Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirects because of spam ads


  • This topic is locked This topic is locked
20 replies to this topic

#1 intronic

intronic

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 23 May 2012 - 01:46 AM

This computer has been infected with a Trojan before which was solved by using TDSS Killer (the log back from when it was infected said it was (Rootkit.Boot.Pihar.B). That solved all the fatal problems, but the problem I could not solve was how to get rid of ads that appear on the lower right corner of the browser in a separate frame. This occurs in both browsers that I have on this computer (Chrome and Firefox). Also, when the ad appears, the tab gets redirected to another website when I click on a link. I suspected that it was a Java security exploit as I had older versions of Java installed previously, so I uninstalled all Java versions and cleared all temporary internet files using CCleaner but to no avail. I have also checked the DNS of the router, which seems normal. Attached are the DDS logs. Thanks in advance.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Sidney at 23:36:30 on 2012-05-22
Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.3070.1622 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Sidney\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
mRun: [EnvyHFCPL] C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
StartupFolder: C:\Users\Sidney\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sidney\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Sidney\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
StartupFolder: C:\Users\Sidney\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\uTorrent.lnk - C:\Program Files (x86)\uTorrent\uTorrent.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{99B91E73-6C02-4020-A0F1-D10034CE102A} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun-x64: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
mRun-x64: [EnvyHFCPL] C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 216.240.133.193 www.google-analytics.com.
Hosts: 216.240.133.193 ad-emea.doubleclick.net.
Hosts: 216.240.133.193 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sidney\AppData\Roaming\Mozilla\Firefox\Profiles\h8hug43i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-16 2218600]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\Windows\system32\drivers\Envy24HF.sys --> C:\Windows\system32\drivers\Envy24HF.sys [?]
R3 L6TPortA;Service - Line 6 TonePort UX1;C:\Windows\system32\Drivers\L6TPortA64.sys --> C:\Windows\system32\Drivers\L6TPortA64.sys [?]
R3 VKbms;Razer Gaming Device;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google 更新服務 (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 257696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
2012-05-23 02:59:17 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BC9B6276-B11A-4155-9012-77710109F2E7}\mpengine.dll
2012-05-23 02:59:01 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2012-05-18 18:26:38 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-11 16:29:52 -------- d-----w- C:\Users\Sidney\AppData\Local\{FC5E62C4-C567-4B5D-AC74-9BD2EEFEB706}
2012-05-11 16:29:32 -------- d-----w- C:\Users\Sidney\AppData\Local\{1BC892E1-2D6D-4C35-8586-71389CDE19A9}
2012-05-11 16:26:09 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c6100de01cd2f9201\MeshBetaRemover.exe
2012-05-11 16:22:39 -------- d-----w- C:\Users\Sidney\AppData\Local\{1AB129B6-D8CF-477F-B037-8C9EDCEB46CB}
2012-05-09 06:56:45 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 06:56:40 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 06:56:40 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 06:56:40 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 06:56:39 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 06:56:38 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 06:56:36 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 06:56:34 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-09 06:56:34 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 06:56:33 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-09 06:56:31 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-09 06:56:31 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-09 06:55:43 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-01 07:53:17 -------- d-s---w- C:\Users\Sidney\Google Drive
2012-04-25 14:37:51 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-25 06:59:08 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-25 06:59:07 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 06:59:07 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-25 03:08:33 -------- d-----w- C:\Program Files\Microsoft Xbox 360 Accessories
.
==================== Find3M ====================
.
2012-05-06 06:51:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 06:51:22 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 17:31:10 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
.
============= FINISH: 23:37:40.97 ===============

Forgot to hit attach on the Attach.txt..

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:34 PM

Posted 23 May 2012 - 06:01 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 intronic

intronic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 23 May 2012 - 11:20 AM

Hi Gringo, thanks for your help. Here are the logs you requested:
Results of screen317's Security Check version 0.99.34
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400
Mozilla Firefox (12.0)
Mozilla Thunderbird (12.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````

And for Combofix
ComboFix 12-05-23.03 - Sidney 3/2012 Wed 8:59.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.3070.1593 [GMT -7:00]
執行位置: e:\my documents\My Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sidney\AppData\Local\Temp\_MEI30402\_ctypes.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\_elementtree.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\_hashlib.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\_socket.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\_ssl.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\pyexpat.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\pysqlite2._sqlite.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\python26.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30402\pythoncom26.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30402\PyWinTypes26.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30402\select.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\win32api.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\win32com.shell.shell.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\win32crypt.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\win32event.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\win32file.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\win32gui.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\win32inet.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\win32process.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\wx._controls_.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\wx._core_.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\wx._gdi_.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\wx._html2.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\wx._misc_.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\wx._windows_.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\wx._wizard.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30402\wxbase293u_net_vc.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30402\wxbase293u_vc.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30402\wxmsw293u_adv_vc.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30402\wxmsw293u_core_vc.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30402\wxmsw293u_html_vc.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30402\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( 2012-04-23 至 2012-05-23 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2012-05-23 16:06 . 2012-05-23 16:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-23 16:06 . 2012-05-23 16:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-23 16:06 . 2012-05-23 16:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-23 02:59 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC9B6276-B11A-4155-9012-77710109F2E7}\mpengine.dll
2012-05-23 02:59 . 2012-05-23 02:59 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-05-18 18:26 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-11 16:26 . 2012-05-11 16:26 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c6100de01cd2f9201\MeshBetaRemover.exe
2012-05-09 16:28 . 2012-05-09 16:28 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-09 16:28 . 2012-05-09 16:28 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-09 06:56 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 06:56 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 06:56 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 06:56 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 06:56 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 06:56 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 06:56 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 06:56 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 06:56 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 06:56 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 06:56 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 06:56 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 06:55 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-06 06:50 . 2012-05-06 06:50 -------- d-----w- c:\program files\Windows Sidebar
2012-05-04 06:31 . 2012-05-04 06:31 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-05-01 07:53 . 2012-05-23 16:07 -------- d-s---w- c:\users\Sidney\Google Drive
2012-04-25 14:37 . 2012-04-25 14:37 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-25 06:59 . 2012-04-25 06:59 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 06:59 . 2012-04-25 06:59 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 06:59 . 2012-04-25 06:59 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-25 03:08 . 2012-04-25 03:08 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 06:51 . 2012-03-29 05:36 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 06:51 . 2011-05-31 07:24 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 17:31 . 2012-04-13 21:31 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 22:56 . 2011-07-28 02:01 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-21 03:44 . 2011-04-27 23:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2011-04-18 21:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 06:46 . 2012-04-11 05:15 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 05:15 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 05:15 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 05:15 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 05:15 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 05:15 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 05:15 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-05-03 11396840]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-11 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IME14 CHT Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-21 80240]
"EnvyHFCPL"="c:\program files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe" [2008-06-05 532480]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]
.
c:\users\Sidney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sidney\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-4 27087944]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-4-26 2379616]
uTorrent.lnk - c:\program files (x86)\uTorrent\uTorrent.exe [2010-12-31 880496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00c0404]
IME File REG_SZ IMTCP14.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google 更新服務 (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [x]
S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\Drivers\L6TPortA64.sys [x]
S3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
‘計劃任務’ 文件夾 裡的內容
.
2012-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 06:51]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 21:43]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 21:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-03 01:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-03 01:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-05-03 01:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-03 01:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 2320752]
"IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-21 109424]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Sidney\AppData\Roaming\Mozilla\Firefox\Profiles\h8hug43i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
.
.
------- 文件類型 -------
.
.txt=Notepad++_file
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities]
"ApplicationName"="Google 瀏覽器"
"ApplicationIcon"="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationDescription"="「Google 瀏覽器」開啟網頁和執行應用程式的速度奇快無比!除了執行速度快、穩定且容易使用之外,它還內建防護機制,讓您安心瀏覽網頁,無需擔心受到網路釣魚與惡意軟體的威脅。"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
".xht"="ChromeHTML"
".shtml"="ChromeHTML"
".html"="ChromeHTML"
".htm"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\StartMenu]
"StartMenuInternet"="Google 瀏覽器"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\URLAssociations]
"https"="ChromeHTML"
"http"="ChromeHTML"
"ftp"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\DefaultIcon]
@="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\InstallInfo]
"IconsVisible"=dword:00000001
"ShowIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --show-icons"
"HideIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --hide-icons"
"ReinstallCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --make-default-browser"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
@="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他運行進程 ------------------------
.
c:\program files (x86)\Razer\DeathAdder\razertra.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
.
**************************************************************************
.
完成時間: 2012-05-23 09:14:59 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2012-05-23 16:14
ComboFix2.txt 2012-03-09 08:21
.
Pre-Run: 36,776,730,624 bytes free
Post-Run: 36,463,001,600 bytes free
.
- - End Of File - - 068AEDDCB3F0CF46DA3993B687FDA310

(I noticed that some of it is in Chinese because of my system locale. I could change that if that makes it easier.)

The spam ads seems to have been fixed for now, but it is hard to say as it may pop up after some time again, which has happened before. I will need to use my computer for a little longer to find out.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:34 PM

Posted 23 May 2012 - 11:43 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 intronic

intronic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 23 May 2012 - 07:37 PM

The two logs are attached:

17:08:28.0363 3188 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
17:08:28.0753 3188 ============================================================
17:08:28.0753 3188 Current date / time: 2012/05/23 17:08:28.0753
17:08:28.0753 3188 SystemInfo:
17:08:28.0753 3188
17:08:28.0753 3188 OS Version: 6.1.7601 ServicePack: 1.0
17:08:28.0753 3188 Product type: Workstation
17:08:28.0753 3188 ComputerName: AMDX2-PC
17:08:28.0753 3188 UserName: Sidney
17:08:28.0753 3188 Windows directory: C:\Windows
17:08:28.0753 3188 System windows directory: C:\Windows
17:08:28.0753 3188 Running under WOW64
17:08:28.0753 3188 Processor architecture: Intel x64
17:08:28.0753 3188 Number of processors: 2
17:08:28.0753 3188 Page size: 0x1000
17:08:28.0753 3188 Boot type: Normal boot
17:08:28.0753 3188 ============================================================
17:08:29.0455 3188 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:08:29.0470 3188 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:08:29.0486 3188 ============================================================
17:08:29.0486 3188 \Device\Harddisk0\DR0:
17:08:29.0486 3188 MBR partitions:
17:08:29.0486 3188 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
17:08:29.0486 3188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0xD1C993D
17:08:29.0486 3188 \Device\Harddisk1\DR1:
17:08:29.0486 3188 MBR partitions:
17:08:29.0486 3188 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
17:08:29.0486 3188 ============================================================
17:08:29.0502 3188 C: <-> \Device\Harddisk0\DR0\Partition0
17:08:29.0517 3188 D: <-> \Device\Harddisk1\DR1\Partition0
17:08:29.0548 3188 E: <-> \Device\Harddisk0\DR0\Partition1
17:08:29.0548 3188 ============================================================
17:08:29.0548 3188 Initialize success
17:08:29.0548 3188 ============================================================
17:08:40.0266 1812 ============================================================
17:08:40.0266 1812 Scan started
17:08:40.0266 1812 Mode: Manual;
17:08:40.0266 1812 ============================================================
17:08:41.0170 1812 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:08:41.0186 1812 1394ohci - ok
17:08:41.0233 1812 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:08:41.0233 1812 ACPI - ok
17:08:41.0248 1812 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:08:41.0248 1812 AcpiPmi - ok
17:08:41.0311 1812 Adobe LM Service (4ae327c9c375d985ff2a2aab92765218) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
17:08:41.0326 1812 Adobe LM Service - ok
17:08:41.0467 1812 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:08:41.0482 1812 AdobeFlashPlayerUpdateSvc - ok
17:08:41.0545 1812 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:08:41.0560 1812 adp94xx - ok
17:08:41.0607 1812 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:08:41.0623 1812 adpahci - ok
17:08:41.0638 1812 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:08:41.0638 1812 adpu320 - ok
17:08:41.0685 1812 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:08:41.0685 1812 AeLookupSvc - ok
17:08:41.0748 1812 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:08:41.0763 1812 AFD - ok
17:08:41.0794 1812 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:08:41.0794 1812 agp440 - ok
17:08:41.0810 1812 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:08:41.0826 1812 ALG - ok
17:08:41.0841 1812 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:08:41.0841 1812 aliide - ok
17:08:41.0857 1812 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:08:41.0857 1812 amdide - ok
17:08:41.0888 1812 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:08:41.0888 1812 AmdK8 - ok
17:08:41.0904 1812 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:08:41.0904 1812 AmdPPM - ok
17:08:41.0935 1812 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:08:41.0950 1812 amdsata - ok
17:08:41.0982 1812 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:08:41.0997 1812 amdsbs - ok
17:08:42.0028 1812 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:08:42.0028 1812 amdxata - ok
17:08:42.0060 1812 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:08:42.0075 1812 AppID - ok
17:08:42.0091 1812 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:08:42.0091 1812 AppIDSvc - ok
17:08:42.0138 1812 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:08:42.0138 1812 Appinfo - ok
17:08:42.0169 1812 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:08:42.0184 1812 AppMgmt - ok
17:08:42.0200 1812 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:08:42.0200 1812 arc - ok
17:08:42.0216 1812 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:08:42.0231 1812 arcsas - ok
17:08:42.0340 1812 AsIO (f6bda026e4157dc4e321ca391e9d9bc6) C:\Windows\syswow64\drivers\AsIO.sys
17:08:42.0340 1812 AsIO - ok
17:08:42.0356 1812 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:08:42.0356 1812 AsyncMac - ok
17:08:42.0403 1812 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:08:42.0403 1812 atapi - ok
17:08:42.0450 1812 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:08:42.0481 1812 AudioEndpointBuilder - ok
17:08:42.0481 1812 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:08:42.0481 1812 AudioSrv - ok
17:08:42.0528 1812 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:08:42.0528 1812 AxInstSV - ok
17:08:42.0574 1812 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:08:42.0590 1812 b06bdrv - ok
17:08:42.0606 1812 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:08:42.0621 1812 b57nd60a - ok
17:08:42.0668 1812 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:08:42.0668 1812 BDESVC - ok
17:08:42.0684 1812 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:08:42.0684 1812 Beep - ok
17:08:42.0762 1812 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:08:42.0777 1812 BFE - ok
17:08:42.0824 1812 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:08:42.0855 1812 BITS - ok
17:08:42.0902 1812 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:08:42.0902 1812 blbdrive - ok
17:08:42.0949 1812 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:08:42.0949 1812 bowser - ok
17:08:42.0964 1812 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:08:42.0964 1812 BrFiltLo - ok
17:08:42.0980 1812 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:08:42.0980 1812 BrFiltUp - ok
17:08:43.0011 1812 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:08:43.0011 1812 BridgeMP - ok
17:08:43.0042 1812 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:08:43.0042 1812 Browser - ok
17:08:43.0074 1812 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:08:43.0089 1812 Brserid - ok
17:08:43.0105 1812 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:08:43.0105 1812 BrSerWdm - ok
17:08:43.0120 1812 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:08:43.0136 1812 BrUsbMdm - ok
17:08:43.0152 1812 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:08:43.0152 1812 BrUsbSer - ok
17:08:43.0167 1812 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:08:43.0167 1812 BTHMODEM - ok
17:08:43.0214 1812 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:08:43.0230 1812 bthserv - ok
17:08:43.0261 1812 catchme - ok
17:08:43.0292 1812 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:08:43.0308 1812 cdfs - ok
17:08:43.0354 1812 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:08:43.0354 1812 cdrom - ok
17:08:43.0401 1812 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:08:43.0401 1812 CertPropSvc - ok
17:08:43.0417 1812 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:08:43.0417 1812 circlass - ok
17:08:43.0448 1812 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:08:43.0464 1812 CLFS - ok
17:08:43.0542 1812 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:08:43.0542 1812 clr_optimization_v2.0.50727_32 - ok
17:08:43.0604 1812 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:08:43.0620 1812 clr_optimization_v2.0.50727_64 - ok
17:08:43.0698 1812 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:08:43.0698 1812 clr_optimization_v4.0.30319_32 - ok
17:08:43.0760 1812 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:08:43.0760 1812 clr_optimization_v4.0.30319_64 - ok
17:08:43.0807 1812 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:08:43.0807 1812 CmBatt - ok
17:08:43.0838 1812 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:08:43.0838 1812 cmdide - ok
17:08:43.0885 1812 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:08:43.0900 1812 CNG - ok
17:08:43.0932 1812 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:08:43.0932 1812 Compbatt - ok
17:08:43.0978 1812 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:08:43.0978 1812 CompositeBus - ok
17:08:43.0994 1812 COMSysApp - ok
17:08:44.0025 1812 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:08:44.0025 1812 crcdisk - ok
17:08:44.0072 1812 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:08:44.0088 1812 CryptSvc - ok
17:08:44.0134 1812 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:08:44.0150 1812 CSC - ok
17:08:44.0181 1812 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:08:44.0212 1812 CscService - ok
17:08:44.0259 1812 danewFltr (003626f7ca17c204f16cd5047af0703a) C:\Windows\system32\drivers\danew.sys
17:08:44.0259 1812 danewFltr - ok
17:08:44.0322 1812 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:08:44.0322 1812 DcomLaunch - ok
17:08:44.0384 1812 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:08:44.0400 1812 defragsvc - ok
17:08:44.0446 1812 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:08:44.0462 1812 DfsC - ok
17:08:44.0524 1812 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:08:44.0540 1812 Dhcp - ok
17:08:44.0587 1812 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:08:44.0587 1812 discache - ok
17:08:44.0618 1812 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:08:44.0618 1812 Disk - ok
17:08:44.0649 1812 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:08:44.0665 1812 Dnscache - ok
17:08:44.0680 1812 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:08:44.0696 1812 dot3svc - ok
17:08:44.0712 1812 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:08:44.0727 1812 DPS - ok
17:08:44.0774 1812 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:08:44.0774 1812 drmkaud - ok
17:08:44.0836 1812 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:08:44.0868 1812 DXGKrnl - ok
17:08:44.0899 1812 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:08:44.0914 1812 EapHost - ok
17:08:45.0055 1812 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:08:45.0117 1812 ebdrv - ok
17:08:45.0211 1812 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:08:45.0211 1812 EFS - ok
17:08:45.0289 1812 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:08:45.0304 1812 elxstor - ok
17:08:45.0336 1812 Envy24HFS (77ae88ad6e623d350ea4c95d7d5c7198) C:\Windows\system32\drivers\Envy24HF.sys
17:08:45.0351 1812 Envy24HFS - ok
17:08:45.0367 1812 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:08:45.0367 1812 ErrDev - ok
17:08:45.0429 1812 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:08:45.0445 1812 EventSystem - ok
17:08:45.0679 1812 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:08:45.0741 1812 exfat - ok
17:08:45.0850 1812 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:08:45.0866 1812 fastfat - ok
17:08:46.0131 1812 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:08:46.0162 1812 Fax - ok
17:08:46.0396 1812 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:08:46.0412 1812 fdc - ok
17:08:46.0568 1812 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:08:46.0568 1812 fdPHost - ok
17:08:46.0568 1812 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:08:46.0568 1812 FDResPub - ok
17:08:46.0599 1812 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:08:46.0599 1812 FileInfo - ok
17:08:46.0615 1812 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:08:46.0615 1812 Filetrace - ok
17:08:46.0646 1812 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:08:46.0646 1812 flpydisk - ok
17:08:46.0677 1812 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:08:46.0693 1812 FltMgr - ok
17:08:46.0755 1812 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:08:46.0771 1812 FontCache - ok
17:08:46.0880 1812 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:08:46.0880 1812 FontCache3.0.0.0 - ok
17:08:47.0005 1812 ForceWare Intelligent Application Manager (IAM) (52b58a46beefb238c580b69fd051cb5b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
17:08:47.0020 1812 ForceWare Intelligent Application Manager (IAM) - ok
17:08:47.0145 1812 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:08:47.0145 1812 FsDepends - ok
17:08:47.0176 1812 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:08:47.0176 1812 Fs_Rec - ok
17:08:47.0208 1812 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:08:47.0223 1812 fvevol - ok
17:08:47.0254 1812 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:08:47.0254 1812 gagp30kx - ok
17:08:47.0301 1812 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:08:47.0332 1812 gpsvc - ok
17:08:47.0442 1812 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:08:47.0457 1812 gupdate - ok
17:08:47.0473 1812 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:08:47.0473 1812 gupdatem - ok
17:08:47.0504 1812 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:08:47.0520 1812 gusvc - ok
17:08:47.0551 1812 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:08:47.0551 1812 hcw85cir - ok
17:08:47.0598 1812 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:08:47.0613 1812 HdAudAddService - ok
17:08:47.0644 1812 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:08:47.0644 1812 HDAudBus - ok
17:08:47.0660 1812 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:08:47.0676 1812 HidBatt - ok
17:08:47.0691 1812 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:08:47.0707 1812 HidBth - ok
17:08:47.0722 1812 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:08:47.0722 1812 HidIr - ok
17:08:47.0754 1812 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:08:47.0769 1812 hidserv - ok
17:08:47.0800 1812 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:08:47.0800 1812 HidUsb - ok
17:08:47.0847 1812 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:08:47.0863 1812 hkmsvc - ok
17:08:47.0894 1812 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:08:47.0910 1812 HomeGroupListener - ok
17:08:47.0925 1812 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:08:47.0941 1812 HomeGroupProvider - ok
17:08:47.0988 1812 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:08:47.0988 1812 HpSAMD - ok
17:08:48.0019 1812 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
17:08:48.0019 1812 HTCAND64 - ok
17:08:48.0066 1812 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
17:08:48.0066 1812 htcnprot - ok
17:08:48.0112 1812 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:08:48.0128 1812 HTTP - ok
17:08:48.0144 1812 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:08:48.0144 1812 hwpolicy - ok
17:08:48.0175 1812 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:08:48.0175 1812 i8042prt - ok
17:08:48.0237 1812 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:08:48.0253 1812 iaStorV - ok
17:08:48.0378 1812 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:08:48.0378 1812 IDriverT - ok
17:08:48.0502 1812 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:08:48.0534 1812 idsvc - ok
17:08:48.0658 1812 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:08:48.0658 1812 iirsp - ok
17:08:48.0721 1812 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:08:48.0736 1812 IKEEXT - ok
17:08:48.0830 1812 ImeDictUpdateService (4552b448cf9c00ba2a94032af35bd9fc) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
17:08:48.0830 1812 ImeDictUpdateService - ok
17:08:48.0846 1812 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:08:48.0846 1812 intelide - ok
17:08:48.0877 1812 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:08:48.0877 1812 intelppm - ok
17:08:48.0970 1812 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
17:08:48.0970 1812 IntuitUpdateServiceV4 - ok
17:08:49.0002 1812 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:08:49.0017 1812 IPBusEnum - ok
17:08:49.0048 1812 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:08:49.0048 1812 IpFilterDriver - ok
17:08:49.0095 1812 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:08:49.0126 1812 iphlpsvc - ok
17:08:49.0158 1812 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:08:49.0158 1812 IPMIDRV - ok
17:08:49.0189 1812 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:08:49.0204 1812 IPNAT - ok
17:08:49.0220 1812 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:08:49.0220 1812 IRENUM - ok
17:08:49.0251 1812 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:08:49.0251 1812 isapnp - ok
17:08:49.0282 1812 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:08:49.0298 1812 iScsiPrt - ok
17:08:49.0314 1812 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:08:49.0329 1812 kbdclass - ok
17:08:49.0345 1812 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:08:49.0345 1812 kbdhid - ok
17:08:49.0376 1812 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:08:49.0376 1812 KeyIso - ok
17:08:49.0392 1812 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:08:49.0392 1812 KSecDD - ok
17:08:49.0407 1812 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:08:49.0423 1812 KSecPkg - ok
17:08:49.0423 1812 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:08:49.0438 1812 ksthunk - ok
17:08:49.0470 1812 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:08:49.0485 1812 KtmRm - ok
17:08:49.0548 1812 L6TPortA (938d1cc2ff0b93bb9651c3e6b0d6fbf4) C:\Windows\system32\Drivers\L6TPortA64.sys
17:08:49.0594 1812 L6TPortA - ok
17:08:49.0657 1812 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:08:49.0672 1812 LanmanServer - ok
17:08:49.0704 1812 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:08:49.0719 1812 LanmanWorkstation - ok
17:08:49.0782 1812 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:08:49.0782 1812 lltdio - ok
17:08:49.0813 1812 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:08:49.0828 1812 lltdsvc - ok
17:08:49.0844 1812 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:08:49.0844 1812 lmhosts - ok
17:08:49.0875 1812 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:08:49.0875 1812 LSI_FC - ok
17:08:49.0906 1812 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:08:49.0906 1812 LSI_SAS - ok
17:08:49.0922 1812 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:08:49.0922 1812 LSI_SAS2 - ok
17:08:49.0938 1812 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:08:49.0953 1812 LSI_SCSI - ok
17:08:49.0969 1812 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:08:49.0984 1812 luafv - ok
17:08:50.0000 1812 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:08:50.0000 1812 megasas - ok
17:08:50.0047 1812 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:08:50.0062 1812 MegaSR - ok
17:08:50.0156 1812 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:08:50.0156 1812 Microsoft Office Groove Audit Service - ok
17:08:50.0203 1812 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:08:50.0203 1812 MMCSS - ok
17:08:50.0250 1812 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:08:50.0250 1812 Modem - ok
17:08:50.0281 1812 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:08:50.0281 1812 monitor - ok
17:08:50.0328 1812 MotioninJoyXFilter (fc44ad48746ffa5fd640ef1260ab5ec2) C:\Windows\system32\DRIVERS\MijXfilt.sys
17:08:50.0328 1812 MotioninJoyXFilter - ok
17:08:50.0374 1812 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:08:50.0374 1812 mouclass - ok
17:08:50.0406 1812 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:08:50.0406 1812 mouhid - ok
17:08:50.0452 1812 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:08:50.0452 1812 mountmgr - ok
17:08:50.0515 1812 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:08:50.0530 1812 MozillaMaintenance - ok
17:08:50.0577 1812 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
17:08:50.0593 1812 MpFilter - ok
17:08:50.0624 1812 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:08:50.0624 1812 mpio - ok
17:08:50.0655 1812 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:08:50.0655 1812 mpsdrv - ok
17:08:50.0702 1812 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:08:50.0749 1812 MpsSvc - ok
17:08:50.0796 1812 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:08:50.0811 1812 MRxDAV - ok
17:08:50.0827 1812 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:08:50.0842 1812 mrxsmb - ok
17:08:50.0889 1812 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:08:50.0889 1812 mrxsmb10 - ok
17:08:50.0905 1812 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:08:50.0905 1812 mrxsmb20 - ok
17:08:50.0936 1812 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:08:50.0936 1812 msahci - ok
17:08:50.0967 1812 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:08:50.0967 1812 msdsm - ok
17:08:50.0998 1812 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:08:51.0014 1812 MSDTC - ok
17:08:51.0076 1812 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:08:51.0076 1812 Msfs - ok
17:08:51.0123 1812 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:08:51.0201 1812 mshidkmdf - ok
17:08:51.0326 1812 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:08:51.0326 1812 msisadrv - ok
17:08:51.0357 1812 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:08:51.0373 1812 MSiSCSI - ok
17:08:51.0388 1812 msiserver - ok
17:08:51.0420 1812 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:08:51.0420 1812 MSKSSRV - ok
17:08:51.0498 1812 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:08:51.0498 1812 MsMpSvc - ok
17:08:51.0513 1812 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:08:51.0513 1812 MSPCLOCK - ok
17:08:51.0529 1812 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:08:51.0529 1812 MSPQM - ok
17:08:51.0576 1812 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:08:51.0576 1812 MsRPC - ok
17:08:51.0607 1812 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:08:51.0607 1812 mssmbios - ok
17:08:51.0622 1812 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:08:51.0622 1812 MSTEE - ok
17:08:51.0638 1812 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:08:51.0638 1812 MTConfig - ok
17:08:51.0685 1812 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
17:08:51.0685 1812 MTsensor - ok
17:08:51.0700 1812 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:08:51.0700 1812 Mup - ok
17:08:51.0763 1812 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:08:51.0778 1812 napagent - ok
17:08:51.0810 1812 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:08:51.0825 1812 NativeWifiP - ok
17:08:51.0903 1812 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:08:51.0934 1812 NDIS - ok
17:08:51.0950 1812 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:08:51.0950 1812 NdisCap - ok
17:08:51.0997 1812 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:08:51.0997 1812 NdisTapi - ok
17:08:52.0028 1812 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:08:52.0028 1812 Ndisuio - ok
17:08:52.0059 1812 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:08:52.0075 1812 NdisWan - ok
17:08:52.0090 1812 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:08:52.0090 1812 NDProxy - ok
17:08:52.0106 1812 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:08:52.0106 1812 NetBIOS - ok
17:08:52.0153 1812 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:08:52.0153 1812 NetBT - ok
17:08:52.0184 1812 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:08:52.0184 1812 Netlogon - ok
17:08:52.0246 1812 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:08:52.0262 1812 Netman - ok
17:08:52.0293 1812 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:08:52.0309 1812 netprofm - ok
17:08:52.0449 1812 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:08:52.0449 1812 NetTcpPortSharing - ok
17:08:52.0512 1812 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:08:52.0512 1812 nfrd960 - ok
17:08:52.0605 1812 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:08:52.0605 1812 NisDrv - ok
17:08:52.0699 1812 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
17:08:52.0699 1812 NisSrv - ok
17:08:52.0761 1812 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:08:52.0777 1812 NlaSvc - ok
17:08:52.0824 1812 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:08:52.0824 1812 Npfs - ok
17:08:52.0870 1812 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:08:52.0870 1812 nsi - ok
17:08:52.0902 1812 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:08:52.0902 1812 nsiproxy - ok
17:08:52.0995 1812 nSvcIp (20e179a7fe78b37a02d30c4d34c870e7) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
17:08:53.0011 1812 nSvcIp - ok
17:08:53.0120 1812 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:08:53.0151 1812 Ntfs - ok
17:08:53.0260 1812 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:08:53.0260 1812 Null - ok
17:08:53.0307 1812 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
17:08:53.0338 1812 NVENETFD - ok
17:08:53.0838 1812 nvlddmkm (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:08:54.0103 1812 nvlddmkm - ok
17:08:54.0181 1812 NVNET (c42c32bf90a78d72d4b7c144ff907fb6) C:\Windows\system32\DRIVERS\nvmf6264.sys
17:08:54.0196 1812 NVNET - ok
17:08:54.0259 1812 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:08:54.0259 1812 nvraid - ok
17:08:54.0290 1812 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:08:54.0290 1812 nvstor - ok
17:08:54.0321 1812 nvstor64 (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
17:08:54.0337 1812 nvstor64 - ok
17:08:54.0415 1812 nvsvc (dd9d86051b8f7669aabf693530f380fe) C:\Windows\system32\nvvsvc.exe
17:08:54.0462 1812 nvsvc - ok
17:08:54.0649 1812 nvUpdatusService (4472183de09f80cb1b56f217d8e0ab9b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:08:54.0711 1812 nvUpdatusService - ok
17:08:54.0852 1812 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:08:54.0852 1812 nv_agp - ok
17:08:54.0945 1812 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:08:54.0961 1812 odserv - ok
17:08:54.0976 1812 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:08:54.0976 1812 ohci1394 - ok
17:08:55.0023 1812 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:08:55.0023 1812 ose - ok
17:08:55.0288 1812 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:08:55.0304 1812 p2pimsvc - ok
17:08:55.0320 1812 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:08:55.0351 1812 p2psvc - ok
17:08:55.0429 1812 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:08:55.0429 1812 Parport - ok
17:08:55.0460 1812 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:08:55.0460 1812 partmgr - ok
17:08:55.0522 1812 PassThru Service (5fbcc9eeefaca3019d5bd5979618f298) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
17:08:55.0522 1812 PassThru Service - ok
17:08:55.0616 1812 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:08:55.0632 1812 PcaSvc - ok
17:08:55.0678 1812 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:08:55.0678 1812 pci - ok
17:08:55.0710 1812 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:08:55.0710 1812 pciide - ok
17:08:55.0741 1812 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:08:55.0756 1812 pcmcia - ok
17:08:55.0772 1812 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:08:55.0772 1812 pcw - ok
17:08:55.0819 1812 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:08:55.0834 1812 PEAUTH - ok
17:08:55.0928 1812 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:08:55.0975 1812 PeerDistSvc - ok
17:08:56.0084 1812 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:08:56.0100 1812 PerfHost - ok
17:08:56.0692 1812 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:08:56.0724 1812 pla - ok
17:08:56.0786 1812 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:08:56.0817 1812 PlugPlay - ok
17:08:56.0848 1812 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:08:56.0848 1812 PNRPAutoReg - ok
17:08:56.0880 1812 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:08:56.0895 1812 PNRPsvc - ok
17:08:56.0973 1812 Point64 (7ca2487bc51fbe4fa30de657c61d27d3) C:\Windows\system32\DRIVERS\point64k.sys
17:08:56.0973 1812 Point64 - ok
17:08:57.0036 1812 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:08:57.0051 1812 PolicyAgent - ok
17:08:57.0098 1812 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:08:57.0114 1812 Power - ok
17:08:57.0160 1812 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:08:57.0160 1812 PptpMiniport - ok
17:08:57.0192 1812 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:08:57.0192 1812 Processor - ok
17:08:57.0238 1812 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:08:57.0254 1812 ProfSvc - ok
17:08:57.0270 1812 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:08:57.0270 1812 ProtectedStorage - ok
17:08:57.0301 1812 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:08:57.0316 1812 Psched - ok
17:08:57.0379 1812 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:08:57.0426 1812 ql2300 - ok
17:08:57.0550 1812 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:08:57.0550 1812 ql40xx - ok
17:08:57.0582 1812 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:08:57.0597 1812 QWAVE - ok
17:08:57.0613 1812 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:08:57.0613 1812 QWAVEdrv - ok
17:08:57.0628 1812 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:08:57.0628 1812 RasAcd - ok
17:08:57.0675 1812 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:08:57.0675 1812 RasAgileVpn - ok
17:08:57.0675 1812 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:08:57.0691 1812 RasAuto - ok
17:08:57.0722 1812 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:08:57.0738 1812 Rasl2tp - ok
17:08:57.0753 1812 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:08:57.0769 1812 RasMan - ok
17:08:57.0784 1812 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:08:57.0784 1812 RasPppoe - ok
17:08:57.0800 1812 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:08:57.0816 1812 RasSstp - ok
17:08:57.0831 1812 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:08:57.0847 1812 rdbss - ok
17:08:57.0862 1812 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:08:57.0862 1812 rdpbus - ok
17:08:57.0862 1812 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:08:57.0862 1812 RDPCDD - ok
17:08:57.0925 1812 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:08:57.0925 1812 RDPDR - ok
17:08:57.0956 1812 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:08:57.0956 1812 RDPENCDD - ok
17:08:58.0003 1812 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:08:58.0003 1812 RDPREFMP - ok
17:08:58.0034 1812 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:08:58.0050 1812 RdpVideoMiniport - ok
17:08:58.0081 1812 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:08:58.0096 1812 RDPWD - ok
17:08:58.0128 1812 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:08:58.0143 1812 rdyboost - ok
17:08:58.0174 1812 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:08:58.0190 1812 RemoteAccess - ok
17:08:58.0221 1812 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:08:58.0237 1812 RemoteRegistry - ok
17:08:58.0252 1812 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:08:58.0252 1812 RpcEptMapper - ok
17:08:58.0284 1812 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:08:58.0284 1812 RpcLocator - ok
17:08:58.0315 1812 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
17:08:58.0330 1812 RpcSs - ok
17:08:58.0377 1812 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:08:58.0377 1812 rspndr - ok
17:08:58.0408 1812 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:08:58.0408 1812 s3cap - ok
17:08:58.0440 1812 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:08:58.0440 1812 SamSs - ok
17:08:58.0455 1812 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:08:58.0455 1812 sbp2port - ok
17:08:58.0471 1812 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:08:58.0486 1812 SCardSvr - ok
17:08:58.0518 1812 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:08:58.0518 1812 scfilter - ok
17:08:58.0596 1812 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:08:58.0627 1812 Schedule - ok
17:08:58.0642 1812 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:08:58.0642 1812 SCPolicySvc - ok
17:08:58.0689 1812 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:08:58.0705 1812 SDRSVC - ok
17:08:58.0752 1812 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:08:58.0752 1812 secdrv - ok
17:08:58.0767 1812 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:08:58.0767 1812 seclogon - ok
17:08:58.0798 1812 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:08:58.0814 1812 SENS - ok
17:08:58.0814 1812 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:08:58.0814 1812 SensrSvc - ok
17:08:58.0830 1812 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:08:58.0830 1812 Serenum - ok
17:08:58.0830 1812 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:08:58.0845 1812 Serial - ok
17:08:58.0861 1812 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:08:58.0861 1812 sermouse - ok
17:08:58.0908 1812 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:08:58.0923 1812 SessionEnv - ok
17:08:58.0970 1812 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:08:58.0970 1812 sffdisk - ok
17:08:58.0986 1812 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:08:58.0986 1812 sffp_mmc - ok
17:08:59.0001 1812 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:08:59.0001 1812 sffp_sd - ok
17:08:59.0017 1812 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:08:59.0017 1812 sfloppy - ok
17:08:59.0064 1812 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:08:59.0079 1812 SharedAccess - ok
17:08:59.0126 1812 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:08:59.0142 1812 ShellHWDetection - ok
17:08:59.0173 1812 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:08:59.0173 1812 SiSRaid2 - ok
17:08:59.0188 1812 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:08:59.0188 1812 SiSRaid4 - ok
17:08:59.0220 1812 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:08:59.0235 1812 Smb - ok
17:08:59.0313 1812 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:08:59.0313 1812 SNMPTRAP - ok
17:08:59.0329 1812 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:08:59.0329 1812 spldr - ok
17:08:59.0391 1812 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:08:59.0407 1812 Spooler - ok
17:08:59.0547 1812 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:08:59.0610 1812 sppsvc - ok
17:08:59.0688 1812 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:08:59.0703 1812 sppuinotify - ok
17:08:59.0703 1812 sptd - ok
17:08:59.0781 1812 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:08:59.0812 1812 srv - ok
17:08:59.0906 1812 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:08:59.0922 1812 srv2 - ok
17:08:59.0953 1812 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:08:59.0953 1812 srvnet - ok
17:08:59.0984 1812 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:09:00.0000 1812 SSDPSRV - ok
17:09:00.0015 1812 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:09:00.0015 1812 SstpSvc - ok
17:09:00.0046 1812 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:09:00.0046 1812 stexstor - ok
17:09:00.0124 1812 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:09:00.0156 1812 stisvc - ok
17:09:00.0171 1812 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:09:00.0171 1812 storflt - ok
17:09:00.0187 1812 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:09:00.0187 1812 storvsc - ok
17:09:00.0202 1812 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:09:00.0202 1812 swenum - ok
17:09:00.0249 1812 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:09:00.0265 1812 swprv - ok
17:09:00.0280 1812 Synth3dVsc - ok
17:09:00.0390 1812 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:09:00.0436 1812 SysMain - ok
17:09:00.0546 1812 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:09:00.0561 1812 TabletInputService - ok
17:09:00.0608 1812 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:09:00.0624 1812 TapiSrv - ok
17:09:00.0639 1812 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:09:00.0655 1812 TBS - ok
17:09:00.0795 1812 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:09:00.0811 1812 Tcpip - ok
17:09:01.0357 1812 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:09:01.0372 1812 TCPIP6 - ok
17:09:01.0497 1812 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:09:01.0497 1812 tcpipreg - ok
17:09:01.0528 1812 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:09:01.0528 1812 TDPIPE - ok
17:09:01.0575 1812 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:09:01.0591 1812 TDTCP - ok
17:09:01.0731 1812 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:09:01.0747 1812 tdx - ok
17:09:01.0762 1812 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:09:01.0762 1812 TermDD - ok
17:09:01.0825 1812 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:09:01.0856 1812 TermService - ok
17:09:01.0903 1812 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:09:01.0918 1812 Themes - ok
17:09:01.0996 1812 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:09:01.0996 1812 THREADORDER - ok
17:09:02.0028 1812 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:09:02.0028 1812 TrkWks - ok
17:09:02.0074 1812 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:09:02.0090 1812 TrustedInstaller - ok
17:09:02.0137 1812 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:09:02.0137 1812 tssecsrv - ok
17:09:02.0168 1812 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:09:02.0168 1812 TsUsbFlt - ok
17:09:02.0184 1812 tsusbhub - ok
17:09:02.0293 1812 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:09:02.0293 1812 tunnel - ok
17:09:02.0324 1812 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:09:02.0324 1812 uagp35 - ok
17:09:02.0371 1812 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:09:02.0386 1812 udfs - ok
17:09:02.0418 1812 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:09:02.0433 1812 UI0Detect - ok
17:09:02.0449 1812 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:09:02.0449 1812 uliagpkx - ok
17:09:02.0480 1812 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:09:02.0480 1812 umbus - ok
17:09:02.0496 1812 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:09:02.0496 1812 UmPass - ok
17:09:02.0527 1812 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:09:02.0542 1812 UmRdpService - ok
17:09:02.0558 1812 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:09:02.0574 1812 upnphost - ok
17:09:02.0605 1812 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:09:02.0620 1812 usbaudio - ok
17:09:02.0652 1812 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:09:02.0652 1812 usbccgp - ok
17:09:02.0683 1812 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:09:02.0683 1812 usbcir - ok
17:09:02.0730 1812 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:09:02.0730 1812 usbehci - ok
17:09:02.0776 1812 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:09:02.0792 1812 usbhub - ok
17:09:02.0808 1812 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:09:02.0808 1812 usbohci - ok
17:09:02.0839 1812 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:09:02.0839 1812 usbprint - ok
17:09:02.0870 1812 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:09:02.0886 1812 USBSTOR - ok
17:09:02.0901 1812 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:09:02.0901 1812 usbuhci - ok
17:09:02.0917 1812 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:09:02.0932 1812 UxSms - ok
17:09:02.0948 1812 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:09:02.0948 1812 VaultSvc - ok
17:09:02.0964 1812 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:09:02.0964 1812 vdrvroot - ok
17:09:03.0026 1812 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:09:03.0057 1812 vds - ok
17:09:03.0088 1812 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:09:03.0088 1812 vga - ok
17:09:03.0135 1812 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:09:03.0135 1812 VgaSave - ok
17:09:03.0151 1812 VGPU - ok
17:09:03.0198 1812 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:09:03.0213 1812 vhdmp - ok
17:09:03.0229 1812 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:09:03.0229 1812 viaide - ok
17:09:03.0260 1812 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
17:09:03.0260 1812 VKbms - ok
17:09:03.0276 1812 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:09:03.0291 1812 vmbus - ok
17:09:03.0307 1812 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:09:03.0307 1812 VMBusHID - ok
17:09:03.0322 1812 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:09:03.0322 1812 volmgr - ok
17:09:03.0354 1812 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:09:03.0369 1812 volmgrx - ok
17:09:03.0416 1812 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:09:03.0416 1812 volsnap - ok
17:09:03.0447 1812 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:09:03.0463 1812 vsmraid - ok
17:09:03.0541 1812 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:09:03.0619 1812 VSS - ok
17:09:03.0712 1812 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:09:03.0728 1812 vwifibus - ok
17:09:03.0759 1812 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:09:03.0790 1812 W32Time - ok
17:09:03.0806 1812 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:09:03.0806 1812 WacomPen - ok
17:09:03.0853 1812 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:09:03.0868 1812 WANARP - ok
17:09:03.0868 1812 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:09:03.0868 1812 Wanarpv6 - ok
17:09:03.0962 1812 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:09:04.0024 1812 WatAdminSvc - ok
17:09:04.0118 1812 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:09:04.0180 1812 wbengine - ok
17:09:04.0274 1812 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:09:04.0274 1812 WbioSrvc - ok
17:09:04.0321 1812 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:09:04.0336 1812 wcncsvc - ok
17:09:04.0352 1812 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:09:04.0352 1812 WcsPlugInService - ok
17:09:04.0399 1812 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:09:04.0414 1812 Wd - ok
17:09:04.0446 1812 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:09:04.0461 1812 Wdf01000 - ok
17:09:04.0492 1812 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:09:04.0492 1812 WdiServiceHost - ok
17:09:04.0492 1812 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:09:04.0508 1812 WdiSystemHost - ok
17:09:04.0539 1812 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:09:04.0555 1812 WebClient - ok
17:09:04.0602 1812 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:09:04.0617 1812 Wecsvc - ok
17:09:04.0664 1812 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:09:04.0664 1812 wercplsupport - ok
17:09:04.0695 1812 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:09:04.0695 1812 WerSvc - ok
17:09:04.0711 1812 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:09:04.0711 1812 WfpLwf - ok
17:09:04.0726 1812 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:09:04.0726 1812 WIMMount - ok
17:09:04.0773 1812 WinDefend - ok
17:09:04.0773 1812 WinHttpAutoProxySvc - ok
17:09:04.0851 1812 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:09:04.0867 1812 Winmgmt - ok
17:09:04.0976 1812 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:09:05.0023 1812 WinRM - ok
17:09:05.0194 1812 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
17:09:05.0194 1812 WinUSB - ok
17:09:05.0257 1812 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:09:05.0304 1812 Wlansvc - ok
17:09:05.0350 1812 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:09:05.0350 1812 wlcrasvc - ok
17:09:05.0491 1812 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:09:05.0538 1812 wlidsvc - ok
17:09:05.0647 1812 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:09:05.0647 1812 WmiAcpi - ok
17:09:05.0709 1812 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:09:05.0725 1812 wmiApSrv - ok
17:09:05.0756 1812 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:09:05.0756 1812 WPCSvc - ok
17:09:05.0787 1812 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:09:05.0787 1812 WPDBusEnum - ok
17:09:05.0818 1812 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:09:05.0818 1812 ws2ifsl - ok
17:09:05.0834 1812 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:09:05.0834 1812 wscsvc - ok
17:09:05.0834 1812 WSearch - ok
17:09:05.0959 1812 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:09:06.0006 1812 wuauserv - ok
17:09:06.0084 1812 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:09:06.0084 1812 WudfPf - ok
17:09:06.0130 1812 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:09:06.0130 1812 WUDFRd - ok
17:09:06.0146 1812 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:09:06.0162 1812 wudfsvc - ok
17:09:06.0193 1812 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:09:06.0208 1812 WwanSvc - ok
17:09:06.0240 1812 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
17:09:06.0240 1812 xusb21 - ok
17:09:06.0271 1812 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:09:06.0427 1812 \Device\Harddisk0\DR0 - ok
17:09:06.0427 1812 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:09:06.0442 1812 \Device\Harddisk1\DR1 - ok
17:09:06.0442 1812 Boot (0x1200) (850cbc331cf6b0db59aeebf984c3ea5a) \Device\Harddisk0\DR0\Partition0
17:09:06.0442 1812 \Device\Harddisk0\DR0\Partition0 - ok
17:09:06.0458 1812 Boot (0x1200) (0597248d10c59d556622e3dd3045c210) \Device\Harddisk0\DR0\Partition1
17:09:06.0458 1812 \Device\Harddisk0\DR0\Partition1 - ok
17:09:06.0458 1812 Boot (0x1200) (dc8a35e7f45dabf4257395c58dcf23c2) \Device\Harddisk1\DR1\Partition0
17:09:06.0474 1812 \Device\Harddisk1\DR1\Partition0 - ok
17:09:06.0474 1812 ============================================================
17:09:06.0474 1812 Scan finished
17:09:06.0474 1812 ============================================================
17:09:06.0489 4080 Detected object count: 0
17:09:06.0489 4080 Actual detected object count: 0
17:09:13.0041 4060 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-23 17:09:22
-----------------------------
17:09:22.292 OS Version: Windows x64 6.1.7601 Service Pack 1
17:09:22.292 Number of processors: 2 586 0x4B02
17:09:22.292 ComputerName: AMDX2-PC UserName: Sidney
17:09:22.776 Initialize success
17:13:19.833 AVAST engine defs: 12052301
17:13:57.897 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
17:13:57.897 Disk 0 Vendor: ST325062 3.AA Size: 238475MB BusType: 3
17:13:57.897 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005f
17:13:57.897 Disk 1 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 3
17:13:57.913 Disk 0 MBR read successfully
17:13:57.913 Disk 0 MBR scan
17:13:57.913 Disk 0 Windows XP default MBR code
17:13:57.928 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
17:13:57.944 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 107411 MB offset 268414020
17:13:58.225 Disk 0 scanning C:\Windows\system32\drivers
17:14:07.944 Service scanning
17:14:29.706 Modules scanning
17:14:29.706 Disk 0 trace - called modules:
17:14:29.721 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
17:14:29.721 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003702060]
17:14:29.737 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8002e9fc00]
17:14:29.737 5 ACPI.sys[fffff88000e867a1] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa8002e94730]
17:14:30.236 AVAST engine scan C:\Windows
17:14:32.264 AVAST engine scan C:\Windows\system32
17:17:31.477 AVAST engine scan C:\Windows\system32\drivers
17:17:44.534 AVAST engine scan C:\Users\Sidney
17:31:24.922 AVAST engine scan C:\ProgramData
17:36:31.986 Scan finished successfully
17:36:55.245 Disk 0 MBR has been saved successfully to "C:\Users\Sidney\Desktop\MBR.dat"
17:36:55.245 The log file has been saved successfully to "C:\Users\Sidney\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:34 PM

Posted 24 May 2012 - 08:23 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 intronic

intronic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 24 May 2012 - 08:48 PM

Thanks for your help, it seems to have been fixed! I have not seen the spam since yesterday, but if it happens again I will post back. Just out of curiosity, what exactly was the problem, and which step fixed it? Here is the log from the Combofix script:

ComboFix 12-05-24.03 - Sidney 4/2012 Thu 18:29:28.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.3070.1680 [GMT -7:00]
執行位置: e:\my documents\My Downloads\ComboFix.exe
Command switches used :: c:\users\Sidney\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sidney\AppData\Local\Temp\_MEI30682\_ctypes.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\_elementtree.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\_hashlib.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\_socket.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\_ssl.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\pyexpat.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\pysqlite2._sqlite.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\python26.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30682\pythoncom26.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30682\PyWinTypes26.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30682\select.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\win32api.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\win32com.shell.shell.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\win32crypt.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\win32event.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\win32file.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\win32gui.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\win32inet.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\win32process.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\wx._controls_.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\wx._core_.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\wx._gdi_.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\wx._html2.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\wx._misc_.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\wx._windows_.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\wx._wizard.pyd
c:\users\Sidney\AppData\Local\Temp\_MEI30682\wxbase293u_net_vc.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30682\wxbase293u_vc.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30682\wxmsw293u_adv_vc.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30682\wxmsw293u_core_vc.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30682\wxmsw293u_html_vc.dll
c:\users\Sidney\AppData\Local\Temp\_MEI30682\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( 2012-04-25 至 2012-05-25 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2012-05-25 01:37 . 2012-05-25 01:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-25 01:37 . 2012-05-25 01:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-25 01:37 . 2012-05-25 01:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-24 00:42 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF160E09-5904-4F69-B38E-92DB7AC94D42}\mpengine.dll
2012-05-23 02:59 . 2012-05-23 02:59 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-05-18 18:26 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-11 16:26 . 2012-05-11 16:26 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c6100de01cd2f9201\MeshBetaRemover.exe
2012-05-09 16:28 . 2012-05-09 16:28 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-09 16:28 . 2012-05-09 16:28 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-09 06:56 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 06:56 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 06:56 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 06:56 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 06:56 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 06:56 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 06:56 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 06:56 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 06:56 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 06:56 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 06:56 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 06:56 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 06:55 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-06 06:50 . 2012-05-06 06:50 -------- d-----w- c:\program files\Windows Sidebar
2012-05-04 06:31 . 2012-05-04 06:31 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-05-01 07:53 . 2012-05-24 02:35 -------- d-s---w- c:\users\Sidney\Google Drive
2012-04-25 14:37 . 2012-04-25 14:37 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-25 06:59 . 2012-04-25 06:59 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 06:59 . 2012-04-25 06:59 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 06:59 . 2012-04-25 06:59 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-25 03:08 . 2012-04-25 03:08 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 06:51 . 2012-03-29 05:36 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 06:51 . 2011-05-31 07:24 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 17:31 . 2012-04-13 21:31 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 22:56 . 2011-07-28 02:01 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-21 03:44 . 2011-04-27 23:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2011-04-18 21:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 06:46 . 2012-04-11 05:15 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 05:15 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 05:15 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 05:15 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 05:15 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 05:15 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 05:15 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-23_16.07.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-31 07:42 . 2012-05-25 01:40 37376 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-25 01:40 38526 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-31 07:29 . 2012-05-25 01:40 14132 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2105289557-2070739655-2430133877-1000_UserData.bin
- 2010-12-31 08:29 . 2012-05-23 16:10 81920 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-31 08:29 . 2012-05-25 01:01 81920 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-31 08:29 . 2012-05-23 16:10 65536 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-31 08:29 . 2012-05-25 01:01 65536 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-23 16:07 . 2012-05-23 16:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-25 01:38 . 2012-05-25 01:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-23 16:07 . 2012-05-23 16:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-25 01:38 . 2012-05-25 01:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-05-25 01:37 397160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-23 16:06 397160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-31 07:39 . 2012-05-25 01:37 23237132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2105289557-2070739655-2430133877-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-05-03 11396840]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-11 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IME14 CHT Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-21 80240]
"EnvyHFCPL"="c:\program files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe" [2008-06-05 532480]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]
.
c:\users\Sidney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sidney\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-4 27087944]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-4-26 2379616]
uTorrent.lnk - c:\program files (x86)\uTorrent\uTorrent.exe [2010-12-31 880496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00c0404]
IME File REG_SZ IMTCP14.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google 更新服務 (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [x]
S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\Drivers\L6TPortA64.sys [x]
S3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
‘計劃任務’ 文件夾 裡的內容
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 06:51]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 21:43]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 21:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Sidney\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-03 01:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-03 01:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-05-03 01:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-03 01:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 2320752]
"IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-21 109424]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Sidney\AppData\Roaming\Mozilla\Firefox\Profiles\h8hug43i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities]
"ApplicationName"="Google 瀏覽器"
"ApplicationIcon"="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationDescription"="「Google 瀏覽器」開啟網頁和執行應用程式的速度奇快無比!除了執行速度快、穩定且容易使用之外,它還內建防護機制,讓您安心瀏覽網頁,無需擔心受到網路釣魚與惡意軟體的威脅。"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
".xht"="ChromeHTML"
".shtml"="ChromeHTML"
".html"="ChromeHTML"
".htm"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\StartMenu]
"StartMenuInternet"="Google 瀏覽器"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\URLAssociations]
"https"="ChromeHTML"
"http"="ChromeHTML"
"ftp"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\DefaultIcon]
@="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\InstallInfo]
"IconsVisible"=dword:00000001
"ShowIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --show-icons"
"HideIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --hide-icons"
"ReinstallCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --make-default-browser"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
@="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他運行進程 ------------------------
.
c:\program files (x86)\Razer\DeathAdder\razertra.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
.
**************************************************************************
.
完成時間: 2012-05-24 18:45:58 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2012-05-25 01:45
ComboFix2.txt 2012-05-23 16:14
ComboFix3.txt 2012-03-09 08:21
.
Pre-Run: 35,756,744,704 bytes free
Post-Run: 35,558,551,552 bytes free
.
- - End Of File - - 2D4EBBF9B45D9C5371FB50E5E02BEFDA

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:34 PM

Posted 24 May 2012 - 09:19 PM

Hello

Combofix cleaned up the host file

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

£gTorrent [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.
Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 intronic

intronic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 27 May 2012 - 02:00 AM

Hi,

I am actually in the process of moving, so I have disconnected my desktop computer and it won't be set up for a few days. I will post the logs as soon as I get it set up. My best estimate is probably some time late next week (Thursday or Friday). Thanks!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:34 PM

Posted 27 May 2012 - 07:12 AM

OK thanks for letting me know

Thurs - fri :busy:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 intronic

intronic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 03 June 2012 - 05:44 PM

Hi, here are the two logs:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sidney :: AMDX2-PC [administrator]

5/24/2012 7:59:33 PM
mbam-log-2012-05-24 (19-59-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228270
Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:44:19 PM, on 6/3/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Notepad++\notepad++.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-21-2105289557-2070739655-2430133877-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2105289557-2070739655-2430133877-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
O4 - Startup: uTorrent.lnk = C:\Program Files (x86)\uTorrent\uTorrent.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O15 - Trusted Zone: *.line6.net
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google §o·saA°E (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 10775 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:34 PM

Posted 04 June 2012 - 10:24 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
      O4 - HKUS\S-1-5-21-2105289557-2070739655-2430133877-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-2105289557-2070739655-2430133877-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
      O4 - Startup: uTorrent.lnk = C:\Program Files (x86)\uTorrent\uTorrent.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:34 PM

Posted 07 June 2012 - 12:51 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 intronic

intronic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 07 June 2012 - 01:43 AM

Hi,

As I do not have internet explorer installed on this computer I actually cannot run the online scanner. When I click it, it asks me to use an offline version. Would that suffice? Thanks.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:34 PM

Posted 07 June 2012 - 02:38 AM

yes that would be fine


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users