Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Audio Ads Playing In Background Zero Access


  • This topic is locked This topic is locked
15 replies to this topic

#1 bannabop

bannabop

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 29 May 2012 - 11:37 PM

I was told to post in this forum. I apparently have the Zero Access Virus.

I have followed the steps taken as instructed before posting. I attached my logs since the post would not go through since it was to big. My GMER log could not be posted or attached as it was too big. Is there any alternative means of posting it?

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 29 May 2012 - 11:40 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bannabop

bannabop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 01 June 2012 - 09:09 PM

The ads appear to no longer be playing :)




ComboFix 12-05-30.04 - user 31/05/2012 1:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3062.1983 [GMT -4:00]
Running from: c:\users\user\Downloads\ComboFix.exe
AV: Windows Live OneCare *Disabled/Outdated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
FW: Windows Live OneCare *Enabled* {87676AF9-B8BC-7418-1F63-59FBEF2E291D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Live OneCare *Disabled/Outdated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\user\AppData\Local\assembly\tmp
c:\windows\$NtUninstallKB44451$
c:\windows\$NtUninstallKB44451$\2120197514
c:\windows\$NtUninstallKB44451$\58044118\@
c:\windows\$NtUninstallKB44451$\58044118\cfg.ini
c:\windows\$NtUninstallKB44451$\58044118\Desktop.ini
c:\windows\$NtUninstallKB44451$\58044118\L\qnbwvoto
c:\windows\$NtUninstallKB44451$\58044118\oemid
c:\windows\$NtUninstallKB44451$\58044118\U\00000001.@
c:\windows\$NtUninstallKB44451$\58044118\U\00000002.@
c:\windows\$NtUninstallKB44451$\58044118\U\00000004.@
c:\windows\$NtUninstallKB44451$\58044118\U\80000000.@
c:\windows\$NtUninstallKB44451$\58044118\U\80000004.@
c:\windows\$NtUninstallKB44451$\58044118\U\80000032.@
c:\windows\$NtUninstallKB44451$\58044118\version
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\3pUam.vbs
c:\windows\system32\3vx0Pci.vbs
c:\windows\system32\ALpieg5J5ht3U.vbs
c:\windows\system32\bfiG1k1.vbs
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\DHb4Z.vbs
c:\windows\system32\DZpRHNQdbvE6R.vbs
c:\windows\system32\iQSMM57.vbs
c:\windows\system32\KijQM.vbs
c:\windows\system32\l5KzD7uiXxEiHyj.vbs
c:\windows\system32\UXWGnNI.vbs
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2012-05-31 06:00 . 2012-05-31 06:05 -------- d-----w- c:\users\user\AppData\Local\temp
2012-05-31 06:00 . 2012-05-31 06:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-19 02:10 . 2012-05-19 02:10 -------- d-----w- C:\avast! sandbox
2012-05-17 05:10 . 2012-05-17 05:10 -------- d-----w- c:\programdata\AVAST Software
2012-05-17 05:10 . 2012-05-17 05:10 -------- d-----w- c:\program files\AVAST Software
2012-05-16 05:04 . 2012-05-16 05:04 -------- d-----w- c:\users\user\AppData\Roaming\Toshiba
2012-05-16 04:34 . 2012-05-16 04:34 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-15 01:41 . 2012-05-15 01:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Conduit
2012-05-14 17:44 . 2012-05-14 17:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2012-05-14 17:40 . 2012-05-14 17:40 -------- d-----w- c:\users\SYSTEM
2012-05-14 01:22 . 2012-05-14 01:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2012-05-14 01:22 . 2012-05-14 01:22 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 07:01 . 2010-12-27 19:57 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-04-04 19:56 . 2011-04-14 04:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 23:39 . 2012-03-31 23:39 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-31 23:39 . 2012-03-31 23:39 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-31 23:39 . 2012-03-31 23:39 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-31 23:39 . 2012-03-31 23:39 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-31 23:39 . 2012-03-31 23:39 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-31 23:39 . 2012-03-31 23:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-31 23:39 . 2012-03-31 23:39 367104 ----a-w- c:\windows\system32\html.iec
2012-03-31 23:39 . 2012-03-31 23:39 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-31 23:39 . 2012-03-31 23:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-31 23:39 . 2012-03-31 23:39 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-31 23:39 . 2012-03-31 23:39 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-31 23:39 . 2012-03-31 23:39 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-31 23:39 . 2012-03-31 23:39 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-31 23:39 . 2012-03-31 23:39 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-31 23:39 . 2012-03-31 23:39 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-31 23:39 . 2012-03-31 23:39 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-31 23:39 . 2012-03-31 23:39 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-31 23:39 . 2012-03-31 23:39 98816 ----a-w- c:\windows\system32\mfps.dll
2012-03-31 23:39 . 2012-03-31 23:39 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-03-31 23:39 . 2012-03-31 23:39 586240 ----a-w- c:\windows\system32\stobject.dll
2012-03-31 23:39 . 2012-03-31 23:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-03-31 23:39 . 2012-03-31 23:39 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-03-31 23:39 . 2012-03-31 23:39 2873344 ----a-w- c:\windows\system32\mf.dll
2012-03-31 23:39 . 2012-03-31 23:39 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-31 23:39 . 2012-03-31 23:39 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-03-31 23:39 . 2012-03-31 23:39 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-31 23:39 . 2012-03-31 23:39 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-03-31 23:39 . 2012-03-31 23:39 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-03-31 23:39 . 2012-03-31 23:39 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-03-31 23:39 . 2012-03-31 23:39 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-03-31 23:39 . 2012-03-31 23:39 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-03-31 23:39 . 2012-03-31 23:39 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-03-31 23:39 . 2012-03-31 23:39 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-31 23:39 . 2012-03-31 23:39 37376 ----a-w- c:\windows\system32\cdd.dll
2012-03-31 23:39 . 2012-03-31 23:39 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-03-31 23:39 . 2012-03-31 23:39 258048 ----a-w- c:\windows\system32\winspool.drv
2012-03-31 23:39 . 2012-03-31 23:39 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-03-31 23:38 . 2012-03-31 23:38 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-03-31 23:38 . 2012-03-31 23:38 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-31 23:38 . 2012-03-31 23:38 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-03-31 23:38 . 2012-03-31 23:38 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-03-31 23:38 . 2012-03-31 23:38 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-31 23:38 . 2012-03-31 23:38 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-03-31 23:38 . 2012-03-31 23:38 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-03-31 23:38 . 2012-03-31 23:38 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-09-27 77824]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"iPodConverterSuite_upgrade"="c:\program files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" [2008-06-17 842240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware1\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2012-02-05 247968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNK.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 23:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-04-29 17:55 3338240 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExpressFiles]
2012-03-26 23:42 455800 ----a-w- c:\program files\ExpressFiles\ExpressFiles.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2007-01-09 06:23 191552 ------w- c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-08-03 05:22 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ccalib8
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-29 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 05:57]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 05:57]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001796362-2175004984-2756342874-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 04:56]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001796362-2175004984-2756342874-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 04:56]
.
2012-05-31 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]
.
2012-05-31 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]
.
2012-05-24 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 64.71.255.198
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
MSConfigStartUp-npwitc - c:\users\user\AppData\Local\Temp\npwitc.dll
MSConfigStartUp-wicpm - c:\users\user\AppData\Local\Temp\wicpm.dll
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{562C2753-4483-4655-A229-71924E7A9266}"=hex:51,66,7a,6c,4c,1d,38,12,3d,24,3f,
52,b1,0a,3b,03,dd,3f,32,d2,4b,24,d6,72
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{E7920C8E-163E-40CA-930E-E283B0E5D9C5}"=hex:51,66,7a,6c,4c,1d,38,12,e0,0f,81,
e3,0c,58,a4,05,ec,18,a1,c3,b5,bb,9d,d1
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:50,fc,a9,a0,e1,30,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,d7,8f,50,ff,c8,58,4c,8b,f5,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,d7,8f,50,ff,c8,58,4c,8b,f5,9a,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ExpressFiles\EFupdater.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WerCon.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Malwarebytes' Anti-Malware1\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-05-31 02:13:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-31 06:13
.
Pre-Run: 147,619,360,768 bytes free
Post-Run: 148,143,726,592 bytes free
.
- - End Of File - - 76CF843A3D08F62085B5B4387C1038E0

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 02 June 2012 - 05:41 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bannabop

bannabop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 04 June 2012 - 12:39 AM

01:11:16.0433 4488 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
01:11:16.0720 4488 ============================================================
01:11:16.0720 4488 Current date / time: 2012/06/04 01:11:16.0720
01:11:16.0720 4488 SystemInfo:
01:11:16.0720 4488
01:11:16.0720 4488 OS Version: 6.0.6002 ServicePack: 2.0
01:11:16.0720 4488 Product type: Workstation
01:11:16.0721 4488 ComputerName: USER-PC
01:11:16.0721 4488 UserName: user
01:11:16.0721 4488 Windows directory: C:\Windows
01:11:16.0721 4488 System windows directory: C:\Windows
01:11:16.0721 4488 Processor architecture: Intel x86
01:11:16.0721 4488 Number of processors: 2
01:11:16.0721 4488 Page size: 0x1000
01:11:16.0721 4488 Boot type: Normal boot
01:11:16.0721 4488 ============================================================
01:11:17.0319 4488 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:11:17.0321 4488 ============================================================
01:11:17.0321 4488 \Device\Harddisk0\DR0:
01:11:17.0321 4488 MBR partitions:
01:11:17.0321 4488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1B869800
01:11:17.0321 4488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BB58000, BlocksNum 0xBC2000
01:11:17.0321 4488 ============================================================
01:11:17.0348 4488 C: <-> \Device\Harddisk0\DR0\Partition0
01:11:17.0398 4488 D: <-> \Device\Harddisk0\DR0\Partition1
01:11:17.0398 4488 ============================================================
01:11:17.0398 4488 Initialize success
01:11:17.0398 4488 ============================================================
01:11:18.0433 8124 ============================================================
01:11:18.0433 8124 Scan started
01:11:18.0433 8124 Mode: Manual;
01:11:18.0433 8124 ============================================================
01:11:20.0465 8124 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
01:11:20.0470 8124 ACPI - ok
01:11:20.0552 8124 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
01:11:20.0560 8124 adp94xx - ok
01:11:20.0597 8124 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
01:11:20.0603 8124 adpahci - ok
01:11:20.0632 8124 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
01:11:20.0634 8124 adpu160m - ok
01:11:20.0659 8124 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
01:11:20.0662 8124 adpu320 - ok
01:11:20.0718 8124 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
01:11:20.0719 8124 AeLookupSvc - ok
01:11:20.0778 8124 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
01:11:20.0783 8124 AFD - ok
01:11:20.0843 8124 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
01:11:20.0844 8124 AgereModemAudio - ok
01:11:20.0949 8124 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
01:11:20.0971 8124 AgereSoftModem - ok
01:11:21.0049 8124 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
01:11:21.0051 8124 agp440 - ok
01:11:21.0115 8124 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
01:11:21.0117 8124 aic78xx - ok
01:11:21.0134 8124 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
01:11:21.0135 8124 ALG - ok
01:11:21.0150 8124 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
01:11:21.0150 8124 aliide - ok
01:11:21.0167 8124 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
01:11:21.0168 8124 amdagp - ok
01:11:21.0183 8124 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
01:11:21.0184 8124 amdide - ok
01:11:21.0228 8124 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
01:11:21.0229 8124 AmdK7 - ok
01:11:21.0246 8124 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
01:11:21.0247 8124 AmdK8 - ok
01:11:21.0291 8124 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
01:11:21.0294 8124 ApfiltrService - ok
01:11:21.0330 8124 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
01:11:21.0330 8124 Appinfo - ok
01:11:21.0444 8124 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:11:21.0445 8124 Apple Mobile Device - ok
01:11:21.0475 8124 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
01:11:21.0477 8124 arc - ok
01:11:21.0507 8124 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
01:11:21.0509 8124 arcsas - ok
01:11:21.0547 8124 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
01:11:21.0548 8124 AsyncMac - ok
01:11:21.0575 8124 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
01:11:21.0576 8124 atapi - ok
01:11:21.0635 8124 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
01:11:21.0641 8124 AudioEndpointBuilder - ok
01:11:21.0646 8124 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
01:11:21.0649 8124 Audiosrv - ok
01:11:21.0681 8124 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
01:11:21.0682 8124 Beep - ok
01:11:21.0788 8124 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
01:11:21.0794 8124 BFE - ok
01:11:21.0943 8124 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
01:11:21.0961 8124 BITS - ok
01:11:21.0965 8124 blbdrive - ok
01:11:22.0087 8124 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
01:11:22.0093 8124 Bonjour Service - ok
01:11:22.0127 8124 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
01:11:22.0129 8124 bowser - ok
01:11:22.0161 8124 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
01:11:22.0162 8124 BrFiltLo - ok
01:11:22.0175 8124 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
01:11:22.0176 8124 BrFiltUp - ok
01:11:22.0204 8124 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
01:11:22.0206 8124 Browser - ok
01:11:22.0224 8124 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
01:11:22.0226 8124 Brserid - ok
01:11:22.0246 8124 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
01:11:22.0248 8124 BrSerWdm - ok
01:11:22.0261 8124 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
01:11:22.0262 8124 BrUsbMdm - ok
01:11:22.0267 8124 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
01:11:22.0268 8124 BrUsbSer - ok
01:11:22.0288 8124 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
01:11:22.0289 8124 BTHMODEM - ok
01:11:22.0464 8124 catchme - ok
01:11:22.0479 8124 ccalib8 - ok
01:11:22.0522 8124 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
01:11:22.0524 8124 cdfs - ok
01:11:22.0598 8124 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
01:11:22.0600 8124 cdrom - ok
01:11:22.0632 8124 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
01:11:22.0634 8124 CertPropSvc - ok
01:11:22.0681 8124 CFSvcs (c82162949bba6cc5d006c7bd008f3cf1) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
01:11:22.0683 8124 CFSvcs - ok
01:11:22.0715 8124 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
01:11:22.0716 8124 circlass - ok
01:11:22.0764 8124 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
01:11:22.0769 8124 CLFS - ok
01:11:22.0811 8124 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:11:22.0812 8124 clr_optimization_v2.0.50727_32 - ok
01:11:22.0870 8124 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:11:22.0873 8124 clr_optimization_v4.0.30319_32 - ok
01:11:22.0925 8124 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
01:11:22.0926 8124 CmBatt - ok
01:11:22.0953 8124 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
01:11:22.0954 8124 cmdide - ok
01:11:22.0965 8124 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
01:11:22.0967 8124 Compbatt - ok
01:11:22.0971 8124 COMSysApp - ok
01:11:22.0981 8124 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
01:11:22.0982 8124 crcdisk - ok
01:11:23.0004 8124 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
01:11:23.0006 8124 Crusoe - ok
01:11:23.0053 8124 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
01:11:23.0056 8124 CryptSvc - ok
01:11:23.0130 8124 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
01:11:23.0136 8124 DcomLaunch - ok
01:11:23.0189 8124 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
01:11:23.0197 8124 DfsC - ok
01:11:23.0412 8124 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
01:11:23.0431 8124 DFSR - ok
01:11:23.0589 8124 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
01:11:23.0592 8124 Dhcp - ok
01:11:23.0649 8124 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
01:11:23.0651 8124 disk - ok
01:11:23.0685 8124 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
01:11:23.0688 8124 Dnscache - ok
01:11:23.0748 8124 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
01:11:23.0749 8124 dot3svc - ok
01:11:23.0795 8124 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
01:11:23.0796 8124 Dot4 - ok
01:11:23.0828 8124 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
01:11:23.0829 8124 Dot4Print - ok
01:11:23.0842 8124 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
01:11:23.0843 8124 dot4usb - ok
01:11:23.0884 8124 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
01:11:23.0887 8124 DPS - ok
01:11:23.0925 8124 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
01:11:23.0926 8124 drmkaud - ok
01:11:23.0978 8124 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\Windows\system32\Drivers\dsiarhwprog.sys
01:11:23.0979 8124 dsiarhwprog - ok
01:11:24.0048 8124 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
01:11:24.0062 8124 DXGKrnl - ok
01:11:24.0098 8124 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
01:11:24.0099 8124 E1G60 - ok
01:11:24.0132 8124 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
01:11:24.0135 8124 EapHost - ok
01:11:24.0198 8124 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
01:11:24.0201 8124 Ecache - ok
01:11:24.0272 8124 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
01:11:24.0275 8124 ehRecvr - ok
01:11:24.0338 8124 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
01:11:24.0339 8124 ehSched - ok
01:11:24.0350 8124 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
01:11:24.0350 8124 ehstart - ok
01:11:24.0411 8124 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
01:11:24.0417 8124 elxstor - ok
01:11:24.0484 8124 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
01:11:24.0496 8124 EMDMgmt - ok
01:11:24.0562 8124 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
01:11:24.0568 8124 EventSystem - ok
01:11:24.0705 8124 EvtEng (298c8f404968a600d1c298d43783bdb8) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
01:11:24.0717 8124 EvtEng - ok
01:11:24.0794 8124 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
01:11:24.0797 8124 exfat - ok
01:11:24.0846 8124 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
01:11:24.0849 8124 fastfat - ok
01:11:24.0907 8124 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
01:11:24.0908 8124 fdc - ok
01:11:24.0932 8124 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
01:11:24.0933 8124 fdPHost - ok
01:11:24.0960 8124 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
01:11:24.0963 8124 FDResPub - ok
01:11:24.0997 8124 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
01:11:24.0998 8124 FileInfo - ok
01:11:25.0016 8124 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
01:11:25.0018 8124 Filetrace - ok
01:11:25.0023 8124 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
01:11:25.0024 8124 flpydisk - ok
01:11:25.0077 8124 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
01:11:25.0081 8124 FltMgr - ok
01:11:25.0184 8124 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
01:11:25.0200 8124 FontCache - ok
01:11:25.0274 8124 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:11:25.0274 8124 FontCache3.0.0.0 - ok
01:11:25.0314 8124 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
01:11:25.0316 8124 fssfltr - ok
01:11:25.0425 8124 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
01:11:25.0441 8124 fsssvc - ok
01:11:25.0472 8124 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
01:11:25.0473 8124 Fs_Rec - ok
01:11:25.0501 8124 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
01:11:25.0503 8124 gagp30kx - ok
01:11:25.0541 8124 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
01:11:25.0542 8124 GEARAspiWDM - ok
01:11:25.0603 8124 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
01:11:25.0614 8124 gpsvc - ok
01:11:25.0702 8124 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
01:11:25.0705 8124 gupdate - ok
01:11:25.0715 8124 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
01:11:25.0717 8124 gupdatem - ok
01:11:25.0935 8124 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
01:11:25.0941 8124 HdAudAddService - ok
01:11:26.0017 8124 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:11:26.0028 8124 HDAudBus - ok
01:11:26.0054 8124 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
01:11:26.0055 8124 HidBth - ok
01:11:26.0084 8124 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
01:11:26.0085 8124 HidIr - ok
01:11:26.0120 8124 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
01:11:26.0122 8124 hidserv - ok
01:11:26.0150 8124 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
01:11:26.0151 8124 HidUsb - ok
01:11:26.0204 8124 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
01:11:26.0205 8124 hkmsvc - ok
01:11:26.0227 8124 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
01:11:26.0228 8124 HpCISSs - ok
01:11:26.0333 8124 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
01:11:26.0337 8124 hpqcxs08 - ok
01:11:26.0366 8124 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
01:11:26.0369 8124 hpqddsvc - ok
01:11:26.0444 8124 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
01:11:26.0452 8124 HTTP - ok
01:11:26.0480 8124 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
01:11:26.0481 8124 i2omp - ok
01:11:26.0529 8124 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
01:11:26.0531 8124 i8042prt - ok
01:11:26.0603 8124 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
01:11:26.0605 8124 iaStor - ok
01:11:26.0635 8124 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
01:11:26.0640 8124 iaStorV - ok
01:11:26.0902 8124 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:11:26.0918 8124 idsvc - ok
01:11:27.0072 8124 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
01:11:27.0105 8124 igfx - ok
01:11:27.0242 8124 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
01:11:27.0244 8124 iirsp - ok
01:11:27.0288 8124 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
01:11:27.0297 8124 IKEEXT - ok
01:11:27.0474 8124 IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
01:11:27.0510 8124 IntcAzAudAddService - ok
01:11:27.0647 8124 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
01:11:27.0648 8124 intelide - ok
01:11:27.0663 8124 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
01:11:27.0664 8124 intelppm - ok
01:11:27.0698 8124 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
01:11:27.0701 8124 IPBusEnum - ok
01:11:27.0734 8124 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:11:27.0735 8124 IpFilterDriver - ok
01:11:27.0787 8124 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
01:11:27.0791 8124 iphlpsvc - ok
01:11:27.0798 8124 IpInIp - ok
01:11:27.0826 8124 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
01:11:27.0829 8124 IPMIDRV - ok
01:11:27.0867 8124 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
01:11:27.0871 8124 IPNAT - ok
01:11:28.0247 8124 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
01:11:28.0268 8124 iPod Service - ok
01:11:28.0304 8124 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
01:11:28.0305 8124 IRENUM - ok
01:11:28.0337 8124 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
01:11:28.0339 8124 isapnp - ok
01:11:28.0379 8124 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
01:11:28.0383 8124 iScsiPrt - ok
01:11:28.0443 8124 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
01:11:28.0444 8124 iteatapi - ok
01:11:28.0465 8124 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
01:11:28.0465 8124 iteraid - ok
01:11:28.0510 8124 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
01:11:28.0511 8124 kbdclass - ok
01:11:28.0534 8124 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
01:11:28.0535 8124 kbdhid - ok
01:11:28.0570 8124 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
01:11:28.0572 8124 KeyIso - ok
01:11:28.0612 8124 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
01:11:28.0622 8124 KSecDD - ok
01:11:28.0679 8124 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
01:11:28.0686 8124 KtmRm - ok
01:11:28.0722 8124 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
01:11:28.0725 8124 LanmanServer - ok
01:11:28.0783 8124 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
01:11:28.0788 8124 LanmanWorkstation - ok
01:11:28.0828 8124 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
01:11:28.0829 8124 lltdio - ok
01:11:28.0872 8124 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
01:11:28.0877 8124 lltdsvc - ok
01:11:28.0934 8124 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
01:11:28.0936 8124 lmhosts - ok
01:11:29.0005 8124 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
01:11:29.0007 8124 LPCFilter - ok
01:11:29.0034 8124 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
01:11:29.0035 8124 LSI_FC - ok
01:11:29.0060 8124 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
01:11:29.0062 8124 LSI_SAS - ok
01:11:29.0090 8124 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
01:11:29.0091 8124 LSI_SCSI - ok
01:11:29.0125 8124 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
01:11:29.0127 8124 luafv - ok
01:11:29.0153 8124 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
01:11:29.0154 8124 MBAMProtector - ok
01:11:29.0276 8124 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe
01:11:29.0288 8124 MBAMService - ok
01:11:29.0313 8124 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
01:11:29.0316 8124 Mcx2Svc - ok
01:11:29.0362 8124 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
01:11:29.0363 8124 megasas - ok
01:11:29.0396 8124 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
01:11:29.0399 8124 MMCSS - ok
01:11:29.0424 8124 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
01:11:29.0425 8124 Modem - ok
01:11:29.0474 8124 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
01:11:29.0475 8124 monitor - ok
01:11:29.0514 8124 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
01:11:29.0515 8124 mouclass - ok
01:11:29.0528 8124 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
01:11:29.0529 8124 mouhid - ok
01:11:29.0563 8124 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
01:11:29.0564 8124 MountMgr - ok
01:11:29.0605 8124 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
01:11:29.0607 8124 mpio - ok
01:11:29.0651 8124 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
01:11:29.0653 8124 mpsdrv - ok
01:11:29.0721 8124 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
01:11:29.0730 8124 MpsSvc - ok
01:11:29.0787 8124 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
01:11:29.0788 8124 Mraid35x - ok
01:11:29.0825 8124 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
01:11:29.0827 8124 MRxDAV - ok
01:11:29.0856 8124 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:11:29.0859 8124 mrxsmb - ok
01:11:29.0894 8124 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:11:29.0899 8124 mrxsmb10 - ok
01:11:29.0924 8124 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:11:29.0926 8124 mrxsmb20 - ok
01:11:30.0007 8124 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
01:11:30.0008 8124 msahci - ok
01:11:30.0041 8124 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
01:11:30.0041 8124 msdsm - ok
01:11:30.0077 8124 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
01:11:30.0081 8124 MSDTC - ok
01:11:30.0118 8124 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
01:11:30.0119 8124 Msfs - ok
01:11:30.0135 8124 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
01:11:30.0137 8124 msisadrv - ok
01:11:30.0161 8124 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
01:11:30.0165 8124 MSiSCSI - ok
01:11:30.0169 8124 msiserver - ok
01:11:30.0210 8124 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
01:11:30.0211 8124 MSKSSRV - ok
01:11:30.0218 8124 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
01:11:30.0220 8124 MSPCLOCK - ok
01:11:30.0235 8124 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
01:11:30.0236 8124 MSPQM - ok
01:11:30.0277 8124 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
01:11:30.0278 8124 MsRPC - ok
01:11:30.0318 8124 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
01:11:30.0321 8124 mssmbios - ok
01:11:30.0335 8124 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
01:11:30.0337 8124 MSTEE - ok
01:11:30.0354 8124 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
01:11:30.0355 8124 Mup - ok
01:11:30.0408 8124 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
01:11:30.0415 8124 napagent - ok
01:11:30.0468 8124 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
01:11:30.0471 8124 NativeWifiP - ok
01:11:30.0546 8124 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
01:11:30.0556 8124 NDIS - ok
01:11:30.0580 8124 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
01:11:30.0581 8124 NdisTapi - ok
01:11:30.0615 8124 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
01:11:30.0616 8124 Ndisuio - ok
01:11:30.0655 8124 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
01:11:30.0658 8124 NdisWan - ok
01:11:30.0680 8124 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
01:11:30.0681 8124 NDProxy - ok
01:11:30.0714 8124 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
01:11:30.0716 8124 Net Driver HPZ12 - ok
01:11:30.0733 8124 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
01:11:30.0734 8124 NetBIOS - ok
01:11:30.0811 8124 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
01:11:30.0815 8124 netbt - ok
01:11:30.0848 8124 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
01:11:30.0850 8124 Netlogon - ok
01:11:30.0899 8124 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
01:11:30.0906 8124 Netman - ok
01:11:30.0932 8124 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
01:11:30.0940 8124 netprofm - ok
01:11:31.0007 8124 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:11:31.0009 8124 NetTcpPortSharing - ok
01:11:31.0175 8124 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
01:11:31.0218 8124 NETw4v32 - ok
01:11:31.0382 8124 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
01:11:31.0383 8124 nfrd960 - ok
01:11:31.0432 8124 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
01:11:31.0437 8124 NlaSvc - ok
01:11:31.0463 8124 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
01:11:31.0465 8124 Npfs - ok
01:11:31.0491 8124 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
01:11:31.0494 8124 nsi - ok
01:11:31.0513 8124 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
01:11:31.0514 8124 nsiproxy - ok
01:11:31.0612 8124 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
01:11:31.0632 8124 Ntfs - ok
01:11:31.0663 8124 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
01:11:31.0665 8124 ntrigdigi - ok
01:11:31.0691 8124 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
01:11:31.0692 8124 Null - ok
01:11:31.0713 8124 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
01:11:31.0715 8124 nvraid - ok
01:11:31.0739 8124 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
01:11:31.0740 8124 nvstor - ok
01:11:31.0767 8124 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
01:11:31.0770 8124 nv_agp - ok
01:11:31.0775 8124 NwlnkFlt - ok
01:11:31.0784 8124 NwlnkFwd - ok
01:11:31.0892 8124 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:11:31.0901 8124 odserv - ok
01:11:31.0943 8124 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
01:11:31.0946 8124 ohci1394 - ok
01:11:31.0992 8124 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:11:31.0995 8124 ose - ok
01:11:32.0105 8124 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
01:11:32.0115 8124 p2pimsvc - ok
01:11:32.0127 8124 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
01:11:32.0137 8124 p2psvc - ok
01:11:32.0171 8124 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
01:11:32.0174 8124 Parport - ok
01:11:32.0209 8124 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
01:11:32.0211 8124 partmgr - ok
01:11:32.0225 8124 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
01:11:32.0228 8124 Parvdm - ok
01:11:32.0264 8124 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
01:11:32.0267 8124 PcaSvc - ok
01:11:32.0313 8124 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
01:11:32.0316 8124 pci - ok
01:11:32.0349 8124 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
01:11:32.0350 8124 pciide - ok
01:11:32.0392 8124 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
01:11:32.0396 8124 pcmcia - ok
01:11:32.0473 8124 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
01:11:32.0489 8124 PEAUTH - ok
01:11:32.0638 8124 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
01:11:32.0666 8124 pla - ok
01:11:32.0830 8124 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
01:11:32.0837 8124 PlugPlay - ok
01:11:32.0873 8124 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
01:11:32.0875 8124 Pml Driver HPZ12 - ok
01:11:32.0946 8124 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
01:11:32.0954 8124 PNRPAutoReg - ok
01:11:32.0964 8124 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
01:11:32.0972 8124 PNRPsvc - ok
01:11:33.0013 8124 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
01:11:33.0021 8124 PolicyAgent - ok
01:11:33.0114 8124 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
01:11:33.0116 8124 PptpMiniport - ok
01:11:33.0149 8124 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
01:11:33.0151 8124 Processor - ok
01:11:33.0195 8124 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
01:11:33.0201 8124 ProfSvc - ok
01:11:33.0237 8124 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
01:11:33.0239 8124 ProtectedStorage - ok
01:11:33.0267 8124 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
01:11:33.0268 8124 PSched - ok
01:11:33.0352 8124 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
01:11:33.0368 8124 ql2300 - ok
01:11:33.0388 8124 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
01:11:33.0390 8124 ql40xx - ok
01:11:33.0429 8124 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
01:11:33.0434 8124 QWAVE - ok
01:11:33.0467 8124 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
01:11:33.0468 8124 QWAVEdrv - ok
01:11:33.0488 8124 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
01:11:33.0490 8124 RasAcd - ok
01:11:33.0527 8124 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
01:11:33.0530 8124 RasAuto - ok
01:11:33.0554 8124 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:11:33.0556 8124 Rasl2tp - ok
01:11:33.0608 8124 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
01:11:33.0615 8124 RasMan - ok
01:11:33.0651 8124 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
01:11:33.0653 8124 RasPppoe - ok
01:11:33.0691 8124 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
01:11:33.0693 8124 RasSstp - ok
01:11:33.0734 8124 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
01:11:33.0739 8124 rdbss - ok
01:11:33.0778 8124 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:11:33.0779 8124 RDPCDD - ok
01:11:33.0825 8124 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
01:11:33.0827 8124 rdpdr - ok
01:11:33.0834 8124 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
01:11:33.0835 8124 RDPENCDD - ok
01:11:33.0900 8124 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
01:11:33.0903 8124 RDPWD - ok
01:11:34.0006 8124 RegSrvc (83a5d92ace4465c667d1d55fcdab2658) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
01:11:34.0012 8124 RegSrvc - ok
01:11:34.0060 8124 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
01:11:34.0062 8124 RemoteAccess - ok
01:11:34.0108 8124 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
01:11:34.0112 8124 RemoteRegistry - ok
01:11:34.0129 8124 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
01:11:34.0131 8124 RpcLocator - ok
01:11:34.0203 8124 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
01:11:34.0211 8124 RpcSs - ok
01:11:34.0267 8124 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
01:11:34.0269 8124 rspndr - ok
01:11:34.0321 8124 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
01:11:34.0324 8124 RTL8169 - ok
01:11:34.0359 8124 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
01:11:34.0361 8124 SamSs - ok
01:11:34.0398 8124 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
01:11:34.0400 8124 sbp2port - ok
01:11:34.0441 8124 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
01:11:34.0446 8124 SCardSvr - ok
01:11:34.0519 8124 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
01:11:34.0535 8124 Schedule - ok
01:11:34.0557 8124 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
01:11:34.0558 8124 SCPolicySvc - ok
01:11:34.0582 8124 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
01:11:34.0585 8124 sdbus - ok
01:11:34.0624 8124 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
01:11:34.0629 8124 SDRSVC - ok
01:11:34.0634 8124 sebuugfw - ok
01:11:34.0668 8124 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
01:11:34.0671 8124 seclogon - ok
01:11:34.0686 8124 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
01:11:34.0689 8124 SENS - ok
01:11:34.0713 8124 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
01:11:34.0715 8124 Serenum - ok
01:11:34.0738 8124 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
01:11:34.0740 8124 Serial - ok
01:11:34.0777 8124 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
01:11:34.0779 8124 sermouse - ok
01:11:34.0815 8124 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
01:11:34.0819 8124 SessionEnv - ok
01:11:34.0843 8124 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
01:11:34.0844 8124 sffdisk - ok
01:11:34.0860 8124 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
01:11:34.0861 8124 sffp_mmc - ok
01:11:34.0890 8124 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
01:11:34.0892 8124 sffp_sd - ok
01:11:34.0925 8124 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
01:11:34.0927 8124 sfloppy - ok
01:11:34.0998 8124 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
01:11:35.0001 8124 SharedAccess - ok
01:11:35.0045 8124 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
01:11:35.0051 8124 ShellHWDetection - ok
01:11:35.0072 8124 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
01:11:35.0074 8124 sisagp - ok
01:11:35.0104 8124 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
01:11:35.0105 8124 SiSRaid2 - ok
01:11:35.0133 8124 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
01:11:35.0135 8124 SiSRaid4 - ok
01:11:35.0399 8124 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
01:11:35.0472 8124 slsvc - ok
01:11:35.0631 8124 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
01:11:35.0636 8124 SLUINotify - ok
01:11:35.0696 8124 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
01:11:35.0699 8124 Smb - ok
01:11:35.0744 8124 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
01:11:35.0749 8124 SNMPTRAP - ok
01:11:35.0788 8124 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
01:11:35.0790 8124 spldr - ok
01:11:35.0833 8124 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
01:11:35.0840 8124 Spooler - ok
01:11:35.0885 8124 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
01:11:35.0893 8124 srv - ok
01:11:35.0934 8124 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
01:11:35.0939 8124 srv2 - ok
01:11:35.0964 8124 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
01:11:35.0967 8124 srvnet - ok
01:11:36.0013 8124 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
01:11:36.0022 8124 SSDPSRV - ok
01:11:36.0077 8124 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
01:11:36.0084 8124 SstpSvc - ok
01:11:36.0119 8124 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
01:11:36.0120 8124 StillCam - ok
01:11:36.0199 8124 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
01:11:36.0210 8124 stisvc - ok
01:11:36.0234 8124 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
01:11:36.0236 8124 swenum - ok
01:11:36.0278 8124 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
01:11:36.0285 8124 swprv - ok
01:11:36.0310 8124 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
01:11:36.0312 8124 Symc8xx - ok
01:11:36.0324 8124 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
01:11:36.0325 8124 Sym_hi - ok
01:11:36.0343 8124 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
01:11:36.0344 8124 Sym_u3 - ok
01:11:36.0399 8124 SynTP (964524a9edcce945e82419abe9db94ee) C:\Windows\system32\DRIVERS\SynTP.sys
01:11:36.0402 8124 SynTP - ok
01:11:36.0459 8124 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
01:11:36.0471 8124 SysMain - ok
01:11:36.0507 8124 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
01:11:36.0511 8124 TabletInputService - ok
01:11:36.0556 8124 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
01:11:36.0560 8124 TapiSrv - ok
01:11:36.0588 8124 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
01:11:36.0591 8124 TBS - ok
01:11:36.0683 8124 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
01:11:36.0699 8124 Tcpip - ok
01:11:36.0712 8124 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
01:11:36.0718 8124 Tcpip6 - ok
01:11:36.0757 8124 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
01:11:36.0758 8124 tcpipreg - ok
01:11:36.0791 8124 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
01:11:36.0792 8124 tdcmdpst - ok
01:11:36.0815 8124 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
01:11:36.0817 8124 TDPIPE - ok
01:11:36.0830 8124 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
01:11:36.0831 8124 TDTCP - ok
01:11:36.0870 8124 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
01:11:36.0873 8124 tdx - ok
01:11:36.0908 8124 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
01:11:36.0910 8124 TermDD - ok
01:11:36.0969 8124 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
01:11:36.0980 8124 TermService - ok
01:11:37.0022 8124 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
01:11:37.0027 8124 Themes - ok
01:11:37.0052 8124 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
01:11:37.0054 8124 THREADORDER - ok
01:11:37.0107 8124 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
01:11:37.0113 8124 tifm21 - ok
01:11:37.0189 8124 TNaviSrv (b351aa72eae95c4447a3c5329977f064) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
01:11:37.0191 8124 TNaviSrv - ok
01:11:37.0233 8124 TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
01:11:37.0237 8124 TODDSrv - ok
01:11:37.0287 8124 TosCoSrv (6a54c28b53c6b50d333c8ee974c6b208) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
01:11:37.0296 8124 TosCoSrv - ok
01:11:37.0345 8124 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
01:11:37.0353 8124 tos_sps32 - ok
01:11:37.0373 8124 TpChoice - ok
01:11:37.0410 8124 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
01:11:37.0415 8124 TrkWks - ok
01:11:37.0469 8124 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
01:11:37.0470 8124 TrustedInstaller - ok
01:11:37.0509 8124 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:11:37.0511 8124 tssecsrv - ok
01:11:37.0548 8124 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
01:11:37.0549 8124 tunmp - ok
01:11:37.0565 8124 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
01:11:37.0567 8124 tunnel - ok
01:11:37.0603 8124 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
01:11:37.0604 8124 TVALZ - ok
01:11:37.0628 8124 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
01:11:37.0630 8124 uagp35 - ok
01:11:37.0684 8124 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
01:11:37.0688 8124 udfs - ok
01:11:37.0731 8124 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
01:11:37.0734 8124 UI0Detect - ok
01:11:37.0794 8124 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
01:11:37.0795 8124 UleadBurningHelper - ok
01:11:37.0817 8124 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
01:11:37.0819 8124 uliagpkx - ok
01:11:37.0855 8124 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
01:11:37.0860 8124 uliahci - ok
01:11:37.0883 8124 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
01:11:37.0886 8124 UlSata - ok
01:11:37.0910 8124 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
01:11:37.0914 8124 ulsata2 - ok
01:11:37.0944 8124 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
01:11:37.0946 8124 umbus - ok
01:11:37.0988 8124 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
01:11:37.0995 8124 upnphost - ok
01:11:38.0074 8124 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
01:11:38.0075 8124 USBAAPL - ok
01:11:38.0114 8124 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
01:11:38.0117 8124 usbccgp - ok
01:11:38.0161 8124 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
01:11:38.0164 8124 usbcir - ok
01:11:38.0216 8124 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
01:11:38.0218 8124 usbehci - ok
01:11:38.0258 8124 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
01:11:38.0263 8124 usbhub - ok
01:11:38.0278 8124 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
01:11:38.0279 8124 usbohci - ok
01:11:38.0301 8124 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
01:11:38.0302 8124 usbprint - ok
01:11:38.0346 8124 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
01:11:38.0347 8124 usbscan - ok
01:11:38.0381 8124 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:11:38.0384 8124 USBSTOR - ok
01:11:38.0415 8124 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
01:11:38.0416 8124 usbuhci - ok
01:11:38.0466 8124 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
01:11:38.0469 8124 usbvideo - ok
01:11:38.0500 8124 UVCFTR (3b929a72aaea96dc0150d3a6da268c89) C:\Windows\system32\Drivers\UVCFTR_S.SYS
01:11:38.0501 8124 UVCFTR - ok
01:11:38.0534 8124 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
01:11:38.0539 8124 UxSms - ok
01:11:38.0596 8124 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
01:11:38.0605 8124 vds - ok
01:11:38.0623 8124 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
01:11:38.0625 8124 vga - ok
01:11:38.0657 8124 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
01:11:38.0659 8124 VgaSave - ok
01:11:38.0678 8124 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
01:11:38.0680 8124 viaagp - ok
01:11:38.0696 8124 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
01:11:38.0698 8124 ViaC7 - ok
01:11:38.0710 8124 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
01:11:38.0711 8124 viaide - ok
01:11:38.0748 8124 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
01:11:38.0750 8124 volmgr - ok
01:11:38.0812 8124 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
01:11:38.0819 8124 volmgrx - ok
01:11:38.0859 8124 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
01:11:38.0865 8124 volsnap - ok
01:11:38.0911 8124 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
01:11:38.0913 8124 vsmraid - ok
01:11:39.0029 8124 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
01:11:39.0043 8124 VSS - ok
01:11:39.0080 8124 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
01:11:39.0090 8124 W32Time - ok
01:11:39.0152 8124 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
01:11:39.0154 8124 WacomPen - ok
01:11:39.0194 8124 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:11:39.0198 8124 Wanarp - ok
01:11:39.0213 8124 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:11:39.0216 8124 Wanarpv6 - ok
01:11:39.0275 8124 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
01:11:39.0283 8124 wcncsvc - ok
01:11:39.0319 8124 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
01:11:39.0324 8124 WcsPlugInService - ok
01:11:39.0338 8124 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
01:11:39.0340 8124 Wd - ok
01:11:39.0413 8124 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
01:11:39.0426 8124 Wdf01000 - ok
01:11:39.0459 8124 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
01:11:39.0463 8124 WdiServiceHost - ok
01:11:39.0468 8124 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
01:11:39.0472 8124 WdiSystemHost - ok
01:11:39.0517 8124 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
01:11:39.0521 8124 WebClient - ok
01:11:39.0560 8124 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
01:11:39.0563 8124 Wecsvc - ok
01:11:39.0600 8124 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
01:11:39.0604 8124 wercplsupport - ok
01:11:39.0643 8124 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
01:11:39.0648 8124 WerSvc - ok
01:11:39.0720 8124 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
01:11:39.0725 8124 WinDefend - ok
01:11:39.0735 8124 WinHttpAutoProxySvc - ok
01:11:39.0791 8124 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
01:11:39.0795 8124 Winmgmt - ok
01:11:39.0897 8124 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
01:11:39.0909 8124 WinRM - ok
01:11:39.0969 8124 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
01:11:39.0982 8124 Wlansvc - ok
01:11:40.0155 8124 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:11:40.0185 8124 wlidsvc - ok
01:11:40.0333 8124 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
01:11:40.0334 8124 WmiAcpi - ok
01:11:40.0399 8124 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
01:11:40.0401 8124 wmiApSrv - ok
01:11:40.0521 8124 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
01:11:40.0537 8124 WMPNetworkSvc - ok
01:11:40.0579 8124 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
01:11:40.0587 8124 WPCSvc - ok
01:11:40.0632 8124 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
01:11:40.0636 8124 WPDBusEnum - ok
01:11:40.0694 8124 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
01:11:40.0696 8124 WpdUsb - ok
01:11:40.0844 8124 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:11:40.0851 8124 WPFFontCache_v0400 - ok
01:11:40.0879 8124 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
01:11:40.0880 8124 ws2ifsl - ok
01:11:40.0909 8124 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
01:11:40.0913 8124 wscsvc - ok
01:11:40.0918 8124 WSearch - ok
01:11:41.0073 8124 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
01:11:41.0114 8124 wuauserv - ok
01:11:41.0299 8124 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:11:41.0302 8124 WUDFRd - ok
01:11:41.0348 8124 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
01:11:41.0353 8124 wudfsvc - ok
01:11:41.0406 8124 ysusb32 (3f2a964306349863cd73775e9ba6565c) C:\Windows\system32\drivers\ysusb32.sys
01:11:41.0408 8124 ysusb32 - ok
01:11:41.0441 8124 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
01:11:41.0726 8124 \Device\Harddisk0\DR0 - ok
01:11:41.0732 8124 Boot (0x1200) (fb8a4c8a9d7df6203d64550640130fbe) \Device\Harddisk0\DR0\Partition0
01:11:41.0734 8124 \Device\Harddisk0\DR0\Partition0 - ok
01:11:41.0782 8124 Boot (0x1200) (328e62d3ec83f73927b3e6c3dad77cee) \Device\Harddisk0\DR0\Partition1
01:11:41.0784 8124 \Device\Harddisk0\DR0\Partition1 - ok
01:11:41.0784 8124 ============================================================
01:11:41.0784 8124 Scan finished
01:11:41.0784 8124 ============================================================
01:11:41.0798 6976 Detected object count: 0
01:11:41.0798 6976 Actual detected object count: 0
01:11:54.0651 5632 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-28 00:22:08
-----------------------------
00:22:08.428 OS Version: Windows 6.0.6002 Service Pack 2
00:22:08.428 Number of processors: 2 586 0xF0D
00:22:08.428 ComputerName: USER-PC UserName: user
00:22:10.612 Initialize success
00:22:16.280 AVAST engine download error: 0
00:24:53.964 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:24:53.964 Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3
00:24:53.996 Disk 0 MBR read successfully
00:24:53.996 Disk 0 MBR scan
00:24:54.011 Disk 0 Windows VISTA default MBR code
00:24:54.027 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
00:24:54.042 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 225491 MB offset 3074048
00:24:54.074 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 6020 MB offset 464879616
00:24:54.105 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 5463 MB offset 477208576
00:24:54.276 Disk 0 scanning sectors +488396800
00:24:54.479 Disk 0 scanning C:\Windows\system32\drivers
00:25:11.608 Service scanning
00:25:34.119 Modules scanning
00:25:48.081 Disk 0 trace - called modules:
00:25:48.112 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
00:25:48.112 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865b7818]
00:25:48.112 3 CLASSPNP.SYS[8a5148b3] -> nt!IofCallDriver -> [0x85529760]
00:25:48.128 5 acpi.sys[8289e6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8552b030]
00:25:48.128 Scan finished successfully
00:27:42.647 Disk 0 MBR has been saved successfully to "C:\Users\user\Documents\MBR.dat"
00:27:42.663 The log file has been saved successfully to "C:\Users\user\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-04 01:12:47
-----------------------------
01:12:47.380 OS Version: Windows 6.0.6002 Service Pack 2
01:12:47.380 Number of processors: 2 586 0xF0D
01:12:47.382 ComputerName: USER-PC UserName: user
01:13:05.923 Initialize success
01:16:14.358 AVAST engine defs: 12060301
01:16:34.043 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:16:34.047 Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3
01:16:34.076 Disk 0 MBR read successfully
01:16:34.081 Disk 0 MBR scan
01:16:34.088 Disk 0 Windows VISTA default MBR code
01:16:34.105 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
01:16:34.126 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 225491 MB offset 3074048
01:16:34.160 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 6020 MB offset 464879616
01:16:34.180 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 5463 MB offset 477208576
01:16:34.192 Disk 0 scanning sectors +488396800
01:16:34.263 Disk 0 scanning C:\Windows\system32\drivers
01:16:46.036 Service scanning
01:17:19.936 Modules scanning
01:17:30.641 Disk 0 trace - called modules:
01:17:30.706 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
01:17:30.715 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86439590]
01:17:30.725 3 CLASSPNP.SYS[8a5178b3] -> nt!IofCallDriver -> [0x855228e0]
01:17:30.734 5 acpi.sys[828926bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8552c030]
01:17:32.335 AVAST engine scan C:\Windows
01:17:48.392 AVAST engine scan C:\Windows\system32
01:25:16.941 AVAST engine scan C:\Windows\system32\drivers
01:25:34.296 AVAST engine scan C:\Users\user
01:37:01.667 AVAST engine scan C:\ProgramData
01:38:16.126 Scan finished successfully
01:38:45.283 Disk 0 MBR has been saved successfully to "C:\Users\user\Documents\MBR.dat"
01:38:45.298 The log file has been saved successfully to "C:\Users\user\Documents\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 04 June 2012 - 10:49 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\windows\system32\config\systemprofile\AppData\Local\Conduit

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 07 June 2012 - 12:52 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 10 June 2012 - 12:06 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 bannabop

bannabop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 12 June 2012 - 10:35 PM

Here is the log you requested. Sorry for the late reply!


ComboFix 12-06-12.03 - user 12/06/2012 23:06:19.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3062.1331 [GMT -4:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFscript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\Temp\swtlib-32\swt-gdip-win32-3611.dll
c:\users\user\AppData\Local\temp\swtlib-32\swt-win32-3611.dll
c:\windows\Installer\{3f11c3dc-827e-5ff7-2b90-09215f7f9a42}\@
c:\windows\Installer\{3f11c3dc-827e-5ff7-2b90-09215f7f9a42}\L\00000004.@
c:\windows\Installer\{3f11c3dc-827e-5ff7-2b90-09215f7f9a42}\L\1afb2d56
c:\windows\Installer\{3f11c3dc-827e-5ff7-2b90-09215f7f9a42}\L\201d3dde
c:\windows\Installer\{3f11c3dc-827e-5ff7-2b90-09215f7f9a42}\n
c:\windows\Installer\{3f11c3dc-827e-5ff7-2b90-09215f7f9a42}\U\00000004.@
c:\windows\Installer\{3f11c3dc-827e-5ff7-2b90-09215f7f9a42}\U\000000cb.@
c:\windows\system32\config\systemprofile\AppData\Local\Conduit
c:\windows\system32\config\systemprofile\AppData\Local\Conduit\CT2786678\uTorrentBarAutoUpdaterHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 03:15 . 2012-06-13 03:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-13 03:15 . 2012-06-13 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-12 07:53 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A36CCF46-9E8F-4D99-856D-D3DEAD2A0ABD}\mpengine.dll
2012-05-31 10:22 . 2012-02-23 14:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 06:13 . 2012-06-13 03:21 -------- d-----w- c:\users\user\AppData\Local\temp
2012-05-19 02:10 . 2012-05-19 02:10 -------- d-----w- C:\avast! sandbox
2012-05-17 05:10 . 2012-05-17 05:10 -------- d-----w- c:\programdata\AVAST Software
2012-05-17 05:10 . 2012-05-17 05:10 -------- d-----w- c:\program files\AVAST Software
2012-05-16 05:04 . 2012-05-16 05:04 -------- d-----w- c:\users\user\AppData\Roaming\Toshiba
2012-05-16 04:34 . 2012-05-16 04:34 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-14 17:44 . 2012-05-14 17:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2012-05-14 17:40 . 2012-05-14 17:40 -------- d-----w- c:\users\SYSTEM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 07:01 . 2010-12-27 19:57 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-04-04 19:56 . 2011-04-14 04:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-11 21:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-11 21:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36 . 2012-05-11 21:16 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-31 23:39 . 2012-03-31 23:39 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-31 23:39 . 2012-03-31 23:39 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-31 23:39 . 2012-03-31 23:39 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-31 23:39 . 2012-03-31 23:39 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-31 23:39 . 2012-03-31 23:39 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-31 23:39 . 2012-03-31 23:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-31 23:39 . 2012-03-31 23:39 367104 ----a-w- c:\windows\system32\html.iec
2012-03-31 23:39 . 2012-03-31 23:39 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-31 23:39 . 2012-03-31 23:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-31 23:39 . 2012-03-31 23:39 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-31 23:39 . 2012-03-31 23:39 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-31 23:39 . 2012-03-31 23:39 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-31 23:39 . 2012-03-31 23:39 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-31 23:39 . 2012-03-31 23:39 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-31 23:39 . 2012-03-31 23:39 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-31 23:39 . 2012-03-31 23:39 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-31 23:39 . 2012-03-31 23:39 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-31 23:39 . 2012-03-31 23:39 98816 ----a-w- c:\windows\system32\mfps.dll
2012-03-31 23:39 . 2012-03-31 23:39 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-03-31 23:39 . 2012-03-31 23:39 586240 ----a-w- c:\windows\system32\stobject.dll
2012-03-31 23:39 . 2012-03-31 23:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-03-31 23:39 . 2012-03-31 23:39 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-03-31 23:39 . 2012-03-31 23:39 2873344 ----a-w- c:\windows\system32\mf.dll
2012-03-31 23:39 . 2012-03-31 23:39 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-31 23:39 . 2012-03-31 23:39 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-03-31 23:39 . 2012-03-31 23:39 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-31 23:39 . 2012-03-31 23:39 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-03-31 23:39 . 2012-03-31 23:39 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-03-31 23:39 . 2012-03-31 23:39 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-03-31 23:39 . 2012-03-31 23:39 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-03-31 23:39 . 2012-03-31 23:39 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-03-31 23:39 . 2012-03-31 23:39 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-03-31 23:39 . 2012-03-31 23:39 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-31 23:39 . 2012-03-31 23:39 37376 ----a-w- c:\windows\system32\cdd.dll
2012-03-31 23:39 . 2012-03-31 23:39 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-03-31 23:39 . 2012-03-31 23:39 258048 ----a-w- c:\windows\system32\winspool.drv
2012-03-31 23:39 . 2012-03-31 23:39 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-03-31 23:38 . 2012-03-31 23:38 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-03-31 23:38 . 2012-03-31 23:38 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-31 23:38 . 2012-03-31 23:38 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-03-31 23:38 . 2012-03-31 23:38 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-03-31 23:38 . 2012-03-31 23:38 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-31 23:38 . 2012-03-31 23:38 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-03-31 23:38 . 2012-03-31 23:38 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-03-31 23:38 . 2012-03-31 23:38 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-30 12:39 . 2012-05-11 21:16 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28 . 2012-05-11 21:16 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-09-27 77824]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"iPodConverterSuite_upgrade"="c:\program files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" [2008-06-17 842240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware1\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2012-02-05 247968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNK.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 23:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-04-29 17:55 3338240 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExpressFiles]
2012-03-26 23:42 455800 ----a-w- c:\program files\ExpressFiles\ExpressFiles.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2007-01-09 06:23 191552 ------w- c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-08-03 05:22 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ccalib8
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-13 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 05:57]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 05:57]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001796362-2175004984-2756342874-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 04:56]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3001796362-2175004984-2756342874-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 04:56]
.
2012-06-13 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]
.
2012-06-13 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]
.
2012-06-07 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 64.71.255.198
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-12 23:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{562C2753-4483-4655-A229-71924E7A9266}"=hex:51,66,7a,6c,4c,1d,38,12,3d,24,3f,
52,b1,0a,3b,03,dd,3f,32,d2,4b,24,d6,72
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{E7920C8E-163E-40CA-930E-E283B0E5D9C5}"=hex:51,66,7a,6c,4c,1d,38,12,e0,0f,81,
e3,0c,58,a4,05,ec,18,a1,c3,b5,bb,9d,d1
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:50,fc,a9,a0,e1,30,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,d7,8f,50,ff,c8,58,4c,8b,f5,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,d7,8f,50,ff,c8,58,4c,8b,f5,9a,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ExpressFiles\EFupdater.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Malwarebytes' Anti-Malware1\mbamservice.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-06-12 23:31:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-13 03:31
ComboFix2.txt 2012-05-31 06:13
.
Pre-Run: 139,810,971,648 bytes free
Post-Run: 139,925,618,688 bytes free
.
- - End Of File - - C652AEE9F41232DBA02FFEE813FDDDD9

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 12 June 2012 - 10:42 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8.1.2
µTorrent
Java™ SE Runtime Environment 6
uTorrentBar Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 14 June 2012 - 11:41 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 bannabop

bannabop
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 17 June 2012 - 09:47 PM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.17.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [administrator]

Protection: Enabled

17/06/2012 9:18:57 PM
mbam-log-2012-06-17 (21-18-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237692
Time elapsed: 8 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:47:43 PM, on 17/06/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware1\mbamgui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TuxGuitar\tuxguitar.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\TuxGuitar\tuxguitar.exe
C:\Program Files\TuxGuitar\tuxguitar.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [iPodConverterSuite_upgrade] "C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" /upgrade
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware1\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKUS\S-1-5-18\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f (User 'Default user')
O4 - S-1-5-18 User Startup: p0j99p.exe.lnk = C:\Windows\System32\rundll32.exe (User 'SYSTEM')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8439 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 17 June 2012 - 10:14 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
      O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
      O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
      O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [iPodConverterSuite_upgrade] "C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" /upgrade
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKUS\S-1-5-18\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f (User 'Default user')
      O4 - S-1-5-18 User Startup: p0j99p.exe.lnk = C:\Windows\System32\rundll32.exe (User 'SYSTEM')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 19 June 2012 - 11:53 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:01 PM

Posted 23 June 2012 - 07:01 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users