Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

scotty the watchdog detected %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq


  • This topic is locked This topic is locked
15 replies to this topic

#1 pulse1

pulse1

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 29 May 2012 - 07:21 AM

Hi,
Today my computer spontaneously restarted.
I waited for it to restart, thinking it would just be due to an automatic update, but usually it displays an 'updated' message after that and no message came up..

Then after a minute or two, Scotty the watchdog (Winpatrol) asked me if I wanted to let %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq start on startup...
I did a quick google search and decided it looked like a virus and declined the most generous offer to have it start ;)

I then started poking around in my startup list and my processes and found mantispam.exe was running as a process, which I ended after googling.

So, here I am with my logs, any help you can give me will be greatly appreciated!

Please let me know what you want me to do next.

Kind regards and thanks,
Pulse1

P.s. My system is:

Dell Studio 1555 laptop
Windows Vista Home premium
intel core2 duo - 2gig ram
--------------------------------------------------------
----------------------------------------------------------------


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
Run by Admin at 18:21:12 on 2012-05-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2006.701 [GMT 10:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Server\Apache2\bin\httpd.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\dlcgcoms.exe
C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\Server\Apache2\bin\httpd.exe
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\PROGRA~1\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [NWEReboot]
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\admin\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{0EAD81D3-FF70-48B5-814F-DF3BBA289C0F} : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{13B7ADAB-D524-41BF-BE3A-88871FCE253C} : DhcpNameServer = 10.1.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\1dxugnjr.default\
FF - prefs.js: browser.startup.homepage - www.rmit.edu.au
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\users\admin\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-2-11 242240]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-15 11352]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2012-2-10 81920]
R2 Apache2.2;Apache2.2;c:\server\apache2\bin\httpd.exe [2012-1-28 20549]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-16 19968]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-4 27016]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-4 497280]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2011-11-4 36744]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2012-2-10 112128]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-6-20 212992]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-5-21 3663360]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\drivers\OA008Ufd.sys [2009-3-7 133632]
R3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\drivers\OA008Vid.sys [2009-5-7 274048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-11 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-1 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-11 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 129976]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-3 18432]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2011-8-19 26112]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-19 753504]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
.
=============== Created Last 30 ================
.
2012-05-29 08:04:52 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b229563c-c02a-4500-b292-597cc9d2ee55}\mpengine.dll
2012-05-29 03:02:21 -------- d-----w- c:\users\admin\appdata\roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-05-29 03:02:13 -------- d-----w- c:\program files\Adobe Download Assistant
2012-05-25 05:39:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-05-25 05:39:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-05-25 05:39:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-05-25 05:39:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-05-25 05:39:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-05-25 05:39:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-05-25 05:39:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-05-19 09:07:35 -------- d-----w- C:\Server
2012-05-10 00:00:22 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 00:00:22 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 00:00:22 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 00:00:22 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 00:00:22 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 00:00:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 00:00:12 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 00:00:11 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 23:58:31 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 23:58:20 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 23:58:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-05-09 23:58:14 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-09 23:58:13 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-05-09 23:58:12 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-09 23:58:12 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-09 23:58:11 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-09 23:58:10 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
.
==================== Find3M ====================
.
2012-05-29 08:14:53 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-05-05 12:56:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 12:56:10 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-18 10:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 10:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
.
============= FINISH: 18:23:24.47 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:47 PM

Posted 29 May 2012 - 11:46 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 pulse1

pulse1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 30 May 2012 - 04:16 AM

Thanks for your quick reply Gringo,
I've done as you say and didn't seem to have any problems running security check or combofix.

It's hard to know whether the computer is better because it was not necessarily slow before.

Combofix did announce that the computer is infected at one point...
Below is my security check log followed by my combofix log.
Thanks very much,
Pulse1



Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ZoneAlarm Extreme Security Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
JavaFX 2.0.3
JavaFX 2.0.3 SDK
Java™ 6 Update 31
Java™ 7 Update 3
Java™ SE Development Kit 7 Update 3
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.2)
Mozilla Firefox (12.0)
Mozilla Thunderbird (12.0.1)
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
WinPatrol winpatrol.exe
Windows Defender MSASCui.exe
BillP Studios WinPatrol WinPatrol.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````






ComboFix 12-05-30.02 - Admin 05/30/2012 18:39:51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2006.890 [GMT 10:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-30 08:57 . 2012-05-30 08:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-30 02:41 . 2012-05-30 02:41 -------- d-----w- c:\program files\MozBackup
2012-05-29 15:55 . 2012-05-29 15:55 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B229563C-C02A-4500-B292-597CC9D2EE55}\offreg.dll
2012-05-29 08:04 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B229563C-C02A-4500-B292-597CC9D2EE55}\mpengine.dll
2012-05-29 03:02 . 2012-05-29 03:02 -------- d-----w- c:\users\Admin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-05-29 03:02 . 2012-05-29 03:02 -------- d-----w- c:\program files\Adobe Download Assistant
2012-05-25 05:39 . 2012-05-25 05:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-25 05:39 . 2012-05-25 05:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-25 05:39 . 2012-05-25 05:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-25 05:39 . 2012-05-25 05:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-25 05:39 . 2012-05-25 05:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-25 05:39 . 2012-05-25 05:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-25 05:39 . 2012-05-25 05:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-05-25 05:38 . 2012-05-25 05:39 -------- d-----w- c:\program files\QuickTime
2012-05-19 09:07 . 2012-05-19 09:07 -------- d-----w- C:\Server
2012-05-10 00:00 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 00:00 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 00:00 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 00:00 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 00:00 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 00:00 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 00:00 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 00:00 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 23:58 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 23:58 . 2012-03-30 12:39 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 23:58 . 2012-03-29 13:39 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-05-09 23:58 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 23:58 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-09 23:58 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 23:58 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 23:58 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 23:58 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 08:47 . 2012-02-10 22:37 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-05-05 12:56 . 2012-04-06 00:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 12:56 . 2012-02-11 04:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-18 10:56 . 2012-04-18 10:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 10:56 . 2012-04-18 10:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-27 12:13 . 2012-02-10 21:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-31 1422632]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-19 73360]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-01-30 400480]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 11:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-01-24 13:19 3478336 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCGCATS]
2006-10-20 23:50 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcgtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcgmon.exe]
2007-01-12 19:53 431600 ----a-w- c:\program files\Dell AIO 810\DLCGmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-10 21:31 136176 ----atw- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-12 03:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-12 03:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-26 19:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 02:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-12 03:26 172568 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 10:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-28 22:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 18:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-11-19 04:19 483420 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-11-18 81920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 12:56]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-10 23:33]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-10 23:33]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1219938194-2884841555-1756696092-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 21:31]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1219938194-2884841555-1756696092-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1dxugnjr.default\
FF - prefs.js: browser.startup.homepage - www.rmit.edu.au
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISW - (no file)
HKLM-Run-NWEReboot - (no file)
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2800)
c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
c:\program files\CheckPoint\ZAForceField\IswSvc.exe
c:\server\Apache2\bin\httpd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\prey\platform\windows\cronsvc.exe
c:\server\Apache2\bin\httpd.exe
c:\windows\system32\dlcgcoms.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-05-30 19:08:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-30 09:07
.
Pre-Run: 223,671,971,840 bytes free
Post-Run: 224,887,230,464 bytes free
.
- - End Of File - - BEE71560DB35FC831225AE5DC432848A

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:47 PM

Posted 30 May 2012 - 07:14 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pulse1

pulse1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 30 May 2012 - 10:24 PM

Hi Gringo,
thanks for that,
I've done the scans you instructed me to do and I do feel like the computer is performing smoother and faster than it has in some time.

Below is the tdsskiller log followed by the aswmbr log.

Thanks again,
Pulse1



11:29:17.0043 4788 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
11:29:19.0056 4788 ============================================================
11:29:19.0056 4788 Current date / time: 2012/05/31 11:29:19.0056
11:29:19.0056 4788 SystemInfo:
11:29:19.0056 4788
11:29:19.0056 4788 OS Version: 6.0.6002 ServicePack: 2.0
11:29:19.0056 4788 Product type: Workstation
11:29:19.0056 4788 ComputerName: ADMIN-PC
11:29:19.0056 4788 UserName: Admin
11:29:19.0056 4788 Windows directory: C:\Windows
11:29:19.0056 4788 System windows directory: C:\Windows
11:29:19.0056 4788 Processor architecture: Intel x86
11:29:19.0056 4788 Number of processors: 2
11:29:19.0056 4788 Page size: 0x1000
11:29:19.0056 4788 Boot type: Normal boot
11:29:19.0056 4788 ============================================================
11:29:20.0491 4788 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:29:20.0491 4788 ============================================================
11:29:20.0491 4788 \Device\Harddisk0\DR0:
11:29:20.0491 4788 MBR partitions:
11:29:20.0491 4788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
11:29:20.0491 4788 ============================================================
11:29:20.0507 4788 C: <-> \Device\Harddisk0\DR0\Partition0
11:29:20.0507 4788 ============================================================
11:29:20.0507 4788 Initialize success
11:29:20.0507 4788 ============================================================
11:29:30.0662 1228 ============================================================
11:29:30.0662 1228 Scan started
11:29:30.0662 1228 Mode: Manual;
11:29:30.0662 1228 ============================================================
11:29:32.0253 1228 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:29:32.0253 1228 ACPI - ok
11:29:32.0347 1228 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:29:32.0378 1228 AdobeARMservice - ok
11:29:32.0472 1228 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:29:32.0472 1228 AdobeFlashPlayerUpdateSvc - ok
11:29:32.0550 1228 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:29:32.0597 1228 adp94xx - ok
11:29:32.0628 1228 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:29:32.0721 1228 adpahci - ok
11:29:32.0862 1228 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:29:32.0909 1228 adpu160m - ok
11:29:32.0940 1228 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:29:32.0955 1228 adpu320 - ok
11:29:32.0987 1228 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:29:33.0002 1228 AeLookupSvc - ok
11:29:33.0252 1228 AESTFilters (087b04ca45e2f059a55709b0b8f95ea9) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
11:29:33.0267 1228 AESTFilters - ok
11:29:33.0377 1228 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:29:33.0377 1228 AFD - ok
11:29:33.0408 1228 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:29:33.0439 1228 agp440 - ok
11:29:33.0455 1228 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:29:33.0486 1228 aic78xx - ok
11:29:33.0564 1228 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:29:33.0564 1228 ALG - ok
11:29:33.0579 1228 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:29:33.0595 1228 aliide - ok
11:29:33.0626 1228 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:29:33.0642 1228 amdagp - ok
11:29:33.0657 1228 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:29:33.0673 1228 amdide - ok
11:29:33.0673 1228 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:29:33.0689 1228 AmdK7 - ok
11:29:33.0720 1228 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:29:33.0735 1228 AmdK8 - ok
11:29:34.0079 1228 Apache2.2 (eb4e26ad3a0e681c2faabbacb0691a34) C:\Server\Apache2\bin\httpd.exe
11:29:34.0094 1228 Apache2.2 - ok
11:29:34.0141 1228 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:29:34.0157 1228 Appinfo - ok
11:29:34.0266 1228 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:29:34.0297 1228 Apple Mobile Device - ok
11:29:34.0344 1228 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:29:34.0359 1228 arc - ok
11:29:34.0406 1228 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:29:34.0422 1228 arcsas - ok
11:29:34.0437 1228 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:29:34.0453 1228 AsyncMac - ok
11:29:34.0484 1228 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:29:34.0484 1228 atapi - ok
11:29:34.0547 1228 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:29:34.0562 1228 AudioEndpointBuilder - ok
11:29:34.0562 1228 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:29:34.0578 1228 Audiosrv - ok
11:29:34.0640 1228 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:29:34.0640 1228 Beep - ok
11:29:34.0703 1228 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
11:29:34.0734 1228 BFE - ok
11:29:34.0827 1228 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
11:29:34.0843 1228 BITS - ok
11:29:34.0874 1228 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:29:34.0890 1228 blbdrive - ok
11:29:35.0030 1228 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:29:35.0077 1228 Bonjour Service - ok
11:29:35.0124 1228 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:29:35.0139 1228 bowser - ok
11:29:35.0171 1228 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:29:35.0202 1228 BrFiltLo - ok
11:29:35.0217 1228 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:29:35.0233 1228 BrFiltUp - ok
11:29:35.0264 1228 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:29:35.0280 1228 Browser - ok
11:29:35.0295 1228 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:29:35.0311 1228 Brserid - ok
11:29:35.0342 1228 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:29:35.0358 1228 BrSerWdm - ok
11:29:35.0373 1228 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:29:35.0389 1228 BrUsbMdm - ok
11:29:35.0405 1228 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:29:35.0420 1228 BrUsbSer - ok
11:29:35.0451 1228 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:29:35.0467 1228 BTHMODEM - ok
11:29:35.0498 1228 catchme - ok
11:29:35.0514 1228 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:29:35.0545 1228 cdfs - ok
11:29:35.0576 1228 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:29:35.0592 1228 cdrom - ok
11:29:35.0623 1228 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:29:35.0639 1228 CertPropSvc - ok
11:29:35.0779 1228 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:29:35.0795 1228 circlass - ok
11:29:35.0857 1228 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:29:35.0873 1228 CLFS - ok
11:29:35.0951 1228 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:29:35.0966 1228 clr_optimization_v2.0.50727_32 - ok
11:29:36.0029 1228 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:29:36.0044 1228 clr_optimization_v4.0.30319_32 - ok
11:29:36.0091 1228 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:29:36.0107 1228 CmBatt - ok
11:29:36.0138 1228 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:29:36.0153 1228 cmdide - ok
11:29:36.0169 1228 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:29:36.0185 1228 Compbatt - ok
11:29:36.0200 1228 COMSysApp - ok
11:29:36.0200 1228 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:29:36.0216 1228 crcdisk - ok
11:29:36.0278 1228 CronService (63a7739ac9c1e38589b3edb1daeb9df5) C:\Prey\platform\windows\cronsvc.exe
11:29:36.0309 1228 CronService - ok
11:29:36.0403 1228 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:29:36.0419 1228 Crusoe - ok
11:29:36.0465 1228 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
11:29:36.0481 1228 CryptSvc - ok
11:29:36.0606 1228 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:29:36.0621 1228 DcomLaunch - ok
11:29:36.0668 1228 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:29:36.0684 1228 DfsC - ok
11:29:36.0902 1228 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
11:29:36.0965 1228 DFSR - ok
11:29:37.0121 1228 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
11:29:37.0121 1228 Dhcp - ok
11:29:37.0199 1228 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:29:37.0214 1228 disk - ok
11:29:37.0245 1228 dlcg_device - ok
11:29:37.0292 1228 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
11:29:37.0308 1228 Dnscache - ok
11:29:37.0339 1228 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
11:29:37.0355 1228 dot3svc - ok
11:29:37.0401 1228 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
11:29:37.0401 1228 DPS - ok
11:29:37.0448 1228 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:29:37.0448 1228 drmkaud - ok
11:29:37.0511 1228 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:29:37.0542 1228 dtsoftbus01 - ok
11:29:37.0667 1228 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:29:37.0713 1228 DXGKrnl - ok
11:29:37.0745 1228 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:29:37.0760 1228 E1G60 - ok
11:29:37.0791 1228 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
11:29:37.0807 1228 EapHost - ok
11:29:37.0869 1228 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:29:37.0885 1228 Ecache - ok
11:29:37.0947 1228 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
11:29:37.0963 1228 ehRecvr - ok
11:29:37.0994 1228 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
11:29:37.0994 1228 ehSched - ok
11:29:38.0010 1228 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
11:29:38.0010 1228 ehstart - ok
11:29:38.0057 1228 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:29:38.0103 1228 elxstor - ok
11:29:38.0181 1228 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
11:29:38.0228 1228 EMDMgmt - ok
11:29:38.0244 1228 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:29:38.0259 1228 ErrDev - ok
11:29:38.0462 1228 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
11:29:38.0462 1228 EventSystem - ok
11:29:38.0509 1228 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:29:38.0540 1228 exfat - ok
11:29:38.0587 1228 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:29:38.0603 1228 fastfat - ok
11:29:38.0649 1228 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:29:38.0665 1228 fdc - ok
11:29:38.0681 1228 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
11:29:38.0696 1228 fdPHost - ok
11:29:38.0743 1228 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
11:29:38.0759 1228 FDResPub - ok
11:29:38.0774 1228 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:29:38.0790 1228 FileInfo - ok
11:29:38.0805 1228 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:29:38.0821 1228 Filetrace - ok
11:29:38.0837 1228 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:29:38.0852 1228 flpydisk - ok
11:29:38.0883 1228 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:29:38.0899 1228 FltMgr - ok
11:29:39.0273 1228 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
11:29:39.0305 1228 FontCache - ok
11:29:39.0367 1228 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:29:39.0383 1228 FontCache3.0.0.0 - ok
11:29:39.0414 1228 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
11:29:39.0429 1228 Fs_Rec - ok
11:29:39.0476 1228 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:29:39.0507 1228 gagp30kx - ok
11:29:39.0539 1228 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:29:39.0554 1228 GEARAspiWDM - ok
11:29:39.0632 1228 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
11:29:39.0679 1228 gpsvc - ok
11:29:39.0773 1228 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:29:39.0773 1228 gupdate - ok
11:29:39.0773 1228 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:29:39.0773 1228 gupdatem - ok
11:29:39.0819 1228 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
11:29:39.0851 1228 HdAudAddService - ok
11:29:39.0929 1228 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:29:40.0022 1228 HDAudBus - ok
11:29:40.0053 1228 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:29:40.0069 1228 HidBth - ok
11:29:40.0069 1228 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:29:40.0085 1228 HidIr - ok
11:29:40.0116 1228 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
11:29:40.0116 1228 hidserv - ok
11:29:40.0147 1228 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
11:29:40.0163 1228 HidUsb - ok
11:29:40.0194 1228 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
11:29:40.0209 1228 hkmsvc - ok
11:29:40.0225 1228 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:29:40.0241 1228 HpCISSs - ok
11:29:40.0319 1228 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
11:29:40.0381 1228 HTTP - ok
11:29:40.0412 1228 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:29:40.0428 1228 i2omp - ok
11:29:40.0459 1228 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:29:40.0475 1228 i8042prt - ok
11:29:40.0521 1228 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:29:40.0553 1228 iaStorV - ok
11:29:40.0646 1228 icsak (670ef65b025e10826c83e79cba252144) C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
11:29:40.0662 1228 icsak - ok
11:29:40.0740 1228 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:29:40.0755 1228 IDriverT - ok
11:29:40.0896 1228 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:29:40.0943 1228 idsvc - ok
11:29:41.0894 1228 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:29:42.0222 1228 igfx - ok
11:29:42.0409 1228 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:29:42.0440 1228 iirsp - ok
11:29:42.0487 1228 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
11:29:42.0518 1228 IKEEXT - ok
11:29:42.0581 1228 IntcHdmiAddService (8dab99684cfe8b4ddd5d6d0c5d55fdac) C:\Windows\system32\drivers\IntcHdmi.sys
11:29:42.0612 1228 IntcHdmiAddService - ok
11:29:42.0659 1228 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:29:42.0659 1228 intelide - ok
11:29:42.0705 1228 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:29:42.0705 1228 intelppm - ok
11:29:42.0752 1228 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
11:29:42.0752 1228 IPBusEnum - ok
11:29:42.0768 1228 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:29:42.0783 1228 IpFilterDriver - ok
11:29:42.0830 1228 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
11:29:42.0846 1228 iphlpsvc - ok
11:29:42.0846 1228 IpInIp - ok
11:29:42.0877 1228 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:29:42.0893 1228 IPMIDRV - ok
11:29:42.0924 1228 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:29:42.0955 1228 IPNAT - ok
11:29:43.0142 1228 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
11:29:43.0158 1228 iPod Service - ok
11:29:43.0189 1228 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:29:43.0189 1228 IRENUM - ok
11:29:43.0220 1228 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:29:43.0236 1228 isapnp - ok
11:29:43.0298 1228 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:29:43.0329 1228 iScsiPrt - ok
11:29:43.0376 1228 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
11:29:43.0392 1228 ISWKL - ok
11:29:43.0579 1228 IswSvc (5b2ccef06f96dfb22893ab8f0b3f891d) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
11:29:43.0595 1228 IswSvc - ok
11:29:43.0626 1228 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:29:43.0657 1228 iteatapi - ok
11:29:43.0673 1228 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:29:43.0704 1228 iteraid - ok
11:29:43.0735 1228 k57nd60x (e1d7dcbb8811f8be7784046d4dd3a837) C:\Windows\system32\DRIVERS\k57nd60x.sys
11:29:43.0766 1228 k57nd60x - ok
11:29:43.0797 1228 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:29:43.0813 1228 kbdclass - ok
11:29:43.0829 1228 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
11:29:43.0844 1228 kbdhid - ok
11:29:43.0860 1228 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:29:43.0875 1228 KeyIso - ok
11:29:43.0907 1228 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys
11:29:43.0938 1228 KL1 - ok
11:29:43.0953 1228 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys
11:29:43.0969 1228 kl2 - ok
11:29:44.0031 1228 KLIF (f5ca41f028b32118ccd69652a4c0141a) C:\Windows\system32\DRIVERS\klif.sys
11:29:44.0047 1228 KLIF - ok
11:29:44.0109 1228 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
11:29:44.0141 1228 KSecDD - ok
11:29:44.0203 1228 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
11:29:44.0234 1228 KtmRm - ok
11:29:44.0297 1228 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
11:29:44.0312 1228 LanmanServer - ok
11:29:44.0359 1228 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
11:29:44.0375 1228 LanmanWorkstation - ok
11:29:44.0421 1228 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:29:44.0453 1228 lltdio - ok
11:29:44.0499 1228 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
11:29:44.0531 1228 lltdsvc - ok
11:29:44.0546 1228 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
11:29:44.0562 1228 lmhosts - ok
11:29:44.0593 1228 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:29:44.0593 1228 LSI_FC - ok
11:29:44.0624 1228 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:29:44.0640 1228 LSI_SAS - ok
11:29:44.0655 1228 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:29:44.0671 1228 LSI_SCSI - ok
11:29:44.0687 1228 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:29:44.0702 1228 luafv - ok
11:29:44.0733 1228 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
11:29:44.0733 1228 Mcx2Svc - ok
11:29:44.0765 1228 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:29:44.0780 1228 megasas - ok
11:29:44.0843 1228 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:29:44.0889 1228 MegaSR - ok
11:29:44.0905 1228 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:29:44.0921 1228 MMCSS - ok
11:29:44.0936 1228 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:29:44.0952 1228 Modem - ok
11:29:44.0967 1228 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:29:44.0983 1228 monitor - ok
11:29:44.0999 1228 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:29:45.0014 1228 mouclass - ok
11:29:45.0030 1228 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:29:45.0030 1228 mouhid - ok
11:29:45.0045 1228 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:29:45.0061 1228 MountMgr - ok
11:29:45.0139 1228 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:29:45.0155 1228 MozillaMaintenance - ok
11:29:45.0201 1228 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:29:45.0217 1228 mpio - ok
11:29:45.0233 1228 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:29:45.0248 1228 mpsdrv - ok
11:29:45.0326 1228 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
11:29:45.0342 1228 MpsSvc - ok
11:29:45.0357 1228 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:29:45.0389 1228 Mraid35x - ok
11:29:45.0420 1228 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:29:45.0435 1228 MRxDAV - ok
11:29:45.0467 1228 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:29:45.0482 1228 mrxsmb - ok
11:29:45.0529 1228 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:29:45.0576 1228 mrxsmb10 - ok
11:29:45.0591 1228 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:29:45.0607 1228 mrxsmb20 - ok
11:29:45.0638 1228 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
11:29:45.0654 1228 msahci - ok
11:29:45.0685 1228 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:29:45.0716 1228 msdsm - ok
11:29:45.0732 1228 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
11:29:45.0747 1228 MSDTC - ok
11:29:45.0763 1228 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:29:45.0779 1228 Msfs - ok
11:29:45.0857 1228 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:29:45.0872 1228 msisadrv - ok
11:29:45.0903 1228 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
11:29:45.0919 1228 MSiSCSI - ok
11:29:45.0935 1228 msiserver - ok
11:29:45.0966 1228 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:29:45.0981 1228 MSKSSRV - ok
11:29:45.0981 1228 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:29:45.0997 1228 MSPCLOCK - ok
11:29:46.0028 1228 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:29:46.0044 1228 MSPQM - ok
11:29:46.0091 1228 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:29:46.0106 1228 MsRPC - ok
11:29:46.0137 1228 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:29:46.0153 1228 mssmbios - ok
11:29:46.0169 1228 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:29:46.0184 1228 MSTEE - ok
11:29:46.0200 1228 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:29:46.0215 1228 Mup - ok
11:29:46.0278 1228 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
11:29:46.0278 1228 napagent - ok
11:29:46.0340 1228 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:29:46.0356 1228 NativeWifiP - ok
11:29:46.0418 1228 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:29:46.0465 1228 NDIS - ok
11:29:46.0481 1228 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:29:46.0496 1228 NdisTapi - ok
11:29:46.0512 1228 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:29:46.0527 1228 Ndisuio - ok
11:29:46.0574 1228 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:29:46.0605 1228 NdisWan - ok
11:29:46.0637 1228 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:29:46.0652 1228 NDProxy - ok
11:29:46.0683 1228 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
11:29:46.0699 1228 Netaapl - ok
11:29:46.0715 1228 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:29:46.0730 1228 NetBIOS - ok
11:29:46.0777 1228 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:29:46.0808 1228 netbt - ok
11:29:46.0839 1228 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:29:46.0839 1228 Netlogon - ok
11:29:46.0886 1228 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
11:29:46.0902 1228 Netman - ok
11:29:46.0949 1228 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
11:29:46.0964 1228 netprofm - ok
11:29:47.0042 1228 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:29:47.0042 1228 NetTcpPortSharing - ok
11:29:47.0479 1228 NETw5v32 (0b214c6a4728f085fb64a29ed9c4de94) C:\Windows\system32\DRIVERS\NETw5v32.sys
11:29:47.0604 1228 NETw5v32 - ok
11:29:47.0822 1228 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:29:47.0853 1228 nfrd960 - ok
11:29:47.0900 1228 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
11:29:47.0900 1228 NlaSvc - ok
11:29:47.0931 1228 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:29:47.0947 1228 Npfs - ok
11:29:47.0947 1228 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
11:29:47.0963 1228 nsi - ok
11:29:47.0978 1228 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:29:47.0994 1228 nsiproxy - ok
11:29:48.0134 1228 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:29:48.0212 1228 Ntfs - ok
11:29:48.0243 1228 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:29:48.0259 1228 ntrigdigi - ok
11:29:48.0275 1228 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:29:48.0290 1228 Null - ok
11:29:48.0321 1228 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:29:48.0353 1228 nvraid - ok
11:29:48.0368 1228 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:29:48.0384 1228 nvstor - ok
11:29:48.0399 1228 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:29:48.0431 1228 nv_agp - ok
11:29:48.0431 1228 NwlnkFlt - ok
11:29:48.0431 1228 NwlnkFwd - ok
11:29:48.0477 1228 OA008Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA008Ufd.sys
11:29:48.0509 1228 OA008Ufd - ok
11:29:48.0540 1228 OA008Vid (417649baa9084e879b110e78aad929f9) C:\Windows\system32\DRIVERS\OA008Vid.sys
11:29:48.0571 1228 OA008Vid - ok
11:29:48.0618 1228 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
11:29:48.0633 1228 ohci1394 - ok
11:29:48.0680 1228 OracleJobSchedulerXE - ok
11:29:48.0696 1228 OracleMTSRecoveryService - ok
11:29:48.0711 1228 OracleServiceXE - ok
11:29:48.0727 1228 OracleXEClrAgent - ok
11:29:48.0789 1228 OracleXETNSListener (8af936ce45788974efff7d0f19143583) C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
11:29:48.0836 1228 OracleXETNSListener - ok
11:29:48.0899 1228 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:29:48.0945 1228 p2pimsvc - ok
11:29:48.0945 1228 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:29:48.0961 1228 p2psvc - ok
11:29:48.0992 1228 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:29:49.0008 1228 Parport - ok
11:29:49.0039 1228 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
11:29:49.0055 1228 partmgr - ok
11:29:49.0055 1228 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:29:49.0070 1228 Parvdm - ok
11:29:49.0086 1228 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
11:29:49.0101 1228 PcaSvc - ok
11:29:49.0148 1228 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:29:49.0164 1228 pci - ok
11:29:49.0179 1228 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:29:49.0195 1228 pciide - ok
11:29:49.0226 1228 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:29:49.0242 1228 pcmcia - ok
11:29:49.0335 1228 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:29:49.0398 1228 PEAUTH - ok
11:29:49.0569 1228 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
11:29:49.0647 1228 pla - ok
11:29:49.0819 1228 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
11:29:49.0835 1228 PlugPlay - ok
11:29:49.0928 1228 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:29:49.0928 1228 PNRPAutoReg - ok
11:29:49.0944 1228 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:29:49.0959 1228 PNRPsvc - ok
11:29:50.0022 1228 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
11:29:50.0053 1228 PolicyAgent - ok
11:29:50.0115 1228 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:29:50.0131 1228 PptpMiniport - ok
11:29:50.0162 1228 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:29:50.0178 1228 Processor - ok
11:29:50.0209 1228 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
11:29:50.0240 1228 ProfSvc - ok
11:29:50.0256 1228 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:29:50.0256 1228 ProtectedStorage - ok
11:29:50.0303 1228 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:29:50.0303 1228 PSched - ok
11:29:50.0443 1228 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:29:50.0537 1228 ql2300 - ok
11:29:50.0552 1228 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:29:50.0583 1228 ql40xx - ok
11:29:50.0630 1228 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
11:29:50.0646 1228 QWAVE - ok
11:29:50.0677 1228 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:29:50.0693 1228 QWAVEdrv - ok
11:29:50.0708 1228 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:29:50.0724 1228 RasAcd - ok
11:29:50.0739 1228 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
11:29:50.0739 1228 RasAuto - ok
11:29:50.0755 1228 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:29:50.0786 1228 Rasl2tp - ok
11:29:50.0817 1228 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
11:29:50.0849 1228 RasMan - ok
11:29:50.0864 1228 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:29:50.0880 1228 RasPppoe - ok
11:29:50.0895 1228 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:29:50.0911 1228 RasSstp - ok
11:29:50.0942 1228 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:29:50.0989 1228 rdbss - ok
11:29:51.0020 1228 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:29:51.0036 1228 RDPCDD - ok
11:29:51.0083 1228 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:29:51.0098 1228 rdpdr - ok
11:29:51.0114 1228 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:29:51.0129 1228 RDPENCDD - ok
11:29:51.0176 1228 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
11:29:51.0192 1228 RDPWD - ok
11:29:51.0254 1228 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
11:29:51.0270 1228 RemoteAccess - ok
11:29:51.0301 1228 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
11:29:51.0317 1228 RemoteRegistry - ok
11:29:51.0363 1228 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\Windows\system32\DRIVERS\rimmptsk.sys
11:29:51.0379 1228 rimmptsk - ok
11:29:51.0395 1228 rimsptsk (d7e09bc852684a7b1fc0f74fe090d45a) C:\Windows\system32\DRIVERS\rimsptsk.sys
11:29:51.0410 1228 rimsptsk - ok
11:29:51.0441 1228 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
11:29:51.0457 1228 rismxdp - ok
11:29:51.0473 1228 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
11:29:51.0473 1228 RpcLocator - ok
11:29:51.0535 1228 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:29:51.0551 1228 RpcSs - ok
11:29:51.0582 1228 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:29:51.0597 1228 rspndr - ok
11:29:51.0629 1228 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:29:51.0629 1228 SamSs - ok
11:29:51.0660 1228 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:29:51.0675 1228 sbp2port - ok
11:29:51.0707 1228 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
11:29:51.0722 1228 SCardSvr - ok
11:29:51.0785 1228 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
11:29:51.0816 1228 Schedule - ok
11:29:51.0831 1228 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:29:51.0831 1228 SCPolicySvc - ok
11:29:51.0878 1228 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
11:29:51.0894 1228 sdbus - ok
11:29:51.0925 1228 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
11:29:51.0941 1228 SDRSVC - ok
11:29:51.0956 1228 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:29:51.0972 1228 secdrv - ok
11:29:51.0987 1228 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
11:29:52.0003 1228 seclogon - ok
11:29:52.0034 1228 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
11:29:52.0034 1228 SENS - ok
11:29:52.0050 1228 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:29:52.0065 1228 Serenum - ok
11:29:52.0081 1228 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:29:52.0097 1228 Serial - ok
11:29:52.0112 1228 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:29:52.0112 1228 sermouse - ok
11:29:52.0143 1228 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
11:29:52.0159 1228 SessionEnv - ok
11:29:52.0159 1228 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
11:29:52.0175 1228 sffdisk - ok
11:29:52.0190 1228 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:29:52.0206 1228 sffp_mmc - ok
11:29:52.0253 1228 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:29:52.0268 1228 sffp_sd - ok
11:29:52.0268 1228 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:29:52.0284 1228 sfloppy - ok
11:29:52.0315 1228 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
11:29:52.0346 1228 SharedAccess - ok
11:29:52.0377 1228 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
11:29:52.0409 1228 ShellHWDetection - ok
11:29:52.0440 1228 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:29:52.0455 1228 sisagp - ok
11:29:52.0455 1228 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:29:52.0471 1228 SiSRaid2 - ok
11:29:52.0502 1228 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:29:52.0518 1228 SiSRaid4 - ok
11:29:52.0580 1228 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files\Skype\Updater\Updater.exe
11:29:52.0580 1228 SkypeUpdate - ok
11:29:52.0923 1228 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
11:29:53.0157 1228 slsvc - ok
11:29:53.0298 1228 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
11:29:53.0313 1228 SLUINotify - ok
11:29:53.0360 1228 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:29:53.0376 1228 Smb - ok
11:29:53.0423 1228 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
11:29:53.0438 1228 SNMPTRAP - ok
11:29:53.0469 1228 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:29:53.0485 1228 spldr - ok
11:29:53.0516 1228 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
11:29:53.0547 1228 Spooler - ok
11:29:53.0610 1228 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:29:53.0641 1228 srv - ok
11:29:53.0672 1228 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:29:53.0688 1228 srv2 - ok
11:29:53.0735 1228 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:29:53.0766 1228 srvnet - ok
11:29:53.0813 1228 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
11:29:53.0828 1228 SSDPSRV - ok
11:29:53.0875 1228 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
11:29:53.0906 1228 SstpSvc - ok
11:29:54.0031 1228 STacSV (cb2449150a5ea17caa0b94363d9440cc) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
11:29:54.0062 1228 STacSV - ok
11:29:54.0156 1228 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
11:29:54.0203 1228 STHDA - ok
11:29:54.0281 1228 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
11:29:54.0312 1228 stisvc - ok
11:29:54.0343 1228 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:29:54.0359 1228 swenum - ok
11:29:54.0405 1228 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
11:29:54.0437 1228 swprv - ok
11:29:54.0452 1228 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:29:54.0483 1228 Symc8xx - ok
11:29:54.0499 1228 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:29:54.0515 1228 Sym_hi - ok
11:29:54.0530 1228 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:29:54.0561 1228 Sym_u3 - ok
11:29:54.0608 1228 SynTP (fb86fdd993a6a0122a2f526221e5161f) C:\Windows\system32\DRIVERS\SynTP.sys
11:29:54.0639 1228 SynTP - ok
11:29:54.0717 1228 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
11:29:54.0749 1228 SysMain - ok
11:29:54.0795 1228 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
11:29:54.0795 1228 TabletInputService - ok
11:29:54.0858 1228 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
11:29:54.0873 1228 TapiSrv - ok
11:29:54.0905 1228 tapoas (827c8058c284ff0013e4462efe2591a3) C:\Windows\system32\DRIVERS\tapoas.sys
11:29:54.0920 1228 tapoas - ok
11:29:54.0951 1228 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
11:29:54.0967 1228 TBS - ok
11:29:55.0061 1228 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
11:29:55.0123 1228 Tcpip - ok
11:29:55.0154 1228 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
11:29:55.0154 1228 Tcpip6 - ok
11:29:55.0217 1228 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
11:29:55.0232 1228 tcpipreg - ok
11:29:55.0248 1228 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:29:55.0263 1228 TDPIPE - ok
11:29:55.0295 1228 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:29:55.0310 1228 TDTCP - ok
11:29:55.0341 1228 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:29:55.0357 1228 tdx - ok
11:29:55.0404 1228 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:29:55.0419 1228 TermDD - ok
11:29:55.0497 1228 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
11:29:55.0529 1228 TermService - ok
11:29:55.0575 1228 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
11:29:55.0575 1228 Themes - ok
11:29:55.0622 1228 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:29:55.0622 1228 THREADORDER - ok
11:29:55.0653 1228 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
11:29:55.0669 1228 TrkWks - ok
11:29:55.0700 1228 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
11:29:55.0716 1228 TrustedInstaller - ok
11:29:55.0747 1228 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:29:55.0763 1228 tssecsrv - ok
11:29:55.0778 1228 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:29:55.0794 1228 tunmp - ok
11:29:55.0825 1228 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
11:29:55.0856 1228 tunnel - ok
11:29:55.0887 1228 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:29:55.0903 1228 uagp35 - ok
11:29:55.0934 1228 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:29:55.0965 1228 udfs - ok
11:29:56.0012 1228 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
11:29:56.0028 1228 UI0Detect - ok
11:29:56.0043 1228 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:29:56.0075 1228 uliagpkx - ok
11:29:56.0106 1228 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:29:56.0137 1228 uliahci - ok
11:29:56.0153 1228 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:29:56.0168 1228 UlSata - ok
11:29:56.0199 1228 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:29:56.0231 1228 ulsata2 - ok
11:29:56.0246 1228 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:29:56.0262 1228 umbus - ok
11:29:56.0309 1228 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
11:29:56.0324 1228 upnphost - ok
11:29:56.0371 1228 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
11:29:56.0387 1228 USBAAPL - ok
11:29:56.0433 1228 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:29:56.0449 1228 usbccgp - ok
11:29:56.0480 1228 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:29:56.0496 1228 usbcir - ok
11:29:56.0527 1228 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:29:56.0543 1228 usbehci - ok
11:29:56.0574 1228 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:29:56.0605 1228 usbhub - ok
11:29:56.0621 1228 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:29:56.0636 1228 usbohci - ok
11:29:56.0667 1228 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:29:56.0683 1228 usbprint - ok
11:29:56.0714 1228 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
11:29:56.0730 1228 usbscan - ok
11:29:56.0761 1228 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:29:56.0777 1228 USBSTOR - ok
11:29:56.0823 1228 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:29:56.0839 1228 usbuhci - ok
11:29:56.0870 1228 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:29:56.0901 1228 usbvideo - ok
11:29:56.0917 1228 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
11:29:56.0948 1228 UxSms - ok
11:29:56.0995 1228 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
11:29:57.0026 1228 vds - ok
11:29:57.0073 1228 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:29:57.0073 1228 vga - ok
11:29:57.0104 1228 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:29:57.0120 1228 VgaSave - ok
11:29:57.0135 1228 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:29:57.0151 1228 viaagp - ok
11:29:57.0167 1228 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:29:57.0182 1228 ViaC7 - ok
11:29:57.0198 1228 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:29:57.0213 1228 viaide - ok
11:29:57.0229 1228 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:29:57.0245 1228 volmgr - ok
11:29:57.0323 1228 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:29:57.0354 1228 volmgrx - ok
11:29:57.0401 1228 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:29:57.0416 1228 volsnap - ok
11:29:57.0494 1228 Vsdatant (6983d0bcac64c2d7460c2125f804f118) C:\Windows\system32\DRIVERS\vsdatant.sys
11:29:57.0525 1228 Vsdatant - ok
11:29:57.0588 1228 vsmon - ok
11:29:57.0619 1228 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:29:57.0650 1228 vsmraid - ok
11:29:57.0775 1228 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
11:29:57.0822 1228 VSS - ok
11:29:57.0884 1228 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
11:29:57.0915 1228 W32Time - ok
11:29:57.0993 1228 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:29:58.0009 1228 WacomPen - ok
11:29:58.0025 1228 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:29:58.0040 1228 Wanarp - ok
11:29:58.0056 1228 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:29:58.0056 1228 Wanarpv6 - ok
11:29:58.0165 1228 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
11:29:58.0181 1228 wcncsvc - ok
11:29:58.0212 1228 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
11:29:58.0212 1228 WcsPlugInService - ok
11:29:58.0243 1228 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:29:58.0259 1228 Wd - ok
11:29:58.0321 1228 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:29:58.0399 1228 Wdf01000 - ok
11:29:58.0430 1228 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:29:58.0446 1228 WdiServiceHost - ok
11:29:58.0446 1228 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:29:58.0446 1228 WdiSystemHost - ok
11:29:58.0493 1228 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
11:29:58.0524 1228 WebClient - ok
11:29:58.0571 1228 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
11:29:58.0586 1228 Wecsvc - ok
11:29:58.0617 1228 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
11:29:58.0617 1228 wercplsupport - ok
11:29:58.0664 1228 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
11:29:58.0680 1228 WerSvc - ok
11:29:58.0773 1228 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
11:29:58.0789 1228 WinDefend - ok
11:29:58.0789 1228 WinHttpAutoProxySvc - ok
11:29:58.0867 1228 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
11:29:58.0867 1228 Winmgmt - ok
11:29:59.0257 1228 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
11:29:59.0304 1228 WinRM - ok
11:29:59.0397 1228 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
11:29:59.0413 1228 Wlansvc - ok
11:29:59.0475 1228 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:29:59.0491 1228 WmiAcpi - ok
11:29:59.0569 1228 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
11:29:59.0569 1228 wmiApSrv - ok
11:29:59.0709 1228 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:29:59.0741 1228 WMPNetworkSvc - ok
11:29:59.0772 1228 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
11:29:59.0787 1228 WPCSvc - ok
11:29:59.0850 1228 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
11:29:59.0865 1228 WPDBusEnum - ok
11:29:59.0928 1228 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
11:29:59.0943 1228 WpdUsb - ok
11:30:00.0068 1228 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:30:00.0099 1228 WPFFontCache_v0400 - ok
11:30:00.0131 1228 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:30:00.0131 1228 ws2ifsl - ok
11:30:00.0162 1228 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
11:30:00.0193 1228 wscsvc - ok
11:30:00.0193 1228 WSearch - ok
11:30:00.0411 1228 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
11:30:00.0458 1228 wuauserv - ok
11:30:00.0630 1228 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:30:00.0645 1228 WUDFRd - ok
11:30:00.0677 1228 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
11:30:00.0692 1228 wudfsvc - ok
11:30:00.0723 1228 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:30:01.0347 1228 \Device\Harddisk0\DR0 - ok
11:30:01.0363 1228 Boot (0x1200) (9444ab1eb9ab5f88944169d78715e7ba) \Device\Harddisk0\DR0\Partition0
11:30:01.0363 1228 \Device\Harddisk0\DR0\Partition0 - ok
11:30:01.0363 1228 ============================================================
11:30:01.0363 1228 Scan finished
11:30:01.0363 1228 ============================================================
11:30:01.0379 5592 Detected object count: 0
11:30:01.0379 5592 Actual detected object count: 0






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-31 12:07:47
-----------------------------
12:07:47.374 OS Version: Windows 6.0.6002 Service Pack 2
12:07:47.374 Number of processors: 2 586 0x170A
12:07:47.374 ComputerName: ADMIN-PC UserName: Admin
12:08:21.777 Initialize success
12:08:36.270 AVAST engine defs: 12053002
12:08:47.549 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:08:47.564 Disk 0 Vendor: ST9500325AS 0001SDM1 Size: 476940MB BusType: 3
12:08:47.564 Disk 0 MBR read successfully
12:08:47.564 Disk 0 MBR scan
12:08:47.580 Disk 0 Windows VISTA default MBR code
12:08:47.595 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
12:08:47.595 Disk 0 scanning sectors +976771072
12:08:47.751 Disk 0 scanning C:\Windows\system32\drivers
12:09:06.003 Service scanning
12:09:41.322 Modules scanning
12:10:06.360 Disk 0 trace - called modules:
12:10:06.375 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
12:10:06.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861c4370]
12:10:06.391 3 CLASSPNP.SYS[8896c8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851eab98]
12:10:33.285 AVAST engine scan C:\Windows
12:10:42.755 AVAST engine scan C:\Windows\system32
12:16:49.610 AVAST engine scan C:\Windows\system32\drivers
12:17:46.490 AVAST engine scan C:\Users\Admin
12:55:23.456 AVAST engine scan C:\ProgramData
13:02:43.325 Scan finished successfully
13:20:31.901 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\Bleeping Computer\MBR.dat"
13:20:31.917 The log file has been saved successfully to "C:\Users\Admin\Desktop\Bleeping Computer\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:47 PM

Posted 30 May 2012 - 10:34 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pulse1

pulse1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 30 May 2012 - 11:14 PM

Hi Gringo,

I dragged the script file onto combofix and soon after, Zonealarm presented a message:
------------------------------
Handle viewer is trying to install a driver and gain full access to OS

Allow or Deny
-------------------------------
I haven't responded yet.

Is this related to combofix?
Should I allow this to happen?

Thanks,
Pulse1

#8 pulse1

pulse1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 31 May 2012 - 12:45 AM

In regards to my post above, I ended up pressing 'deny' on zonealarm.
Then combofix asked me to turn zonealarm off anyhow.
Combofix had been idle all that time so I'm assuming it was waiting on zonealarm to make a decision.
So I turned zone alarm off and combofix ran.

During the scan, a dialog appeared, asking me if I wanted to make my new Internet Explorer homepage a particular site.
I pressed Prnt Scrn so I could show you the dialog but combofix restarted the computer so I lost the Prnt Scrn data.

Upon restarting, I noticed there are now two shortcuts on my desktop to Internet Explorer.
The new one is simply titled 'The Internet' :)
So it looks like there is still some suspicious behaviour going on on my machine.

Here is the log from combofix


ComboFix 12-05-30.02 - Admin 05/31/2012 15:15:40.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2006.833 [GMT 10:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFScript.txt
AV: ZoneAlarm Extreme Security Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2012-05-31 05:28 . 2012-05-31 05:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-30 09:08 . 2012-05-31 05:28 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-05-30 02:41 . 2012-05-30 02:41 -------- d-----w- c:\program files\MozBackup
2012-05-29 15:55 . 2012-05-29 15:55 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B229563C-C02A-4500-B292-597CC9D2EE55}\offreg.dll
2012-05-29 08:04 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B229563C-C02A-4500-B292-597CC9D2EE55}\mpengine.dll
2012-05-29 03:02 . 2012-05-29 03:02 -------- d-----w- c:\users\Admin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-05-29 03:02 . 2012-05-29 03:02 -------- d-----w- c:\program files\Adobe Download Assistant
2012-05-25 05:39 . 2012-05-25 05:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-25 05:39 . 2012-05-25 05:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-25 05:39 . 2012-05-25 05:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-25 05:39 . 2012-05-25 05:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-25 05:39 . 2012-05-25 05:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-25 05:39 . 2012-05-25 05:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-25 05:39 . 2012-05-25 05:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-05-25 05:38 . 2012-05-25 05:39 -------- d-----w- c:\program files\QuickTime
2012-05-19 09:07 . 2012-05-19 09:07 -------- d-----w- C:\Server
2012-05-10 00:00 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 00:00 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 00:00 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 00:00 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 00:00 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 00:00 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 00:00 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 00:00 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 23:58 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 23:58 . 2012-03-30 12:39 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 23:58 . 2012-03-29 13:39 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-05-09 23:58 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 23:58 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-09 23:58 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 23:58 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 23:58 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 23:58 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 05:18 . 2012-02-10 22:37 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-05-05 12:56 . 2012-04-06 00:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 12:56 . 2012-02-11 04:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-18 10:56 . 2012-04-18 10:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 10:56 . 2012-04-18 10:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-27 12:13 . 2012-02-10 21:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-31 1422632]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-19 73360]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-01-30 400480]
"ISW"="" [BU]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 11:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-01-24 13:19 3478336 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCGCATS]
2006-10-20 23:50 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcgtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcgmon.exe]
2007-01-12 19:53 431600 ----a-w- c:\program files\Dell AIO 810\DLCGmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-10 21:31 136176 ----atw- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-12 03:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-12 03:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-26 19:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 02:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-12 03:26 172568 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 10:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-28 22:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 18:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-11-19 04:19 483420 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-11-18 81920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 12:56]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-10 23:33]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-10 23:33]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1219938194-2884841555-1756696092-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 21:31]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1219938194-2884841555-1756696092-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1dxugnjr.default\
FF - prefs.js: browser.startup.homepage - www.rmit.edu.au
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-31 15:28
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(680)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
.
- - - - - - - > 'csrss.exe'(576)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
- - - - - - - > 'csrss.exe'(632)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
Completion time: 2012-05-31 15:32:29
ComboFix-quarantined-files.txt 2012-05-31 05:32
ComboFix2.txt 2012-05-30 09:08
.
Pre-Run: 224,079,167,488 bytes free
Post-Run: 223,262,400,512 bytes free
.
- - End Of File - - E3EEB5F92A73BFE558E6568394D4A71D

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:47 PM

Posted 31 May 2012 - 01:14 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 31
Java™ 7 Update 3
Java™ SE Development Kit 7 Update 3
JavaFX 2.0.3
JavaFX 2.0.3 SDK
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 pulse1

pulse1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 31 May 2012 - 05:06 AM

Hi Gringo,
I've done all the things you've instructed and I can't see anything abnormal about the computer at this stage...
Here are the logs from MBam and Hijack this
Cheers,
Pulse1


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.31.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ADMIN-PC [administrator]

5/31/2012 7:42:30 PM
mbam-log-2012-05-31 (19-42-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197995
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:01:23 PM, on 5/31/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Startup: Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Server\Apache2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: dlcg_device - - C:\Windows\system32\dlcgcoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

--
End of file - 6356 bytes

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:47 PM

Posted 31 May 2012 - 07:25 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - Startup: Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 pulse1

pulse1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 01 June 2012 - 12:50 AM

Hi Gringo,
thanks for that, I ended up leaving dropbox as a startup program because it's an integral part of my university study system.

I ran the eset scan and it found a threat...
here's what it found...
Cheers,
Pulse1



C:\Users\Admin\Downloads\DTLite4452-0287.exe Win32/OpenCandy application

Edited by pulse1, 01 June 2012 - 12:50 AM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:47 PM

Posted 01 June 2012 - 01:22 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Admin\Downloads\DTLite4452-0287.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 pulse1

pulse1
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 01 June 2012 - 02:01 AM

Thanks very much Gringo!!

I don't know where I'd be without you!

You're the man! :thumbup2:

Pulse1

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:47 PM

Posted 01 June 2012 - 09:23 AM

you are more than welcome and glad i was able to help


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users