:52.0315 3628 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:45:52.0315 3628 Msfs - ok
19:45:52.0330 3628 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:45:52.0330 3628 mshidkmdf - ok
19:45:52.0346 3628 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:45:52.0346 3628 msisadrv - ok
19:45:52.0393 3628 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
19:45:52.0393 3628 MSiSCSI - ok
19:45:52.0393 3628 msiserver - ok
19:45:52.0424 3628 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:45:52.0424 3628 MSKSSRV - ok
19:45:52.0439 3628 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:45:52.0439 3628 MSPCLOCK - ok
19:45:52.0455 3628 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:45:52.0455 3628 MSPQM - ok
19:45:52.0486 3628 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:45:52.0486 3628 MsRPC - ok
19:45:52.0502 3628 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:45:52.0502 3628 mssmbios - ok
19:45:52.0517 3628 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:45:52.0533 3628 MSTEE - ok
19:45:52.0533 3628 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:45:52.0533 3628 MTConfig - ok
19:45:52.0549 3628 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:45:52.0549 3628 Mup - ok
19:45:52.0611 3628 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
19:45:52.0627 3628 napagent - ok
19:45:52.0658 3628 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:45:52.0673 3628 NativeWifiP - ok
19:45:52.0720 3628 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:45:52.0736 3628 NDIS - ok
19:45:52.0751 3628 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:45:52.0751 3628 NdisCap - ok
19:45:52.0783 3628 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:45:52.0783 3628 NdisTapi - ok
19:45:52.0814 3628 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:45:52.0814 3628 Ndisuio - ok
19:45:52.0845 3628 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:45:52.0861 3628 NdisWan - ok
19:45:52.0861 3628 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:45:52.0876 3628 NDProxy - ok
19:45:52.0892 3628 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:45:52.0892 3628 NetBIOS - ok
19:45:52.0939 3628 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:45:52.0954 3628 NetBT - ok
19:45:52.0985 3628 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:45:52.0985 3628 Netlogon - ok
19:45:53.0032 3628 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
19:45:53.0032 3628 Netman - ok
19:45:53.0063 3628 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
19:45:53.0063 3628 netprofm - ok
19:45:53.0157 3628 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:45:53.0157 3628 NetTcpPortSharing - ok
19:45:53.0188 3628 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:45:53.0188 3628 nfrd960 - ok
19:45:53.0235 3628 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
19:45:53.0235 3628 NlaSvc - ok
19:45:53.0251 3628 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:45:53.0251 3628 Npfs - ok
19:45:53.0251 3628 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
19:45:53.0266 3628 nsi - ok
19:45:53.0266 3628 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:45:53.0282 3628 nsiproxy - ok
19:45:53.0360 3628 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
19:45:53.0375 3628 Ntfs - ok
19:45:53.0391 3628 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:45:53.0391 3628 Null - ok
19:45:53.0438 3628 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
19:45:53.0438 3628 nvraid - ok
19:45:53.0453 3628 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
19:45:53.0469 3628 nvstor - ok
19:45:53.0485 3628 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:45:53.0485 3628 nv_agp - ok
19:45:53.0578 3628 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:45:53.0594 3628 odserv - ok
19:45:53.0609 3628 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:45:53.0609 3628 ohci1394 - ok
19:45:53.0656 3628 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:45:53.0687 3628 ose - ok
19:45:53.0734 3628 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:45:53.0734 3628 p2pimsvc - ok
19:45:53.0781 3628 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
19:45:53.0781 3628 p2psvc - ok
19:45:53.0812 3628 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:45:53.0812 3628 Parport - ok
19:45:53.0843 3628 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
19:45:53.0843 3628 partmgr - ok
19:45:53.0859 3628 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:45:53.0859 3628 Parvdm - ok
19:45:53.0875 3628 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
19:45:53.0875 3628 PcaSvc - ok
19:45:53.0906 3628 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:45:53.0921 3628 pci - ok
19:45:53.0937 3628 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:45:53.0937 3628 pciide - ok
19:45:53.0953 3628 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:45:53.0968 3628 pcmcia - ok
19:45:53.0984 3628 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:45:53.0984 3628 pcw - ok
19:45:54.0015 3628 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:45:54.0031 3628 PEAUTH - ok
19:45:54.0109 3628 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
19:45:54.0124 3628 PeerDistSvc - ok
19:45:54.0249 3628 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
19:45:54.0280 3628 pla - ok
19:45:54.0467 3628 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
19:45:54.0483 3628 PlugPlay - ok
19:45:54.0499 3628 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
19:45:54.0499 3628 PNRPAutoReg - ok
19:45:54.0530 3628 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:45:54.0530 3628 PNRPsvc - ok
19:45:54.0561 3628 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
19:45:54.0577 3628 PolicyAgent - ok
19:45:54.0592 3628 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
19:45:54.0592 3628 Power - ok
19:45:54.0639 3628 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:45:54.0655 3628 PptpMiniport - ok
19:45:54.0670 3628 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:45:54.0670 3628 Processor - ok
19:45:54.0686 3628 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
19:45:54.0686 3628 ProfSvc - ok
19:45:54.0733 3628 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:45:54.0733 3628 ProtectedStorage - ok
19:45:54.0764 3628 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:45:54.0764 3628 Psched - ok
19:45:54.0842 3628 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:45:54.0889 3628 ql2300 - ok
19:45:54.0982 3628 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:45:54.0982 3628 ql40xx - ok
19:45:55.0029 3628 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
19:45:55.0029 3628 QWAVE - ok
19:45:55.0045 3628 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:45:55.0060 3628 QWAVEdrv - ok
19:45:55.0060 3628 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:45:55.0060 3628 RasAcd - ok
19:45:55.0107 3628 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:45:55.0107 3628 RasAgileVpn - ok
19:45:55.0123 3628 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
19:45:55.0123 3628 RasAuto - ok
19:45:55.0138 3628 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:45:55.0138 3628 Rasl2tp - ok
19:45:55.0185 3628 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
19:45:55.0201 3628 RasMan - ok
19:45:55.0216 3628 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:45:55.0216 3628 RasPppoe - ok
19:45:55.0232 3628 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:45:55.0232 3628 RasSstp - ok
19:45:55.0263 3628 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:45:55.0279 3628 rdbss - ok
19:45:55.0279 3628 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:45:55.0279 3628 rdpbus - ok
19:45:55.0325 3628 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:45:55.0325 3628 RDPCDD - ok
19:45:55.0341 3628 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
19:45:55.0341 3628 RDPDR - ok
19:45:55.0357 3628 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:45:55.0372 3628 RDPENCDD - ok
19:45:55.0372 3628 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:45:55.0372 3628 RDPREFMP - ok
19:45:55.0419 3628 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
19:45:55.0435 3628 RDPWD - ok
19:45:55.0481 3628 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:45:55.0481 3628 rdyboost - ok
19:45:55.0513 3628 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
19:45:55.0513 3628 RemoteAccess - ok
19:45:55.0544 3628 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
19:45:55.0544 3628 RemoteRegistry - ok
19:45:55.0591 3628 ROCKEYNT (f7b9d92bfeab3209070a43157bcbe765) C:\Windows\system32\DRIVERS\Rockey4.sys
19:45:55.0591 3628 ROCKEYNT - ok
19:45:55.0606 3628 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
19:45:55.0622 3628 RpcEptMapper - ok
19:45:55.0637 3628 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
19:45:55.0637 3628 RpcLocator - ok
19:45:55.0700 3628 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:45:55.0700 3628 RpcSs - ok
19:45:55.0747 3628 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:45:55.0747 3628 rspndr - ok
19:45:55.0778 3628 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
19:45:55.0778 3628 s3cap - ok
19:45:55.0809 3628 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:45:55.0809 3628 SamSs - ok
19:45:55.0856 3628 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:45:55.0856 3628 sbp2port - ok
19:45:55.0871 3628 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
19:45:55.0887 3628 SCardSvr - ok
19:45:55.0918 3628 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:45:55.0918 3628 scfilter - ok
19:45:55.0965 3628 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
19:45:55.0981 3628 Schedule - ok
19:45:56.0027 3628 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:45:56.0027 3628 SCPolicySvc - ok
19:45:56.0059 3628 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
19:45:56.0074 3628 SDRSVC - ok
19:45:56.0090 3628 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:45:56.0090 3628 secdrv - ok
19:45:56.0105 3628 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
19:45:56.0105 3628 seclogon - ok
19:45:56.0121 3628 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
19:45:56.0121 3628 SENS - ok
19:45:56.0152 3628 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
19:45:56.0152 3628 SensrSvc - ok
19:45:56.0168 3628 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:45:56.0168 3628 Serenum - ok
19:45:56.0183 3628 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:45:56.0183 3628 Serial - ok
19:45:56.0215 3628 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:45:56.0215 3628 sermouse - ok
19:45:56.0246 3628 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
19:45:56.0246 3628 SessionEnv - ok
19:45:56.0277 3628 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:45:56.0277 3628 sffdisk - ok
19:45:56.0277 3628 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:45:56.0277 3628 sffp_mmc - ok
19:45:56.0293 3628 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:45:56.0308 3628 sffp_sd - ok
19:45:56.0308 3628 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:45:56.0324 3628 sfloppy - ok
19:45:56.0558 3628 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
19:45:56.0573 3628 SharedAccess - ok
19:45:56.0620 3628 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
19:45:56.0620 3628 ShellHWDetection - ok
19:45:56.0651 3628 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:45:56.0651 3628 sisagp - ok
19:45:56.0667 3628 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:45:56.0683 3628 SiSRaid2 - ok
19:45:56.0698 3628 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:45:56.0698 3628 SiSRaid4 - ok
19:45:56.0729 3628 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:45:56.0745 3628 Smb - ok
19:45:56.0776 3628 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
19:45:56.0776 3628 SNMPTRAP - ok
19:45:56.0792 3628 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:45:56.0792 3628 spldr - ok
19:45:56.0823 3628 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
19:45:56.0839 3628 Spooler - ok
19:45:57.0010 3628 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
19:45:57.0073 3628 sppsvc - ok
19:45:57.0182 3628 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
19:45:57.0182 3628 sppuinotify - ok
19:45:57.0244 3628 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:45:57.0260 3628 srv - ok
19:45:57.0291 3628 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:45:57.0307 3628 srv2 - ok
19:45:57.0322 3628 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:45:57.0322 3628 srvnet - ok
19:45:57.0369 3628 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
19:45:57.0369 3628 sscdbus - ok
19:45:57.0400 3628 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
19:45:57.0416 3628 sscdmdfl - ok
19:45:57.0447 3628 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
19:45:57.0447 3628 sscdmdm - ok
19:45:57.0478 3628 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
19:45:57.0478 3628 sscdserd - ok
19:45:57.0509 3628 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
19:45:57.0509 3628 SSDPSRV - ok
19:45:57.0525 3628 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
19:45:57.0525 3628 SstpSvc - ok
19:45:57.0556 3628 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:45:57.0556 3628 stexstor - ok
19:45:57.0619 3628 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
19:45:57.0619 3628 StiSvc - ok
19:45:57.0650 3628 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
19:45:57.0650 3628 storflt - ok
19:45:57.0665 3628 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
19:45:57.0665 3628 StorSvc - ok
19:45:57.0681 3628 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
19:45:57.0681 3628 storvsc - ok
19:45:57.0697 3628 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:45:57.0697 3628 swenum - ok
19:45:57.0728 3628 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
19:45:57.0743 3628 swprv - ok
19:45:57.0806 3628 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
19:45:57.0821 3628 SynTP - ok
19:45:57.0915 3628 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
19:45:57.0931 3628 SysMain - ok
19:45:57.0977 3628 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
19:45:57.0993 3628 TabletInputService - ok
19:45:58.0040 3628 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
19:45:58.0040 3628 TapiSrv - ok
19:45:58.0055 3628 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
19:45:58.0055 3628 TBS - ok
19:45:58.0180 3628 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
19:45:58.0196 3628 Tcpip - ok
19:45:58.0227 3628 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
19:45:58.0227 3628 TCPIP6 - ok
19:45:58.0258 3628 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:45:58.0258 3628 tcpipreg - ok
19:45:58.0305 3628 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:45:58.0305 3628 TDPIPE - ok
19:45:58.0336 3628 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
19:45:58.0336 3628 TDTCP - ok
19:45:58.0367 3628 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:45:58.0367 3628 tdx - ok
19:45:58.0399 3628 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:45:58.0399 3628 TermDD - ok
19:45:58.0461 3628 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
19:45:58.0477 3628 TermService - ok
19:45:58.0492 3628 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
19:45:58.0492 3628 Themes - ok
19:45:58.0523 3628 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:45:58.0523 3628 THREADORDER - ok
19:45:58.0539 3628 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
19:45:58.0555 3628 TrkWks - ok
19:45:58.0617 3628 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
19:45:58.0617 3628 TrustedInstaller - ok
19:45:58.0633 3628 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:45:58.0633 3628 tssecsrv - ok
19:45:58.0679 3628 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:45:58.0679 3628 TsUsbFlt - ok
19:45:58.0742 3628 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:45:58.0742 3628 tunnel - ok
19:45:58.0773 3628 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:45:58.0773 3628 uagp35 - ok
19:45:58.0804 3628 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:45:58.0820 3628 udfs - ok
19:45:58.0851 3628 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
19:45:58.0851 3628 UI0Detect - ok
19:45:58.0898 3628 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:45:58.0898 3628 uliagpkx - ok
19:45:58.0945 3628 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:45:58.0945 3628 umbus - ok
19:45:58.0960 3628 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:45:58.0960 3628 UmPass - ok
19:45:58.0991 3628 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
19:45:58.0991 3628 UmRdpService - ok
19:45:59.0023 3628 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
19:45:59.0023 3628 upnphost - ok
19:45:59.0069 3628 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
19:45:59.0069 3628 usbccgp - ok
19:45:59.0101 3628 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:45:59.0101 3628 usbcir - ok
19:45:59.0116 3628 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
19:45:59.0116 3628 usbehci - ok
19:45:59.0147 3628 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
19:45:59.0163 3628 usbhub - ok
19:45:59.0241 3628 USBLucam1a7 (917589368cb98c308d9bde107cdf15a9) C:\Windows\system32\Drivers\lwcam1a7.sys
19:45:59.0272 3628 USBLucam1a7 - ok
19:45:59.0288 3628 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
19:45:59.0303 3628 usbohci - ok
19:45:59.0319 3628 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:45:59.0319 3628 usbprint - ok
19:45:59.0335 3628 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:45:59.0335 3628 USBSTOR - ok
19:45:59.0350 3628 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
19:45:59.0366 3628 usbuhci - ok
19:45:59.0381 3628 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
19:45:59.0397 3628 usbvideo - ok
19:45:59.0413 3628 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
19:45:59.0413 3628 UxSms - ok
19:45:59.0444 3628 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:45:59.0444 3628 VaultSvc - ok
19:45:59.0475 3628 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:45:59.0475 3628 vdrvroot - ok
19:45:59.0537 3628 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
19:45:59.0553 3628 vds - ok
19:45:59.0569 3628 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:45:59.0569 3628 vga - ok
19:45:59.0584 3628 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:45:59.0584 3628 VgaSave - ok
19:45:59.0615 3628 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:45:59.0615 3628 vhdmp - ok
19:45:59.0647 3628 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:45:59.0647 3628 viaagp - ok
19:45:59.0678 3628 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:45:59.0678 3628 ViaC7 - ok
19:45:59.0693 3628 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:45:59.0693 3628 viaide - ok
19:45:59.0709 3628 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
19:45:59.0725 3628 vmbus - ok
19:45:59.0740 3628 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
19:45:59.0740 3628 VMBusHID - ok
19:45:59.0756 3628 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:45:59.0771 3628 volmgr - ok
19:45:59.0787 3628 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:45:59.0803 3628 volmgrx - ok
19:45:59.0834 3628 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:45:59.0849 3628 volsnap - ok
19:45:59.0881 3628 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:45:59.0881 3628 vsmraid - ok
19:45:59.0959 3628 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
19:45:59.0974 3628 VSS - ok
19:45:59.0990 3628 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
19:45:59.0990 3628 vwifibus - ok
19:46:00.0005 3628 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:46:00.0021 3628 vwififlt - ok
19:46:00.0037 3628 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
19:46:00.0037 3628 vwifimp - ok
19:46:00.0083 3628 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
19:46:00.0083 3628 W32Time - ok
19:46:00.0115 3628 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:46:00.0115 3628 WacomPen - ok
19:46:00.0161 3628 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:46:00.0161 3628 WANARP - ok
19:46:00.0161 3628 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:46:00.0161 3628 Wanarpv6 - ok
19:46:00.0271 3628 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
19:46:00.0302 3628 WatAdminSvc - ok
19:46:00.0380 3628 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
19:46:00.0427 3628 wbengine - ok
19:46:00.0442 3628 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
19:46:00.0458 3628 WbioSrvc - ok
19:46:00.0505 3628 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
19:46:00.0520 3628 wcncsvc - ok
19:46:00.0536 3628 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
19:46:00.0536 3628 WcsPlugInService - ok
19:46:00.0583 3628 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:46:00.0583 3628 Wd - ok
19:46:00.0629 3628 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:46:00.0645 3628 Wdf01000 - ok
19:46:00.0661 3628 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:46:00.0661 3628 WdiServiceHost - ok
19:46:00.0661 3628 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:46:00.0661 3628 WdiSystemHost - ok
19:46:00.0692 3628 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
19:46:00.0707 3628 WebClient - ok
19:46:00.0723 3628 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
19:46:00.0739 3628 Wecsvc - ok
19:46:00.0754 3628 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
19:46:00.0754 3628 wercplsupport - ok
19:46:00.0785 3628 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
19:46:00.0785 3628 WerSvc - ok
19:46:00.0817 3628 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:46:00.0817 3628 WfpLwf - ok
19:46:00.0832 3628 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:46:00.0832 3628 WIMMount - ok
19:46:00.0926 3628 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
19:46:00.0957 3628 WinDefend - ok
19:46:00.0957 3628 WinHttpAutoProxySvc - ok
19:46:01.0019 3628 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
19:46:01.0019 3628 Winmgmt - ok
19:46:01.0097 3628 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
19:46:01.0129 3628 WinRM - ok
19:46:01.0222 3628 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
19:46:01.0238 3628 WinUsb - ok
19:46:01.0285 3628 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
19:46:01.0300 3628 Wlansvc - ok
19:46:01.0331 3628 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:46:01.0331 3628 WmiAcpi - ok
19:46:01.0363 3628 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
19:46:01.0363 3628 wmiApSrv - ok
19:46:01.0472 3628 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:46:01.0472 3628 WMPNetworkSvc - ok
19:46:01.0503 3628 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
19:46:01.0503 3628 WPCSvc - ok
19:46:01.0643 3628 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
19:46:01.0643 3628 WPDBusEnum - ok
19:46:01.0706 3628 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:46:01.0706 3628 ws2ifsl - ok
19:46:01.0721 3628 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
19:46:01.0721 3628 wscsvc - ok
19:46:01.0721 3628 WSearch - ok
19:46:01.0877 3628 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
19:46:01.0940 3628 wuauserv - ok
19:46:02.0065 3628 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:46:02.0065 3628 WudfPf - ok
19:46:02.0096 3628 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:46:02.0111 3628 WUDFRd - ok
19:46:02.0143 3628 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
19:46:02.0143 3628 wudfsvc - ok
19:46:02.0158 3628 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
19:46:02.0174 3628 WwanSvc - ok
19:46:02.0236 3628 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
19:46:02.0252 3628 yukonw7 - ok
19:46:02.0299 3628 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:46:02.0533 3628 \Device\Harddisk0\DR0 - ok
19:46:02.0548 3628 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
19:46:02.0548 3628 \Device\Harddisk1\DR1 - ok
19:46:02.0564 3628 Boot (0x1200) (07d5261b260d9087c6aebbcc112692c1) \Device\Harddisk0\DR0\Partition0
19:46:02.0564 3628 \Device\Harddisk0\DR0\Partition0 - ok
19:46:02.0579 3628 Boot (0x1200) (645423aaf8abc16d0012a267e3fccf25) \Device\Harddisk0\DR0\Partition1
19:46:02.0579 3628 \Device\Harddisk0\DR0\Partition1 - ok
19:46:02.0579 3628 Boot (0x1200) (92abf23c581ce98e9f472e20c0e48738) \Device\Harddisk1\DR1\Partition0
19:46:02.0579 3628 \Device\Harddisk1\DR1\Partition0 - ok
19:46:02.0579 3628 ============================================================
19:46:02.0579 3628 Scan finished
19:46:02.0579 3628 ============================================================
19:46:02.0595 4748 Detected object count: 0
19:46:02.0595 4748 Actual detected object count: 0

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-20 19:47:34
-----------------------------
19:47:34.132 OS Version: Windows 6.1.7601 Service Pack 1
19:47:34.132 Number of processors: 2 586 0x170A
19:47:34.132 ComputerName: FRANKJR-PC UserName: FrankJr
19:47:37.221 Initialize success
19:50:19.066 AVAST engine defs: 12052001
19:56:41.002 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:56:41.002 Disk 0 Vendor: ST9320423AS 0006HPM1 Size: 305245MB BusType: 11
19:56:41.017 Disk 0 MBR read successfully
19:56:41.017 Disk 0 MBR scan
19:56:41.033 Disk 0 Windows 7 default MBR code
19:56:41.033 Disk 0 Partition - 00 0F Extended LBA 185265 MB offset 245714175
19:56:41.033 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 119977 MB offset 63
19:56:41.064 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 185265 MB offset 245714238
19:56:41.064 Disk 0 scanning sectors +625137345
19:56:41.142 Disk 0 scanning C:\Windows\system32\drivers
19:56:52.530 Service scanning
19:57:11.734 Modules scanning
19:57:16.960 Disk 0 trace - called modules:
19:57:16.991 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
19:57:16.991 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cdc608]
19:57:16.991 3 CLASSPNP.SYS[88e0459e] -> nt!IofCallDriver -> [0x85cdb208]
19:57:17.007 5 hpdskflt.sys[88fcd090] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85bf7030]
19:57:17.646 AVAST engine scan C:\Windows
19:57:20.470 AVAST engine scan C:\Windows\system32
19:59:45.378 AVAST engine scan C:\Windows\system32\drivers
20:00:01.010 AVAST engine scan C:\Users\FrankJr
20:09:41.799 Disk 0 MBR has been saved successfully to "C:\Users\FrankJr\Desktop\MBR.dat"
20:09:41.830 The log file has been saved successfully to "C:\Users\FrankJr\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 20 May 2012 - 09:29 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\System32\FaSrv.DLL

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

[b]"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 faalexand

faalexand
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 20 May 2012 - 10:04 PM

When I ran combofix this time I had avg disabled and shutoff but combofix still sensed it. I ran combofix anyway. I haven't had any issues with any redirecting since running tdsskiller.

ComboFix 12-05-20.09 - FrankJr 05/20/2012 22:51:22.5.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2042.1275 [GMT -4:00]
Running from: c:\users\FrankJr\Desktop\ComboFix.exe
Command switches used :: c:\users\FrankJr\Desktop\cfscript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\FaSrv.DLL"
.
.
((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))
.
.
2012-05-21 02:58 . 2012-05-21 02:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-21 02:58 . 2012-05-21 02:58 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-20 12:06 . 2012-05-21 02:58 -------- d-----w- c:\users\FrankJr\AppData\Local\temp
2012-05-19 18:06 . 2012-05-19 18:06 -------- d-----w- c:\program files\CCleaner
2012-05-09 14:21 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 14:21 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 14:21 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 14:21 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 14:21 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 14:21 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 14:21 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 14:21 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 14:21 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 14:21 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-08 01:45 . 2012-05-08 02:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 01:45 . 2012-05-08 02:06 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 17:19 . 2012-05-05 17:25 3993600 ----a-w- c:\program files\GUT8345.tmp
2012-05-05 17:19 . 2012-05-05 17:19 -------- d-----w- c:\program files\GUM8344.tmp
2012-05-05 12:37 . 2012-05-05 12:37 -------- d-----w- c:\users\FrankJr\AppData\Roaming\Malwarebytes
2012-05-05 12:34 . 2012-05-05 12:34 -------- d-----w- c:\programdata\Malwarebytes
2012-05-05 12:34 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-05 12:34 . 2012-05-05 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-25 16:36 . 2008-02-29 15:46 46104 ----a-w- c:\windows\system32\GamryCI.dll
2012-04-25 16:36 . 2008-02-29 15:46 428568 ----a-w- c:\windows\system32\PC5H.dll
2012-04-25 16:36 . 2008-02-29 15:46 281112 ----a-w- c:\windows\system32\pci4.dll
2012-04-25 16:36 . 2008-02-29 15:46 21528 ----a-w- c:\windows\system32\usbioclib.dll
2012-04-25 16:36 . 2012-04-25 16:36 -------- d-----w- c:\programdata\Gamry Instruments
2012-04-25 16:36 . 2008-02-29 15:45 35864 ----a-w- c:\windows\system32\drivers\gamrypc5.sys
2012-04-25 16:36 . 2012-04-25 16:50 -------- d-----w- c:\program files\Gamry Instruments
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-19 09:17 . 2012-03-19 09:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-01 05:46 . 2012-04-12 10:34 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 10:34 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 10:34 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 10:34 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 05:38 . 2012-04-12 01:38 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52 . 2012-04-12 01:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-04-17 16:51 . 2011-04-17 16:52 4317184 ----a-w- c:\program files\Parallax USB Oscilloscope v5.1.1.msi
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\FrankJr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\FrankJr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\FrankJr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\FrankJr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\FrankJr\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-4 27087944]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-6-12 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FaSrv]
2009-07-14 01:15 128512 ----a-w- c:\windows\System32\FaSrv.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 257696]
R3 GAMRYPC5;Gamry Reference Family Driver (GamryPC5.sys);c:\windows\system32\Drivers\gamrypc5.sys [2008-02-29 35864]
R3 lwldr1a7;Lumenera USB Loader Driver (lwldr1a7.sys);c:\windows\system32\Drivers\lwldr1a7.sys [2010-04-29 49920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 USBLucam1a7;Lumenera Scientific Camera (1a7);c:\windows\system32\Drivers\lwcam1a7.sys [2010-04-29 628736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-13 1343400]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 65584]
S1 FD;FD;c:\windows\system32\Drivers\FD.SYS [2011-02-15 23552]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-17 176128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-26 26168]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 02:06]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3815976341-3190837427-709777098-1000Core.job
- c:\users\FrankJr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 00:01]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3815976341-3190837427-709777098-1000UA.job
- c:\users\FrankJr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 00:01]
.
.
------- Supplementary Scan -------
.
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
Trusted Zone: adobe.com\get
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1180)
c:\users\FrankJr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-05-20 23:00:28
ComboFix-quarantined-files.txt 2012-05-21 03:00
ComboFix2.txt 2012-05-20 12:12
.
Pre-Run: 73,320,583,168 bytes free
Post-Run: 73,347,342,336 bytes free
.
- - End Of File - - 02094C04BF42B348354D7779CF213ACA

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 20 May 2012 - 10:32 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 faalexand

faalexand
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 20 May 2012 - 10:55 PM

Here's the MBAM log. It picked up nothing.
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.20.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
FrankJr :: FRANKJR-PC [administrator]

5/20/2012 11:43:11 PM
mbam-log-2012-05-20 (23-43-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204375
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HighJackThis logfile.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:54:26 PM, on 5/20/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Dropbox.lnk = FrankJr\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://get.adobe.com
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://vpn.usf.edu/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O20 - Winlogon Notify: FaSrv - FaSrv.DLL (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe

--
No more redirects for a while now.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 20 May 2012 - 11:14 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
      O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - Startup: Dropbox.lnk = FrankJr\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 faalexand

faalexand
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 21 May 2012 - 10:24 AM

Search found no threats.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 21 May 2012 - 03:09 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 faalexand

faalexand
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 21 May 2012 - 03:32 PM

Post read. Thanks for the help!!! :thumbup2:

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 21 May 2012 - 10:54 PM

you are more than welcome and Glad I was able to help


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 24 May 2012 - 05:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users