Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Background Ads + Google Redirect Rootkit


  • This topic is locked This topic is locked
19 replies to this topic

#1 d0onut

d0onut

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 30 May 2012 - 04:10 PM

Hi, I've been trying to remove the redirect virus for nearly a year. Most AV programs blocked the symptoms but they seem to be popping up again. Most symptoms were gone after I ran TDSSKiller.exe but I didn't get help from any forum, I just ran the programs they had suggested for others. But now, Firefox crashes frequently, and I get frequent errors telling me Internet Explorer has crashed, even though it wasn't open.

After trying to fix it myself I ran ComboFix.exe (*which I now realize was a bad move, but it's just one more thing to deal with in my pile of problems) and apparently that allowed the background ads to surface, because now they're constantly playing.

Here is my DDS scan and I've attached the Attach.zip. My most recent TDSSKiller log is at the end as well.

Thanks

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.1.0
Run by Arik at 13:53:59 on 2012-05-30
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hyperionics db toolbar\tbcore3.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Aim6]
uRun: [AdobeBridge]
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9e.exe
StartupFolder: c:\users\arik\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\arik\appdata\roaming\micros~1\windows\startm~1\programs\startup\client~1.lnk - c:\program files\samurize\Client.exe
StartupFolder: c:\users\arik\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\arik\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\arik\appdata\roaming\micros~1\windows\startm~1\programs\startup\flux - shortcut.lnk - c:\users\arik\appdata\local\apps\f.lux\flux .exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\microsoft office.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: DhcpNameServer = 172.16.0.1
TCP: Interfaces\{1A119D6B-6701-4F67-8D94-BBE730257A90} : DhcpNameServer = 172.16.0.1
TCP: Interfaces\{EAB6AFB8-AEF6-483E-9D16-8B57BCC959F5} : DhcpNameServer = 172.16.0.1
TCP: Interfaces\{EF63FEB5-77E9-4B36-A0E0-893311DCD98B} : DhcpNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\arik\appdata\roaming\mozilla\firefox\profiles\19o0lx5c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\arik\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\arik\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-05-30 20:20:52 -------- d-s---w- C:\ComboFix
2012-05-30 19:50:55 -------- d-----w- c:\users\arik\appdata\local\temp
2012-05-30 19:49:23 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-30 18:18:06 98816 ----a-w- c:\windows\sed.exe
2012-05-30 18:18:06 518144 ----a-w- c:\windows\SWREG.exe
2012-05-30 18:18:06 256000 ----a-w- c:\windows\PEV.exe
2012-05-30 18:18:06 208896 ----a-w- c:\windows\MBR.exe
2012-05-25 23:27:21 -------- d-----w- c:\users\arik\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-05-25 23:27:21 -------- d-----w- c:\users\arik\appdata\roaming\Adobe Mini Bridge CS5.1
2012-05-23 00:39:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-05-23 00:15:21 -------- d-----w- c:\program files\HitmanPro
2012-05-23 00:14:57 -------- d-----w- c:\programdata\HitmanPro
2012-05-21 20:06:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-19 23:23:32 -------- d-----w- c:\users\arik\appdata\local\Runic Games
2012-05-15 03:35:20 -------- d-s---w- c:\users\arik\Google Drive
2012-05-09 08:02:14 -------- d-----w- c:\users\arik\jagexcache1
2012-05-07 04:25:46 -------- d-----w- c:\users\arik\appdata\roaming\Foxit Software
2012-05-07 04:24:59 -------- d-----w- c:\program files\Foxit Software
.
==================== Find3M ====================
.
2012-05-30 19:24:18 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-28 19:02:56 70920 ----a-w- c:\program files\libsasl.dll
2011-09-28 19:02:56 62448 ----a-w- c:\program files\zlib1.dll
2011-09-28 19:02:56 485888 ----a-w- c:\program files\voxed.exe
2011-09-28 19:02:56 200192 ----a-w- c:\program files\ssleay32.dll
2011-09-28 19:02:56 1016832 ----a-w- c:\program files\libeay32.dll
2010-03-18 17:15:26 770384 ----a-w- c:\program files\msvcr100.dll
2010-03-18 17:15:26 1498960 ----a-w- c:\program files\msvcr100d.dll
.
============= FINISH: 13:59:21.44 ===============




TDSSKILLER:

13:55:20.0776 0804 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
13:55:21.0248 0804 ============================================================
13:55:21.0248 0804 Current date / time: 2012/05/30 13:55:21.0248
13:55:21.0248 0804 SystemInfo:
13:55:21.0248 0804
13:55:21.0248 0804 OS Version: 6.0.6001 ServicePack: 1.0
13:55:21.0248 0804 Product type: Workstation
13:55:21.0248 0804 ComputerName: ARIK-PC
13:55:21.0248 0804 UserName: Arik
13:55:21.0249 0804 Windows directory: C:\Windows
13:55:21.0249 0804 System windows directory: C:\Windows
13:55:21.0249 0804 Processor architecture: Intel x86
13:55:21.0249 0804 Number of processors: 4
13:55:21.0249 0804 Page size: 0x1000
13:55:21.0249 0804 Boot type: Normal boot
13:55:21.0249 0804 ============================================================
13:55:22.0421 0804 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:55:22.0432 0804 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:55:22.0506 0804 ============================================================
13:55:22.0506 0804 \Device\Harddisk0\DR0:
13:55:22.0506 0804 MBR partitions:
13:55:22.0506 0804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1400000
13:55:22.0506 0804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141F800, BlocksNum 0x38F66000
13:55:22.0506 0804 \Device\Harddisk1\DR1:
13:55:22.0506 0804 MBR partitions:
13:55:22.0506 0804 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
13:55:22.0507 0804 ============================================================
13:55:22.0537 0804 C: <-> \Device\Harddisk0\DR0\Partition1
13:55:22.0576 0804 D: <-> \Device\Harddisk0\DR0\Partition0
13:55:22.0637 0804 K: <-> \Device\Harddisk1\DR1\Partition0
13:55:22.0637 0804 ============================================================
13:55:22.0637 0804 Initialize success
13:55:22.0637 0804 ============================================================
14:02:50.0391 1528 ============================================================
14:02:50.0391 1528 Scan started
14:02:50.0391 1528 Mode: Manual;
14:02:50.0391 1528 ============================================================
14:02:54.0931 1528 40976409 - ok
14:02:54.0967 1528 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
14:02:55.0016 1528 ACPI - ok
14:02:55.0101 1528 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
14:02:55.0103 1528 Adobe LM Service - ok
14:02:55.0134 1528 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:02:55.0137 1528 adp94xx - ok
14:02:55.0162 1528 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:02:55.0164 1528 adpahci - ok
14:02:55.0180 1528 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:02:55.0181 1528 adpu160m - ok
14:02:55.0210 1528 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:02:55.0211 1528 adpu320 - ok
14:02:55.0246 1528 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:02:55.0248 1528 AeLookupSvc - ok
14:02:55.0289 1528 AERTFilters (330a1e4df07c2e29949ed8631cd8828e) C:\Windows\system32\AERTSrv.exe
14:02:55.0290 1528 AERTFilters - ok
14:02:55.0308 1528 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
14:02:55.0314 1528 AFD - ok
14:02:55.0335 1528 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:02:55.0336 1528 agp440 - ok
14:02:55.0357 1528 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:02:55.0358 1528 aic78xx - ok
14:02:55.0380 1528 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:02:55.0382 1528 ALG - ok
14:02:55.0399 1528 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:02:55.0399 1528 aliide - ok
14:02:55.0467 1528 AMD External Events Utility (0db03d8f29420b2b6716436a28e79c68) C:\Windows\system32\atiesrxx.exe
14:02:55.0469 1528 AMD External Events Utility - ok
14:02:55.0483 1528 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:02:55.0483 1528 amdagp - ok
14:02:55.0494 1528 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:02:55.0495 1528 amdide - ok
14:02:55.0526 1528 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:02:55.0526 1528 AmdK7 - ok
14:02:55.0543 1528 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:02:55.0544 1528 AmdK8 - ok
14:02:55.0798 1528 amdkmdag (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys
14:02:55.0847 1528 amdkmdag - ok
14:02:56.0046 1528 amdkmdap (c9b705ff53b15dd71f6a4d4f45396edd) C:\Windows\system32\DRIVERS\atikmpag.sys
14:02:56.0048 1528 amdkmdap - ok
14:02:56.0127 1528 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:02:56.0131 1528 Appinfo - ok
14:02:56.0253 1528 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:02:56.0255 1528 Apple Mobile Device - ok
14:02:56.0311 1528 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:02:56.0312 1528 arc - ok
14:02:56.0343 1528 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:02:56.0344 1528 arcsas - ok
14:02:56.0479 1528 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:02:56.0480 1528 aspnet_state - ok
14:02:56.0507 1528 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:02:56.0510 1528 AsyncMac - ok
14:02:56.0526 1528 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
14:02:56.0526 1528 atapi - ok
14:02:56.0582 1528 AtiHdmiService (e6530b7887652ad6ca32401483ae6766) C:\Windows\system32\drivers\AtiHdmi.sys
14:02:56.0583 1528 AtiHdmiService - ok
14:02:57.0212 1528 atikmdag (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys
14:02:57.0261 1528 atikmdag - ok
14:02:57.0378 1528 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
14:02:57.0383 1528 AudioEndpointBuilder - ok
14:02:57.0388 1528 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
14:02:57.0390 1528 Audiosrv - ok
14:02:57.0452 1528 BCM43XX (e3d7bc2dd538c9029e3849b129062aa2) C:\Windows\system32\DRIVERS\bcmwl6.sys
14:02:57.0459 1528 BCM43XX - ok
14:02:57.0503 1528 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:02:57.0507 1528 Beep - ok
14:02:57.0539 1528 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
14:02:57.0549 1528 BFE - ok
14:02:57.0605 1528 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
14:02:57.0627 1528 BITS - ok
14:02:57.0647 1528 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:02:57.0648 1528 blbdrive - ok
14:02:57.0728 1528 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:02:57.0730 1528 Bonjour Service - ok
14:02:57.0749 1528 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
14:02:57.0752 1528 bowser - ok
14:02:57.0782 1528 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:02:57.0783 1528 BrFiltLo - ok
14:02:57.0797 1528 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:02:57.0797 1528 BrFiltUp - ok
14:02:57.0813 1528 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:02:57.0818 1528 Browser - ok
14:02:57.0839 1528 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:02:57.0839 1528 Brserid - ok
14:02:57.0962 1528 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:02:57.0963 1528 BrSerWdm - ok
14:02:57.0974 1528 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:02:57.0975 1528 BrUsbMdm - ok
14:02:58.0007 1528 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:02:58.0008 1528 BrUsbSer - ok
14:02:58.0028 1528 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:02:58.0029 1528 BTHMODEM - ok
14:02:58.0190 1528 catchme - ok
14:02:58.0203 1528 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:02:58.0205 1528 cdfs - ok
14:02:58.0231 1528 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
14:02:58.0234 1528 cdrom - ok
14:02:58.0271 1528 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
14:02:58.0273 1528 CertPropSvc - ok
14:02:58.0293 1528 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:02:58.0294 1528 circlass - ok
14:02:58.0328 1528 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
14:02:58.0334 1528 CLFS - ok
14:02:58.0402 1528 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:02:58.0405 1528 clr_optimization_v2.0.50727_32 - ok
14:02:58.0554 1528 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:02:58.0557 1528 clr_optimization_v4.0.30319_32 - ok
14:02:58.0573 1528 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:02:58.0573 1528 cmdide - ok
14:02:58.0590 1528 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
14:02:58.0591 1528 Compbatt - ok
14:02:58.0594 1528 COMSysApp - ok
14:02:58.0609 1528 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:02:58.0610 1528 crcdisk - ok
14:02:58.0684 1528 CronService (63a7739ac9c1e38589b3edb1daeb9df5) C:\Prey\platform\windows\cronsvc.exe
14:02:58.0686 1528 CronService - ok
14:02:58.0728 1528 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:02:58.0729 1528 Crusoe - ok
14:02:58.0759 1528 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
14:02:58.0763 1528 CryptSvc - ok
14:02:58.0828 1528 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
14:02:58.0844 1528 DcomLaunch - ok
14:02:58.0859 1528 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
14:02:58.0876 1528 DfsC - ok
14:02:58.0960 1528 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
14:02:59.0070 1528 DFSR - ok
14:02:59.0254 1528 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
14:02:59.0303 1528 Dhcp - ok
14:02:59.0377 1528 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
14:02:59.0378 1528 disk - ok
14:02:59.0411 1528 Dnscache (f5a0f1da1ed8b429597e71d27d976e31) C:\Windows\System32\dnsrslvr.dll
14:02:59.0414 1528 Dnscache - ok
14:02:59.0485 1528 DockLoginService (13511564cac5a005255765e322c16967) C:\Program Files\Dell\DellDock\DockLogin.exe
14:02:59.0487 1528 DockLoginService - ok
14:02:59.0502 1528 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
14:02:59.0507 1528 dot3svc - ok
14:02:59.0525 1528 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:02:59.0529 1528 DPS - ok
14:02:59.0551 1528 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:02:59.0553 1528 drmkaud - ok
14:02:59.0654 1528 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:02:59.0655 1528 dtsoftbus01 - ok
14:02:59.0719 1528 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
14:02:59.0735 1528 DXGKrnl - ok
14:02:59.0777 1528 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
14:02:59.0779 1528 e1express - ok
14:02:59.0816 1528 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:02:59.0818 1528 E1G60 - ok
14:02:59.0844 1528 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:02:59.0846 1528 EapHost - ok
14:02:59.0873 1528 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
14:02:59.0876 1528 Ecache - ok
14:03:00.0241 1528 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:03:00.0245 1528 ehRecvr - ok
14:03:00.0262 1528 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:03:00.0265 1528 ehSched - ok
14:03:00.0278 1528 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:03:00.0280 1528 ehstart - ok
14:03:00.0315 1528 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:03:00.0318 1528 elxstor - ok
14:03:00.0380 1528 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
14:03:00.0399 1528 EMDMgmt - ok
14:03:00.0413 1528 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:03:00.0413 1528 ErrDev - ok
14:03:00.0479 1528 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
14:03:00.0490 1528 EventSystem - ok
14:03:00.0531 1528 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
14:03:00.0535 1528 exfat - ok
14:03:00.0568 1528 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
14:03:00.0584 1528 fastfat - ok
14:03:00.0600 1528 FastUserSwitchingCompatibility - ok
14:03:00.0620 1528 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:03:00.0621 1528 fdc - ok
14:03:00.0643 1528 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:03:00.0645 1528 fdPHost - ok
14:03:00.0656 1528 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:03:00.0659 1528 FDResPub - ok
14:03:00.0674 1528 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:03:00.0675 1528 FileInfo - ok
14:03:00.0685 1528 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:03:00.0687 1528 Filetrace - ok
14:03:00.0790 1528 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:03:00.0811 1528 FLEXnet Licensing Service - ok
14:03:00.0835 1528 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:03:00.0835 1528 flpydisk - ok
14:03:00.0849 1528 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
14:03:00.0853 1528 FltMgr - ok
14:03:00.0944 1528 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:03:00.0945 1528 FontCache3.0.0.0 - ok
14:03:01.0025 1528 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
14:03:01.0025 1528 fssfltr - ok
14:03:01.0228 1528 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
14:03:01.0245 1528 fsssvc - ok
14:03:01.0251 1528 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:03:01.0253 1528 Fs_Rec - ok
14:03:01.0271 1528 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:03:01.0272 1528 gagp30kx - ok
14:03:01.0351 1528 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
14:03:01.0351 1528 GEARAspiWDM - ok
14:03:01.0390 1528 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
14:03:01.0392 1528 GoToAssist - ok
14:03:01.0430 1528 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
14:03:01.0447 1528 gpsvc - ok
14:03:01.0577 1528 gupdate1c9ae90e15a7800 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:03:01.0581 1528 gupdate1c9ae90e15a7800 - ok
14:03:01.0609 1528 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:03:01.0610 1528 gupdatem - ok
14:03:01.0638 1528 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:03:01.0643 1528 HdAudAddService - ok
14:03:01.0653 1528 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:03:01.0656 1528 HDAudBus - ok
14:03:01.0665 1528 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:03:01.0666 1528 HidBth - ok
14:03:01.0682 1528 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:03:01.0683 1528 HidIr - ok
14:03:01.0697 1528 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
14:03:01.0700 1528 hidserv - ok
14:03:01.0715 1528 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
14:03:01.0716 1528 HidUsb - ok
14:03:01.0780 1528 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
14:03:01.0782 1528 HiPatchService - ok
14:03:01.0795 1528 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:03:01.0798 1528 hkmsvc - ok
14:03:01.0817 1528 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:03:01.0818 1528 HpCISSs - ok
14:03:01.0842 1528 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
14:03:01.0853 1528 HTTP - ok
14:03:01.0865 1528 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:03:01.0867 1528 i2omp - ok
14:03:01.0890 1528 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:03:01.0893 1528 i8042prt - ok
14:03:01.0933 1528 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
14:03:01.0935 1528 iaStor - ok
14:03:01.0979 1528 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:03:02.0001 1528 iaStorV - ok
14:03:02.0118 1528 Icam4USB (222f74130a2e3a2ed655226d97f03812) C:\Windows\system32\Drivers\Icam4USB.sys
14:03:02.0132 1528 Icam4USB - ok
14:03:02.0346 1528 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:03:02.0348 1528 IDriverT - ok
14:03:02.0466 1528 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:03:02.0487 1528 idsvc - ok
14:03:02.0508 1528 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:03:02.0509 1528 iirsp - ok
14:03:02.0543 1528 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
14:03:02.0555 1528 IKEEXT - ok
14:03:02.0656 1528 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
14:03:02.0670 1528 IntcAzAudAddService - ok
14:03:02.0739 1528 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
14:03:02.0739 1528 intelide - ok
14:03:02.0761 1528 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:03:02.0762 1528 intelppm - ok
14:03:02.0781 1528 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:03:02.0784 1528 IPBusEnum - ok
14:03:02.0803 1528 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:03:02.0805 1528 IpFilterDriver - ok
14:03:02.0832 1528 iphlpsvc (cad416b8a4309b5e1ce75425381e7d2f) C:\Windows\System32\iphlpsvc.dll
14:03:02.0845 1528 iphlpsvc - ok
14:03:02.0848 1528 IpInIp - ok
14:03:02.0863 1528 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:03:02.0864 1528 IPMIDRV - ok
14:03:02.0878 1528 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:03:02.0881 1528 IPNAT - ok
14:03:02.0949 1528 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
14:03:02.0955 1528 iPod Service - ok
14:03:02.0979 1528 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:03:02.0980 1528 IRENUM - ok
14:03:02.0985 1528 is3srv - ok
14:03:03.0023 1528 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:03:03.0024 1528 isapnp - ok
14:03:03.0061 1528 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
14:03:03.0101 1528 iScsiPrt - ok
14:03:03.0134 1528 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:03:03.0135 1528 iteatapi - ok
14:03:03.0178 1528 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:03:03.0178 1528 iteraid - ok
14:03:03.0215 1528 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:03:03.0222 1528 kbdclass - ok
14:03:03.0234 1528 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
14:03:03.0240 1528 kbdhid - ok
14:03:03.0263 1528 KeyIso (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
14:03:03.0268 1528 KeyIso - ok
14:03:03.0320 1528 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
14:03:03.0365 1528 KSecDD - ok
14:03:03.0432 1528 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:03:03.0446 1528 KtmRm - ok
14:03:03.0482 1528 LanmanServer (05ce901a4472b3fbf9407c94ad1db693) C:\Windows\System32\srvsvc.dll
14:03:03.0486 1528 LanmanServer - ok
14:03:03.0540 1528 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
14:03:03.0548 1528 LanmanWorkstation - ok
14:03:03.0579 1528 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:03:03.0582 1528 lltdio - ok
14:03:03.0620 1528 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:03:03.0626 1528 lltdsvc - ok
14:03:03.0638 1528 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:03:03.0640 1528 lmhosts - ok
14:03:03.0655 1528 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:03:03.0656 1528 LSI_FC - ok
14:03:03.0673 1528 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:03:03.0674 1528 LSI_SAS - ok
14:03:03.0701 1528 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:03:03.0702 1528 LSI_SCSI - ok
14:03:03.0713 1528 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:03:03.0716 1528 luafv - ok
14:03:03.0797 1528 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
14:03:03.0798 1528 MBAMProtector - ok
14:03:03.0893 1528 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:03:03.0897 1528 MBAMService - ok
14:03:03.0922 1528 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:03:03.0925 1528 Mcx2Svc - ok
14:03:03.0950 1528 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:03:03.0950 1528 megasas - ok
14:03:04.0055 1528 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:03:04.0057 1528 MegaSR - ok
14:03:04.0092 1528 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:03:04.0096 1528 MMCSS - ok
14:03:04.0126 1528 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:03:04.0152 1528 Modem - ok
14:03:04.0193 1528 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:03:04.0209 1528 monitor - ok
14:03:04.0234 1528 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:03:04.0238 1528 mouclass - ok
14:03:04.0274 1528 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:03:04.0276 1528 mouhid - ok
14:03:04.0285 1528 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:03:04.0286 1528 MountMgr - ok
14:03:04.0355 1528 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:03:04.0356 1528 MozillaMaintenance - ok
14:03:04.0377 1528 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:03:04.0378 1528 mpio - ok
14:03:04.0392 1528 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:03:04.0395 1528 mpsdrv - ok
14:03:04.0416 1528 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
14:03:04.0429 1528 MpsSvc - ok
14:03:04.0447 1528 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:03:04.0448 1528 Mraid35x - ok
14:03:04.0460 1528 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
14:03:04.0462 1528 MRxDAV - ok
14:03:04.0484 1528 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:03:04.0487 1528 mrxsmb - ok
14:03:04.0542 1528 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:03:04.0548 1528 mrxsmb10 - ok
14:03:04.0563 1528 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:03:04.0566 1528 mrxsmb20 - ok
14:03:04.0580 1528 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
14:03:04.0581 1528 msahci - ok
14:03:04.0671 1528 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
14:03:04.0672 1528 MSCamSvc - ok
14:03:04.0693 1528 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:03:04.0693 1528 msdsm - ok
14:03:04.0721 1528 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:03:04.0725 1528 MSDTC - ok
14:03:04.0740 1528 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:03:04.0742 1528 Msfs - ok
14:03:04.0763 1528 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:03:04.0765 1528 msisadrv - ok
14:03:04.0781 1528 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:03:04.0785 1528 MSiSCSI - ok
14:03:04.0788 1528 MSIServer - ok
14:03:04.0808 1528 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:03:04.0810 1528 MSKSSRV - ok
14:03:04.0832 1528 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:03:04.0834 1528 MSPCLOCK - ok
14:03:04.0854 1528 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:03:04.0856 1528 MSPQM - ok
14:03:04.0881 1528 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
14:03:04.0885 1528 MsRPC - ok
14:03:04.0903 1528 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:03:04.0906 1528 mssmbios - ok
14:03:04.0924 1528 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:03:04.0926 1528 MSTEE - ok
14:03:04.0940 1528 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
14:03:04.0942 1528 Mup - ok
14:03:05.0007 1528 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
14:03:05.0036 1528 napagent - ok
14:03:05.0130 1528 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
14:03:05.0146 1528 NativeWifiP - ok
14:03:05.0184 1528 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
14:03:05.0210 1528 NDIS - ok
14:03:05.0282 1528 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:03:05.0283 1528 NdisTapi - ok
14:03:05.0341 1528 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:03:05.0342 1528 Ndisuio - ok
14:03:05.0386 1528 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
14:03:05.0389 1528 NdisWan - ok
14:03:05.0402 1528 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:03:05.0404 1528 NDProxy - ok
14:03:05.0419 1528 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:03:05.0421 1528 NetBIOS - ok
14:03:05.0433 1528 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
14:03:05.0437 1528 netbt - ok
14:03:05.0449 1528 Netlogon (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
14:03:05.0451 1528 Netlogon - ok
14:03:05.0482 1528 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:03:05.0495 1528 Netman - ok
14:03:05.0608 1528 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:03:05.0611 1528 NetMsmqActivator - ok
14:03:05.0615 1528 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:03:05.0616 1528 NetPipeActivator - ok
14:03:05.0641 1528 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:03:05.0647 1528 netprofm - ok
14:03:05.0653 1528 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:03:05.0654 1528 NetTcpActivator - ok
14:03:05.0679 1528 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:03:05.0680 1528 NetTcpPortSharing - ok
14:03:05.0709 1528 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:03:05.0710 1528 nfrd960 - ok
14:03:05.0735 1528 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:03:05.0740 1528 NlaSvc - ok
14:03:05.0750 1528 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
14:03:05.0752 1528 Npfs - ok
14:03:05.0762 1528 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:03:05.0765 1528 nsi - ok
14:03:05.0777 1528 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:03:05.0780 1528 nsiproxy - ok
14:03:05.0823 1528 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
14:03:05.0849 1528 Ntfs - ok
14:03:05.0870 1528 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:03:05.0871 1528 ntrigdigi - ok
14:03:05.0896 1528 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:03:05.0898 1528 Null - ok
14:03:05.0919 1528 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:03:05.0920 1528 nvraid - ok
14:03:05.0950 1528 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:03:05.0951 1528 nvstor - ok
14:03:06.0005 1528 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:03:06.0007 1528 nv_agp - ok
14:03:06.0109 1528 NWADI (0973c0c696780161f4526586d5eac422) C:\Windows\system32\DRIVERS\NWADIenum.sys
14:03:06.0111 1528 NWADI - ok
14:03:06.0114 1528 NwlnkFlt - ok
14:03:06.0120 1528 NwlnkFwd - ok
14:03:06.0188 1528 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\Windows\system32\DRIVERS\NwUsbCdFil.sys
14:03:06.0189 1528 NWUSBCDFIL - ok
14:03:06.0286 1528 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\Windows\system32\DRIVERS\nwusbmdm.sys
14:03:06.0287 1528 NWUSBModem - ok
14:03:06.0360 1528 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\Windows\system32\DRIVERS\nwusbser.sys
14:03:06.0362 1528 NWUSBPort - ok
14:03:06.0416 1528 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\Windows\system32\DRIVERS\nwusbser2.sys
14:03:06.0417 1528 NWUSBPort2 - ok
14:03:06.0450 1528 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:03:06.0451 1528 ohci1394 - ok
14:03:06.0560 1528 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:03:06.0564 1528 ose - ok
14:03:06.0809 1528 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:03:06.0843 1528 osppsvc - ok
14:03:06.0946 1528 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
14:03:06.0963 1528 p2pimsvc - ok
14:03:06.0971 1528 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
14:03:06.0977 1528 p2psvc - ok
14:03:07.0047 1528 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:03:07.0048 1528 Parport - ok
14:03:07.0081 1528 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
14:03:07.0083 1528 partmgr - ok
14:03:07.0109 1528 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:03:07.0110 1528 Parvdm - ok
14:03:07.0140 1528 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:03:07.0145 1528 PcaSvc - ok
14:03:07.0161 1528 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
14:03:07.0186 1528 pci - ok
14:03:07.0257 1528 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
14:03:07.0258 1528 pciide - ok
14:03:07.0292 1528 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:03:07.0293 1528 pcmcia - ok
14:03:07.0379 1528 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:03:07.0404 1528 PEAUTH - ok
14:03:07.0479 1528 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:03:07.0516 1528 pla - ok
14:03:07.0591 1528 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
14:03:07.0596 1528 PlugPlay - ok
14:03:07.0625 1528 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\Windows\system32\PnkBstrA.exe
14:03:07.0628 1528 PnkBstrA - ok
14:03:07.0702 1528 PnkBstrB (27f1be4a53441c9f1f48b9adc145b0a5) C:\Windows\system32\PnkBstrB.exe
14:03:07.0705 1528 PnkBstrB - ok
14:03:07.0739 1528 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
14:03:07.0745 1528 PNRPAutoReg - ok
14:03:07.0753 1528 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
14:03:07.0758 1528 PNRPsvc - ok
14:03:07.0811 1528 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
14:03:07.0822 1528 PolicyAgent - ok
14:03:07.0864 1528 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:03:07.0867 1528 PptpMiniport - ok
14:03:07.0883 1528 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:03:07.0883 1528 Processor - ok
14:03:07.0901 1528 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
14:03:07.0907 1528 ProfSvc - ok
14:03:07.0927 1528 ProtectedStorage (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
14:03:07.0929 1528 ProtectedStorage - ok
14:03:07.0985 1528 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
14:03:07.0986 1528 PSched - ok
14:03:08.0083 1528 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
14:03:08.0084 1528 PxHelp20 - ok
14:03:08.0154 1528 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:03:08.0162 1528 ql2300 - ok
14:03:08.0220 1528 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:03:08.0220 1528 ql40xx - ok
14:03:08.0292 1528 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:03:08.0307 1528 QWAVE - ok
14:03:08.0324 1528 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:03:08.0325 1528 QWAVEdrv - ok
14:03:08.0606 1528 R300 (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys
14:03:08.0653 1528 R300 - ok
14:03:08.0744 1528 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:03:08.0745 1528 RasAcd - ok
14:03:08.0755 1528 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:03:08.0759 1528 RasAuto - ok
14:03:08.0768 1528 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:03:08.0770 1528 Rasl2tp - ok
14:03:08.0788 1528 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
14:03:08.0800 1528 RasMan - ok
14:03:08.0817 1528 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
14:03:08.0820 1528 RasPppoe - ok
14:03:08.0835 1528 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
14:03:08.0838 1528 RasSstp - ok
14:03:08.0857 1528 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
14:03:08.0868 1528 rdbss - ok
14:03:08.0882 1528 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:03:08.0885 1528 RDPCDD - ok
14:03:08.0922 1528 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:03:08.0924 1528 rdpdr - ok
14:03:08.0942 1528 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:03:08.0944 1528 RDPENCDD - ok
14:03:08.0983 1528 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
14:03:09.0000 1528 RDPWD - ok
14:03:09.0036 1528 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:03:09.0063 1528 RemoteAccess - ok
14:03:09.0092 1528 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
14:03:09.0097 1528 RemoteRegistry - ok
14:03:09.0160 1528 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:03:09.0201 1528 RpcLocator - ok
14:03:09.0281 1528 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\System32\rpcss.dll
14:03:09.0297 1528 RpcSs - ok
14:03:09.0313 1528 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:03:09.0316 1528 rspndr - ok
14:03:09.0326 1528 SamSs (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
14:03:09.0328 1528 SamSs - ok
14:03:09.0350 1528 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:03:09.0351 1528 sbp2port - ok
14:03:09.0373 1528 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
14:03:09.0377 1528 SCardSvr - ok
14:03:09.0424 1528 Schedule (1d5e99db3c10f4fa034010dc49043ca4) C:\Windows\system32\schedsvc.dll
14:03:09.0444 1528 Schedule - ok
14:03:09.0473 1528 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
14:03:09.0475 1528 SCPolicySvc - ok
14:03:09.0487 1528 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:03:09.0491 1528 SDRSVC - ok
14:03:09.0714 1528 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:03:09.0716 1528 SeaPort - ok
14:03:09.0730 1528 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:03:09.0732 1528 secdrv - ok
14:03:09.0744 1528 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:03:09.0747 1528 seclogon - ok
14:03:09.0764 1528 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
14:03:09.0767 1528 SENS - ok
14:03:09.0779 1528 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:03:09.0780 1528 Serenum - ok
14:03:09.0795 1528 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:03:09.0796 1528 Serial - ok
14:03:09.0817 1528 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:03:09.0818 1528 sermouse - ok
14:03:09.0847 1528 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:03:09.0851 1528 SessionEnv - ok
14:03:09.0868 1528 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:03:09.0869 1528 sffdisk - ok
14:03:09.0884 1528 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:03:09.0885 1528 sffp_mmc - ok
14:03:09.0902 1528 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:03:09.0902 1528 sffp_sd - ok
14:03:09.0914 1528 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:03:09.0914 1528 sfloppy - ok
14:03:09.0939 1528 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:03:09.0952 1528 SharedAccess - ok
14:03:10.0008 1528 ShellHWDetection (27f10f348e508243f6254846f8370d0d) C:\Windows\System32\shsvcs.dll
14:03:10.0015 1528 ShellHWDetection - ok
14:03:10.0041 1528 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:03:10.0042 1528 sisagp - ok
14:03:10.0080 1528 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:03:10.0081 1528 SiSRaid2 - ok
14:03:10.0095 1528 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:03:10.0095 1528 SiSRaid4 - ok
14:03:10.0184 1528 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
14:03:10.0229 1528 slsvc - ok
14:03:10.0300 1528 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
14:03:10.0304 1528 SLUINotify - ok
14:03:10.0326 1528 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
14:03:10.0329 1528 Smb - ok
14:03:10.0345 1528 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:03:10.0348 1528 SNMPTRAP - ok
14:03:10.0362 1528 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:03:10.0364 1528 spldr - ok
14:03:10.0376 1528 Spooler (846cdf9a3cf4da9b306adfb7d55ee4c2) C:\Windows\System32\spoolsv.exe
14:03:10.0379 1528 Spooler - ok
14:03:10.0594 1528 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
14:03:10.0609 1528 srv - ok
14:03:10.0628 1528 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
14:03:10.0631 1528 srv2 - ok
14:03:10.0646 1528 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
14:03:10.0649 1528 srvnet - ok
14:03:10.0663 1528 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:03:10.0668 1528 SSDPSRV - ok
14:03:10.0696 1528 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:03:10.0701 1528 SstpSvc - ok
14:03:10.0742 1528 Steam Client Service - ok
14:03:10.0766 1528 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
14:03:10.0766 1528 StillCam - ok
14:03:10.0809 1528 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
14:03:10.0828 1528 stisvc - ok
14:03:10.0851 1528 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:03:10.0853 1528 stllssvr - ok
14:03:10.0858 1528 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:03:10.0859 1528 swenum - ok
14:03:11.0035 1528 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:03:11.0042 1528 SwitchBoard - ok
14:03:11.0080 1528 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
14:03:11.0161 1528 swprv - ok
14:03:11.0189 1528 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:03:11.0190 1528 Symc8xx - ok
14:03:11.0216 1528 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:03:11.0217 1528 Sym_hi - ok
14:03:11.0231 1528 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:03:11.0231 1528 Sym_u3 - ok
14:03:11.0269 1528 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
14:03:11.0283 1528 SysMain - ok
14:03:11.0287 1528 szkg5 - ok
14:03:11.0292 1528 szkgfs - ok
14:03:11.0310 1528 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:03:11.0315 1528 TabletInputService - ok
14:03:11.0435 1528 TabletServicePen (dad1a4d96291139c0f834b138320e475) C:\Windows\system32\Pen_Tablet.exe
14:03:11.0446 1528 TabletServicePen - ok
14:03:11.0476 1528 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
14:03:11.0484 1528 TapiSrv - ok
14:03:11.0500 1528 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:03:11.0504 1528 TBS - ok
14:03:11.0585 1528 Tcpip (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys
14:03:11.0604 1528 Tcpip - ok
14:03:11.0617 1528 Tcpip6 (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys
14:03:11.0623 1528 Tcpip6 - ok
14:03:11.0652 1528 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
14:03:11.0654 1528 tcpipreg - ok
14:03:11.0672 1528 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:03:11.0674 1528 TDPIPE - ok
14:03:11.0687 1528 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:03:11.0690 1528 TDTCP - ok
14:03:11.0703 1528 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
14:03:11.0706 1528 tdx - ok
14:03:11.0720 1528 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
14:03:11.0723 1528 TermDD - ok
14:03:11.0748 1528 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
14:03:11.0767 1528 TermService - ok
14:03:11.0788 1528 Themes (27f10f348e508243f6254846f8370d0d) C:\Windows\system32\shsvcs.dll
14:03:11.0791 1528 Themes - ok
14:03:11.0813 1528 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:03:11.0815 1528 THREADORDER - ok
14:03:11.0829 1528 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:03:11.0834 1528 TrkWks - ok
14:03:11.0909 1528 truecrypt (6ec1d6ed5471c99ffc38abe498a6df08) C:\Windows\system32\drivers\truecrypt.sys
14:03:11.0911 1528 truecrypt - ok
14:03:11.0942 1528 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
14:03:11.0944 1528 TrustedInstaller - ok
14:03:11.0974 1528 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:03:12.0012 1528 tssecsrv - ok
14:03:12.0045 1528 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:03:12.0051 1528 tunmp - ok
14:03:12.0064 1528 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
14:03:12.0068 1528 tunnel - ok
14:03:12.0092 1528 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:03:12.0093 1528 uagp35 - ok
14:03:12.0148 1528 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
14:03:12.0195 1528 udfs - ok
14:03:12.0225 1528 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:03:12.0228 1528 UI0Detect - ok
14:03:12.0253 1528 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:03:12.0254 1528 uliagpkx - ok
14:03:12.0278 1528 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:03:12.0280 1528 uliahci - ok
14:03:12.0297 1528 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:03:12.0298 1528 UlSata - ok
14:03:12.0321 1528 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:03:12.0322 1528 ulsata2 - ok
14:03:12.0346 1528 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:03:12.0348 1528 umbus - ok
14:03:12.0369 1528 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:03:12.0382 1528 upnphost - ok
14:03:12.0435 1528 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:03:12.0436 1528 USBAAPL - ok
14:03:12.0480 1528 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
14:03:12.0483 1528 usbaudio - ok
14:03:12.0505 1528 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:03:12.0508 1528 usbccgp - ok
14:03:12.0525 1528 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:03:12.0526 1528 usbcir - ok
14:03:12.0539 1528 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
14:03:12.0542 1528 usbehci - ok
14:03:12.0572 1528 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
14:03:12.0582 1528 usbhub - ok
14:03:12.0600 1528 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:03:12.0601 1528 usbohci - ok
14:03:12.0614 1528 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
14:03:12.0615 1528 usbprint - ok
14:03:12.0659 1528 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:03:12.0660 1528 usbscan - ok
14:03:12.0681 1528 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:03:12.0684 1528 USBSTOR - ok
14:03:12.0694 1528 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:03:12.0696 1528 usbuhci - ok
14:03:12.0735 1528 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys
14:03:12.0737 1528 usb_rndisx - ok
14:03:12.0760 1528 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
14:03:12.0764 1528 UxSms - ok
14:03:12.0803 1528 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
14:03:12.0804 1528 VClone - ok
14:03:12.0831 1528 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
14:03:12.0842 1528 vds - ok
14:03:12.0866 1528 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:03:12.0867 1528 vga - ok
14:03:12.0880 1528 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:03:12.0882 1528 VgaSave - ok
14:03:12.0898 1528 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:03:12.0899 1528 viaagp - ok
14:03:12.0924 1528 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:03:12.0924 1528 ViaC7 - ok
14:03:12.0943 1528 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:03:12.0944 1528 viaide - ok
14:03:12.0981 1528 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:03:12.0996 1528 volmgr - ok
14:03:13.0021 1528 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
14:03:13.0067 1528 volmgrx - ok
14:03:13.0094 1528 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
14:03:13.0108 1528 volsnap - ok
14:03:13.0150 1528 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:03:13.0152 1528 vsmraid - ok
14:03:13.0216 1528 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
14:03:13.0242 1528 VSS - ok
14:03:13.0355 1528 VX1000 (d22c6b9c2f840d403fd387ad207a4b16) C:\Windows\system32\DRIVERS\VX1000.sys
14:03:13.0370 1528 VX1000 - ok
14:03:13.0481 1528 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
14:03:13.0528 1528 W32Time - ok
14:03:13.0602 1528 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
14:03:13.0602 1528 wacommousefilter - ok
14:03:13.0619 1528 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:03:13.0619 1528 WacomPen - ok
14:03:13.0638 1528 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\Windows\system32\DRIVERS\wacomvhid.sys
14:03:13.0639 1528 wacomvhid - ok
14:03:13.0653 1528 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\Windows\system32\DRIVERS\WacomVKHid.sys
14:03:13.0654 1528 WacomVKHid - ok
14:03:13.0673 1528 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:03:13.0676 1528 Wanarp - ok
14:03:13.0679 1528 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:03:13.0680 1528 Wanarpv6 - ok
14:03:13.0705 1528 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
14:03:13.0724 1528 wcncsvc - ok
14:03:13.0735 1528 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:03:13.0738 1528 WcsPlugInService - ok
14:03:13.0752 1528 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:03:13.0753 1528 Wd - ok
14:03:13.0811 1528 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:03:13.0826 1528 Wdf01000 - ok
14:03:13.0844 1528 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:03:13.0848 1528 WdiServiceHost - ok
14:03:13.0854 1528 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:03:13.0858 1528 WdiSystemHost - ok
14:03:13.0879 1528 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
14:03:13.0899 1528 WebClient - ok
14:03:13.0925 1528 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
14:03:13.0931 1528 Wecsvc - ok
14:03:13.0958 1528 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:03:14.0015 1528 wercplsupport - ok
14:03:14.0083 1528 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
14:03:14.0121 1528 WerSvc - ok
14:03:14.0302 1528 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:03:14.0342 1528 WinDefend - ok
14:03:14.0351 1528 WinHttpAutoProxySvc - ok
14:03:14.0417 1528 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
14:03:14.0421 1528 Winmgmt - ok
14:03:14.0461 1528 WinRM (20fc93fdc916843cfdfcaa7a1b0db16f) C:\Windows\system32\WsmSvc.dll
14:03:14.0485 1528 WinRM - ok
14:03:14.0541 1528 Wlansvc (4b40ff01db5357299dcbdb5a5746ad21) C:\Windows\System32\wlansvc.dll
14:03:14.0562 1528 Wlansvc - ok
14:03:14.0608 1528 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
14:03:14.0608 1528 WmiAcpi - ok
14:03:14.0652 1528 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
14:03:14.0656 1528 wmiApSrv - ok
14:03:14.0822 1528 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:03:14.0843 1528 WMPNetworkSvc - ok
14:03:14.0861 1528 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
14:03:14.0866 1528 WPCSvc - ok
14:03:14.0886 1528 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
14:03:14.0891 1528 WPDBusEnum - ok
14:03:14.0996 1528 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
14:03:15.0017 1528 WpdUsb - ok
14:03:15.0241 1528 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:03:15.0313 1528 WPFFontCache_v0400 - ok
14:03:15.0337 1528 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:03:15.0339 1528 ws2ifsl - ok
14:03:15.0357 1528 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
14:03:15.0361 1528 wscsvc - ok
14:03:15.0364 1528 WSearch - ok
14:03:15.0466 1528 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
14:03:15.0501 1528 wuauserv - ok
14:03:15.0692 1528 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:03:15.0695 1528 WUDFRd - ok
14:03:15.0758 1528 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:03:15.0762 1528 wudfsvc - ok
14:03:16.0135 1528 ZuneNetworkSvc (f45ede31290119600d88c6776253f5f7) C:\Program Files\Zune\ZuneNss.exe
14:03:16.0176 1528 ZuneNetworkSvc - ok
14:03:16.0235 1528 ZuneWlanCfgSvc (79118fdc6e632d365b6aeaf8f287bde4) C:\Windows\system32\ZuneWlanCfgSvc.exe
14:03:16.0250 1528 ZuneWlanCfgSvc - ok
14:03:16.0282 1528 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:03:16.0436 1528 \Device\Harddisk0\DR0 - ok
14:03:16.0454 1528 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
14:03:16.0726 1528 \Device\Harddisk1\DR1 - ok
14:03:16.0747 1528 Boot (0x1200) (15779f9f0f430c264a28add67d6f7c02) \Device\Harddisk0\DR0\Partition0
14:03:16.0749 1528 \Device\Harddisk0\DR0\Partition0 - ok
14:03:16.0764 1528 Boot (0x1200) (f765074d4cab1dc90babf8875fa808a0) \Device\Harddisk0\DR0\Partition1
14:03:16.0767 1528 \Device\Harddisk0\DR0\Partition1 - ok
14:03:16.0773 1528 Boot (0x1200) (fa79ff7170b0a27d24c8d05d4439b17b) \Device\Harddisk1\DR1\Partition0
14:03:16.0776 1528 \Device\Harddisk1\DR1\Partition0 - ok
14:03:16.0777 1528 ============================================================
14:03:16.0777 1528 Scan finished
14:03:16.0777 1528 ============================================================
14:03:16.0795 7668 Detected object count: 0
14:03:16.0795 7668 Actual detected object count: 0

Edited by d0onut, 30 May 2012 - 10:49 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 AM

Posted 31 May 2012 - 01:36 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 AM

Posted 31 May 2012 - 01:40 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 d0onut

d0onut
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 01 June 2012 - 04:20 AM

Checkup.txt:
Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 1 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner (remove only)
Java DB 10.2.2.0
Java™ 6 Update 20
Java™ 7 Update 1
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Development Kit 6 Update 3
Java™ SE Development Kit 7
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (12.0)
Google Chrome 12.0.742.112
Google Chrome 12.0.742.122
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#5 d0onut

d0onut
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 01 June 2012 - 06:08 AM

As far as I can tell google isn't redirecting me, but that didn't happen all the time so I'll post again if it continues to happen. The audio ads have disappeared and Combofix didn't give me any problems. I've got one question though; Qoobox is the Combofix developer right? My MWAM is detecting some svchost.exe from that folder in my C drive as malware, but I don't think I have to worry about that. Can I just ignore that?

Thank you for all your help!

Combofix log:

ComboFix 12-06-01.01 - Arik 06/01/2012 3:23.4.4 - x86
Running from: c:\users\Arik\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
.
-- Previous Run --
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
.
c:\windows\system32\winlogon.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
.
c:\windows\system32\winlogon.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
.
--------
.
c:\windows\system32\winlogon.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
.
c:\windows\system32\svchost.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy6_!Windows!SoftwareDistribution!Download!cd2b15b1a90e884578188440a1660b12!x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b!explorer.exe
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy21_!Windows!SoftwareDistribution!Download!cd2b15b1a90e884578188440a1660b12!x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741!winlogon.exe
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy6_!Windows!SoftwareDistribution!Download!cd2b15b1a90e884578188440a1660b12!x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b!explorer.exe
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-06-01 10:53 . 2012-06-01 10:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-06-01 10:53 . 2012-06-01 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-01 10:53 . 2012-06-01 10:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-30 19:50 . 2012-06-01 10:55 -------- d-----w- c:\users\Arik\AppData\Local\temp
2012-05-25 23:27 . 2012-05-25 23:27 -------- d-----w- c:\users\Arik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-05-25 23:27 . 2012-05-25 23:27 -------- d-----w- c:\users\Arik\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-05-23 00:39 . 2012-05-23 00:39 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-05-23 00:15 . 2012-05-23 00:15 -------- d-----w- c:\program files\HitmanPro
2012-05-23 00:14 . 2012-05-23 00:39 -------- d-----w- c:\programdata\HitmanPro
2012-05-21 20:06 . 2012-05-21 20:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-19 23:23 . 2012-05-19 23:23 -------- d-----w- c:\users\Arik\AppData\Local\Runic Games
2012-05-19 23:23 . 2012-05-19 23:23 -------- d-----w- c:\users\Public\Games
2012-05-15 03:35 . 2012-06-01 07:12 -------- d-s---w- c:\users\Arik\Google Drive
2012-05-09 08:02 . 2012-05-09 08:02 -------- d-----w- c:\users\Arik\jagexcache1
2012-05-07 04:25 . 2012-05-20 00:01 -------- d-----w- c:\users\Arik\AppData\Roaming\Foxit Software
2012-05-07 04:24 . 2012-05-07 04:24 -------- d-----w- c:\program files\Foxit Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-01 10:52 . 2011-06-11 00:04 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-04-04 22:56 . 2011-07-27 01:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-28 19:02 . 2011-09-28 19:02 70920 ----a-w- c:\program files\libsasl.dll
2011-09-28 19:02 . 2011-09-28 19:02 62448 ----a-w- c:\program files\zlib1.dll
2011-09-28 19:02 . 2011-09-28 19:02 485888 ----a-w- c:\program files\voxed.exe
2011-09-28 19:02 . 2011-09-28 19:02 200192 ----a-w- c:\program files\ssleay32.dll
2011-09-28 19:02 . 2011-09-28 19:02 1016832 ----a-w- c:\program files\libeay32.dll
2010-03-18 17:15 . 2010-03-18 17:15 770384 ----a-w- c:\program files\msvcr100.dll
2010-03-18 17:15 . 2010-03-18 17:15 1498960 ----a-w- c:\program files\msvcr100d.dll
2012-04-26 07:51 . 2011-11-10 18:16 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\windows\vVX1000 .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Arik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Arik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Arik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Arik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-03 01:31 579072 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-03 01:31 579072 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-05-03 01:31 579072 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-03 01:31 579072 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Aim6"="" [N/A]
"AdobeBridge"="" [N/A]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-05-03 11396840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Arik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Client Default.lnk - c:\program files\Samurize\Client.exe [2007-4-7 2010624]
Dropbox.lnk - c:\users\Arik\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
flux - Shortcut.lnk - c:\users\Arik\AppData\Local\Apps\F.lux\flux .exe [2009-8-28 966656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-26 14:47 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 08:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
c:\users\Arik\AppData\Local\Facebook\Update\FacebookUpdate.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
c:\users\Arik\AppData\Local\Google\Update\GoogleUpdate.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 22:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 15:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 22:27 762736 ----a-w- c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallpaperChanger]
2005-11-08 20:13 321536 ----a-w- c:\program files\Wallpaper Master\Wallpaper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2009-09-04 21:16 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
R3 40976409;40976409; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
termsvc REG_MULTI_SZ TermServices
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 04:02]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 04:02]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\Arik\AppData\Roaming\Mozilla\Firefox\Profiles\19o0lx5c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,05,c3,78,f4,94,de,4b,b9,f7,bc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,05,c3,78,f4,94,de,4b,b9,f7,bc,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5264)
c:\users\Arik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\atieclxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\windows\system32\conime.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\Pen_Tablet.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\Pen_Tablet.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-06-01 04:02:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-01 11:02
ComboFix2.txt 2012-05-30 19:50
.
Pre-Run: 61,464,821,760 bytes free
Post-Run: 61,158,285,312 bytes free
.
- - End Of File - - 845F47612403F75642401DCF70162F30

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 AM

Posted 02 June 2012 - 05:45 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
explorer.exe
svchost.exe
winlogon.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 d0onut

d0onut
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 03 June 2012 - 06:35 AM

Just wanted to thank you again for your help :) You're great at what you do.

SystemLook 30.07.11 by jpshortstuff
Log created at 04:28 on 03/06/2012 by Arik
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\Windows\explorer.exe --a---- 2926592 bytes [00:53 11/12/2008] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253
C:\Windows\ERDNT\cache\explorer.exe --a---- 2926592 bytes [11:01 01/06/2012] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253
C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe --a---- 2926592 bytes [00:48 01/08/2009] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe --a---- 2923520 bytes [00:53 11/12/2008] [06:20 29/10/2008] 37440D09DEAE0B672A04DCCF7ABF06BE
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe --a---- 2923520 bytes [00:53 11/12/2008] [02:15 28/10/2008] E7156B0B74762D9DE0E66BDCDE06E5FB
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe --a---- 2927104 bytes [02:24 21/01/2008] [02:24 21/01/2008] FFA764631CB70A30065C12EF8E174F9F
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe --a---- 2927104 bytes [00:53 11/12/2008] [06:29 29/10/2008] 4F554999D7D5F05DAAEBBA7B5BA1089D
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe --a---- 2927616 bytes [00:53 11/12/2008] [03:59 30/10/2008] 50BA5850147410CDE89C523AD3BC606E

Searching for "svchost.exe"
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe --a---- 199240 bytes [23:37 02/02/2012] [22:56 04/04/2012] 097D0E812D7A9A3101CE46CB2BE0474D
C:\Windows\ERDNT\cache\svchost.exe --a---- 21504 bytes [11:01 01/06/2012] [02:23 21/01/2008] 3794B461C45882E06856F282EEF025AF
C:\Windows\System32\svchost.exe --a---- 21504 bytes [02:23 21/01/2008] [02:23 21/01/2008] 3794B461C45882E06856F282EEF025AF
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe --a---- 21504 bytes [02:23 21/01/2008] [02:23 21/01/2008] 3794B461C45882E06856F282EEF025AF

Searching for "winlogon.exe"
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe --a---- 199240 bytes [23:37 02/02/2012] [22:56 04/04/2012] 097D0E812D7A9A3101CE46CB2BE0474D
C:\Windows\ERDNT\cache\winlogon.exe --a---- 314368 bytes [11:01 01/06/2012] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452
C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe --a---- 314368 bytes [00:47 01/08/2009] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452
C:\Windows\System32\winlogon.exe --a---- 314368 bytes [02:24 21/01/2008] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe --a---- 314880 bytes [02:24 21/01/2008] [02:24 21/01/2008] C2610B6BDBEFC053BBDAB4F1B965CB24

-= EOF =-

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 AM

Posted 04 June 2012 - 09:28 PM

Greetings

Those look good.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 d0onut

d0onut
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 05 June 2012 - 11:40 PM

No problems here! Here's the log.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-05 20:36:29
-----------------------------
20:36:29.123 OS Version: Windows 6.0.6001 Service Pack 1
20:36:29.123 Number of processors: 4 586 0x1707
20:36:29.125 ComputerName: ARIK-PC UserName: Arik
20:36:57.687 Initialize success
20:48:20.416 AVAST engine defs: 12060501
21:02:50.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:02:50.952 Disk 0 Vendor: ST3500620AS DE12 Size: 476940MB BusType: 3
21:02:50.954 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
21:02:50.956 Disk 1 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
21:02:50.966 Disk 0 MBR read successfully
21:02:50.968 Disk 0 MBR scan
21:02:50.972 Disk 0 Windows XP default MBR code
21:02:50.975 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
21:02:50.989 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 129024
21:02:51.006 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466636 MB offset 21100544
21:02:51.013 Disk 0 scanning sectors +976771072
21:02:51.092 Disk 0 scanning C:\Windows\system32\drivers
21:03:03.221 Service scanning
21:03:24.539 Modules scanning
21:03:28.184 Disk 0 trace - called modules:
21:03:28.210 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
21:03:28.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b6a1b0]
21:03:28.220 3 CLASSPNP.SYS[8b1a6745] -> nt!IofCallDriver -> [0x84f3b918]
21:03:28.224 5 acpi.sys[806936a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x859698a8]
21:03:31.115 AVAST engine scan C:\Windows
21:03:36.481 AVAST engine scan C:\Windows\system32
21:07:36.133 AVAST engine scan C:\Windows\system32\drivers
21:07:58.884 AVAST engine scan C:\Users\Arik
21:40:00.064 Disk 0 MBR has been saved successfully to "C:\Users\Arik\Desktop\MBR.dat"
21:40:00.074 The log file has been saved successfully to "C:\Users\Arik\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 AM

Posted 05 June 2012 - 11:45 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 d0onut

d0onut
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 06 June 2012 - 12:08 AM

Sorry, I posted the aswMBR prematurely. Here is the whole thing.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-05 20:36:29
-----------------------------
20:36:29.123 OS Version: Windows 6.0.6001 Service Pack 1
20:36:29.123 Number of processors: 4 586 0x1707
20:36:29.125 ComputerName: ARIK-PC UserName: Arik
20:36:57.687 Initialize success
20:48:20.416 AVAST engine defs: 12060501
21:02:50.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:02:50.952 Disk 0 Vendor: ST3500620AS DE12 Size: 476940MB BusType: 3
21:02:50.954 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
21:02:50.956 Disk 1 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
21:02:50.966 Disk 0 MBR read successfully
21:02:50.968 Disk 0 MBR scan
21:02:50.972 Disk 0 Windows XP default MBR code
21:02:50.975 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
21:02:50.989 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 129024
21:02:51.006 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466636 MB offset 21100544
21:02:51.013 Disk 0 scanning sectors +976771072
21:02:51.092 Disk 0 scanning C:\Windows\system32\drivers
21:03:03.221 Service scanning
21:03:24.539 Modules scanning
21:03:28.184 Disk 0 trace - called modules:
21:03:28.210 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
21:03:28.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b6a1b0]
21:03:28.220 3 CLASSPNP.SYS[8b1a6745] -> nt!IofCallDriver -> [0x84f3b918]
21:03:28.224 5 acpi.sys[806936a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x859698a8]
21:03:31.115 AVAST engine scan C:\Windows
21:03:36.481 AVAST engine scan C:\Windows\system32
21:07:36.133 AVAST engine scan C:\Windows\system32\drivers
21:07:58.884 AVAST engine scan C:\Users\Arik
21:40:00.064 Disk 0 MBR has been saved successfully to "C:\Users\Arik\Desktop\MBR.dat"
21:40:00.074 The log file has been saved successfully to "C:\Users\Arik\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-05 20:36:29
-----------------------------
20:36:29.123 OS Version: Windows 6.0.6001 Service Pack 1
20:36:29.123 Number of processors: 4 586 0x1707
20:36:29.125 ComputerName: ARIK-PC UserName: Arik
20:36:57.687 Initialize success
20:48:20.416 AVAST engine defs: 12060501
21:02:50.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:02:50.952 Disk 0 Vendor: ST3500620AS DE12 Size: 476940MB BusType: 3
21:02:50.954 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
21:02:50.956 Disk 1 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
21:02:50.966 Disk 0 MBR read successfully
21:02:50.968 Disk 0 MBR scan
21:02:50.972 Disk 0 Windows XP default MBR code
21:02:50.975 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
21:02:50.989 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 129024
21:02:51.006 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466636 MB offset 21100544
21:02:51.013 Disk 0 scanning sectors +976771072
21:02:51.092 Disk 0 scanning C:\Windows\system32\drivers
21:03:03.221 Service scanning
21:03:24.539 Modules scanning
21:03:28.184 Disk 0 trace - called modules:
21:03:28.210 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
21:03:28.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b6a1b0]
21:03:28.220 3 CLASSPNP.SYS[8b1a6745] -> nt!IofCallDriver -> [0x84f3b918]
21:03:28.224 5 acpi.sys[806936a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x859698a8]
21:03:31.115 AVAST engine scan C:\Windows
21:03:36.481 AVAST engine scan C:\Windows\system32
21:07:36.133 AVAST engine scan C:\Windows\system32\drivers
21:07:58.884 AVAST engine scan C:\Users\Arik
21:40:00.064 Disk 0 MBR has been saved successfully to "C:\Users\Arik\Desktop\MBR.dat"
21:40:00.074 The log file has been saved successfully to "C:\Users\Arik\Desktop\aswMBR.txt"
21:50:35.102 AVAST engine scan C:\ProgramData
21:58:20.509 Scan finished successfully
22:07:01.839 Disk 0 MBR has been saved successfully to "C:\Users\Arik\Desktop\MBR.dat"
22:07:01.846 The log file has been saved successfully to "C:\Users\Arik\Desktop\aswMBR.txt"




Here is the programs list.


µTorrent
3GP to MP3 Converter
7-Zip 9.20
AAC Decoder
Ace of Spades
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge 1.0
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Common File Installer
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS2
Adobe Photoshop CS5.1
Adobe Reader 8.1.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos 1.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 6
Amnesia: The Dark Descent
Android SDK Tools
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Catalyst Registration
Audacity 1.3.12 (Unicode)
Audiosurf
Bastion
Battlefield: Bad Company 2
BIT.TRIP RUNNER
Bonjour
Brother HL-3070CW
Browser Address Error Redirector
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
Cave Story+
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
CDisplay 1.8
Connect
DAEMON Tools Lite
Dell-eBay
Dell Best of Web
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center
Diamond 10.7 Win7Vista Installation
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DLDIrc
Dropbox
EDocs
Eufloria
Everything 1.2.1.371
F.lux
Facebook Video Calling 1.0.0.7428
Fallout Mod Manager 0.13.21
Fallout: New Vegas
FLV Player 2.0, build 24
Foxit Reader
Free Mp3/Wma/Ogg Converter 4.0.1
Garmin USB Drivers
Garmin WebUpdater
GBalph NDSMovie Converter V1.00
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
GoToAssist 8.0.0.514
Gratuitous Space Battles
H.264 Decoder
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
Handbrake 0.9.4
Hi-Rez Studios Authenticate and Update Service
Highlight Viewer (Windows Live Toolbar)
HitmanPro 3.6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP USB Disk Storage Format Tool
HyperCam 2
Hyperionics DB Toolbar
Intel® PRO Network Connections 12.1.11.0
iTunes
Jamestown
Java Auto Updater
Java DB 10.2.2.0
Java™ 6 Update 20
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 7 Update 1
Java™ SE Development Kit 6 Update 3
Java™ SE Development Kit 7
Junk Mail filter update
Just Cause 2
kuler
League of Legends
LIMBO
M3 SAKURA V1.49a Global (GAME PATCH V4.9a)
Malwarebytes Anti-Malware version 1.61.0.1400
Map Button (Windows Live Toolbar)
Mass Effect 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft LifeCam
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MKV Splitter
Mobile Broadband Generic Drivers
Move Networks Media Player for Internet Explorer
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Mumble 1.2.3
NightSky
Notepad++
NVIDIA PhysX
On the Rain-Slick Precipice of Darkness, Episode One
OpenAL
OpenOffice.org 3.2
Orcs Must Die!
Origin
PDF Settings CS4
PDF Settings CS5
Pen Tablet
Photoshop Camera Raw
Plasma Pong v1.2
Portal 2
Psychonauts
PunkBuster Services
QuickTime
Real Alternative 1.9.0
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Serious Samurize
Shank
Skins
Skype™ 5.5
Smart Menus (Windows Live Toolbar)
Sony Picture Utility
Spiral Knights
Steam
Suite Shared Configuration CS4
Super Meat Boy
SwiftKit
Switch Sound File Converter
Team Fortress 2
TeamSpeak 3 Client
Terraria
The Binding Of Isaac
The Elder Scrolls IV: Oblivion
The Elder Scrolls V: Skyrim
Torchlight 2 Beta
Tribes Ascend Closed Beta
Trine
TrueCrypt
Universe Sandbox
Unofficial Oblivion Patch v3.2.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
Vista Anti-Lag 1.1.1
VLC media player 1.0.0
VoiceOver Kit
VVVVVV
VZAccess Manager for Novatel
Wallpaper Master v2.16
Winamp
Winamp Detector Plug-in
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinSCP 4.1.6
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 AM

Posted 06 June 2012 - 12:47 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 8.1.0
Browser Address Error Redirector
Java DB 10.2.2.0
Java™ 6 Update 20
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 7 Update 1
Java™ SE Development Kit 6 Update 3
Java™ SE Development Kit 7
Viewpoint Media Player
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 AM

Posted 08 June 2012 - 11:29 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 d0onut

d0onut
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 10 June 2012 - 05:06 AM

Hello, sorry I've been focusing on finals and whatnot. I hope you've got time to take at look. I've had no problems, although MBAW still occasionally catches "malicious outgoing programs" from firefox.exe

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:02:45 AM, on 6/10/2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\vVX1000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Samurize\Client.exe
C:\Users\Arik\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\Arik\AppData\Local\Apps\F.lux\flux .exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Everything\Everything .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Notepad++\notepad++.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Startup: Dropbox.lnk = C:\Users\Arik\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: flux - Shortcut.lnk = C:\Users\Arik\AppData\Local\Apps\F.lux\flux .exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9ae90e15a7800) (gupdate1c9ae90e15a7800) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files\Hi-Rez Studios\HiPatchService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

--
End of file - 9241 bytes


MBAM:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.02

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.18702
Arik :: ARIK-PC [administrator]

Protection: Enabled

6/8/2012 9:57:51 PM
mbam-log-2012-06-08 (21-57-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255041
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 AM

Posted 10 June 2012 - 11:06 AM

Greetings

Lets uninstall firefox and when asked about user data or settings then remove that also(bookmarks may be backed up)

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
      O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
      O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
      O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
      O4 - Startup: Dropbox.lnk = C:\Users\Arik\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: flux - Shortcut.lnk = C:\Users\Arik\AppData\Local\Apps\F.lux\flux .exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users