Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS & google keeps redirecting


  • This topic is locked This topic is locked
29 replies to this topic

#1 vamsia

vamsia

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 07 June 2012 - 12:39 PM

Hi, I am having trouble with opening google results. The page redirects back to the original page and displays the results again. Thanks a lot.


DDS


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by pilar at 12:02:12 on 2012-06-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3036.1742 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [PeachtreePrefetcher.exe] "c:\progra~1\sageso~1\peacht~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ncsip] rundll32.exe "c:\users\pilar.hcphone\appdata\roaming\ncsip.dll",IsConvertImagesDialogShowed
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.1.70.2
TCP: Interfaces\{736ED66F-5F9A-4248-AA3C-9B18B6A73C8D} : DhcpNameServer = 10.1.70.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 wvauth
Hosts: 93.113.196.124 www.google.com
Hosts: 93.113.196.125 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R2 FedExAdminService;FedEx Administration Service;c:\program files\fedex\shipmanager\bin\AdminService.exe [2010-4-16 24576]
R2 FedExLoggingService;FedEx Logging Service;c:\program files\fedex\shipmanager\bin\FedEx.Gsm.Common.LoggingService.exe [2010-4-16 7168]
R2 FedExTransactionService;FedEx Transaction Engine;c:\program files\fedex\shipmanager\bin\TransEngineService.exe [2010-4-16 6656]
R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-5 135664]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-10-26 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-10-31 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-22 654408]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2008-6-6 435496]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-10-26 224424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-22 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-5 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-5 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-3 1343400]
.
=============== Created Last 30 ================
.
2012-06-07 16:56:05 54016 ----a-w- c:\windows\system32\drivers\qrxmytl.sys
2012-06-07 16:41:42 -------- d-----w- C:\_OTM
2012-06-05 18:10:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-05 18:10:13 274944 ----a-w- c:\users\pilar.hcphone\appdata\roaming\utsprf.dll
2012-06-04 22:52:15 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-04 22:48:45 126464 --sha-w- c:\users\pilar.hcphone\appdata\roaming\ncsip.dll
2012-06-04 22:48:45 -------- d-----w- c:\program files\common files\PSFactoryBuffer
2012-06-04 22:48:38 -------- d-----w- c:\programdata\F4D55F3B0001D30400006E4CB4EB238B
2012-05-25 04:11:59 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-05-22 13:55:06 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-22 13:55:06 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-22 13:38:01 -------- d-----w- c:\windows\system32\SPReview
2012-05-22 13:36:52 -------- d-----w- c:\windows\system32\EventProviders
2012-05-22 13:17:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-22 13:17:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-21 22:39:16 -------- d-----w- c:\users\pilar.hcphone\appdata\local\ApplicationHistory
2012-05-21 22:38:04 -------- d-----w- c:\program files\TrailsWeb LLC
2012-05-21 15:10:19 -------- d-----w- c:\users\pilar.hcphone\appdata\roaming\Malwarebytes
2012-05-17 15:56:11 -------- d-----w- c:\users\pilar.hcphone\appdata\local\{1669E846-3EB0-4C0C-8AC9-434921A00DAF}
2012-05-09 21:32:15 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:32:13 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-09 21:32:13 1785344 ----a-w- c:\program files\windows journal\Journal.exe
2012-05-09 21:32:12 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-09 21:32:12 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-09 21:32:12 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-09 21:31:29 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:31:29 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 21:31:29 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 21:31:28 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:31:27 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2012-06-05 18:46:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-22 13:43:54 152576 ----a-w- c:\windows\system32\msclmd.dll
.
============= FINISH: 12:07:36.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:20 AM

Posted 07 June 2012 - 11:47 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 vamsia

vamsia
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 08 June 2012 - 10:37 AM

Hello Gringo,

Thanks for taking time to help me out. I was wondering if I could do this remotely? We have logmein setup on this PC and it is on the domain and easily accessible.

Appreciate it.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:20 AM

Posted 08 June 2012 - 12:49 PM

Greetings

some of our tools will not be able to be remotely and if something goes wrong you will need to have hands on



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 vamsia

vamsia
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 08 June 2012 - 04:57 PM

Hello,

I ran security check. Combo fix started extracting and the screen just refreshes towards the end and the extraction window disappears. I ran it as Administrator. Google results still not working. Links in emails not working as well.

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 20
Java version out of date!
Adobe Flash Player 11.2.202.235
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:20 AM

Posted 08 June 2012 - 09:02 PM

Hello

This will have to be done on site as it will be going into the recovry environment

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 vamsia

vamsia
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 09 June 2012 - 01:00 PM

Hello,

Thanks for the instructions. I ran FRST. Here is the log. Google results still not working. Links in emails are not working as well.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-06-2012 07
Ran by SYSTEM at 09-06-2012 13:04:33
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-06-22] (Analog Devices, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [136216 2010-07-27] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2010-07-27] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [170520 2010-07-27] (Intel Corporation)
HKLM\...\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147840 2010-07-21] (Wave Systems Corp.)
HKLM\...\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-06-22] (Broadcom Corporation)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [40376 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2012-03-26] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [PeachtreePrefetcher.exe] "C:\PROGRA~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config [x]
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2011-04-26] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [ncsip] rundll32.exe "C:\Users\pilar.HCPHONE\AppData\Roaming\ncsip.dll",IsConvertImagesDialogShowed [126464 2012-06-04] (DT Soft Ltd)
HKLM\...\Run: [wmcrfx] "C:\Windows\System32\rundll32.exe" "C:\Users\pilar.HCPHONE\AppData\Roaming\wmcrfx.dll",Vec2TransformNormalArray [327168 2012-06-08] (C-Media Electronics Inc.)
HKU\pilar123.HCPHONE\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.70.2
Lsa: [Authentication Packages] msv1_0
wvauth
Startup: C:\Users\All Users\Start Menu\Programs\Startup\TdmNotify.lnk
ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)

================================ Services (Whitelisted) ==================

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 FedExAdminService; "C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe" [24576 2010-04-16] ()
2 FedExLoggingService; "C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe" [7168 2010-04-16] (FedEx Corporation)
2 FedExTransactionService; "C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe" [6656 2010-04-16] (FedEx Corporation)
2 GoToMyPC; "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" Start=service [946032 2011-08-22] (Citrix Online, a division of Citrix Systems, Inc.)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [71168 2010-11-20] (Microsoft Corporation)
2 LMIGuardianSvc; "C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe" [374152 2010-12-08] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files\LogMeIn\x86\RaMaint.exe" [136584 2010-12-08] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files\LogMeIn\x86\LogMeIn.exe" [390528 2010-11-08] (LogMeIn, Inc.)
2 psqlWGE; "C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe" -service -srde [435496 2009-04-06] (Pervasive Software Inc.)
3 SecureStorageService; "C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [1032192 2010-02-03] (Wave Systems Corp.)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
2 tcsd_win32.exe; "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1273856 2008-11-12] ()
2 TdmService; "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe" [1164648 2010-03-29] (Wave Systems Corp.)

========================== Drivers (Whitelisted) =============

3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [381440 2009-06-22] (Analog Devices, Inc.)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6232.sys [224424 2010-04-06] (Intel Corporation)
3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-13] (Intel Corp./ICP vortex GmbH)
2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2010-09-17] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [10144 2010-09-17] (LogMeIn, Inc.)
2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2010-09-17] (LogMeIn, Inc.)
3 NAL; \??\C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-02] (Intel Corporation )
0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [229888 2010-01-19] (Wave Systems Corp.)
4 LMIRfsClientNP; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-08 13:56 - 2012-06-08 13:55 - 04538510 ____R (Swearware) C:\Users\pilar.HCPHONE\Desktop\ComboFix.exe
2012-06-08 13:55 - 2012-06-08 13:55 - 04538510 ____A (Swearware) C:\Users\pilar.HCPHONE\Downloads\ComboFix.exe
2012-06-08 13:45 - 2012-06-08 14:25 - 00000000 ___SD C:\32788R22FWJFW
2012-06-08 13:44 - 2012-06-08 13:44 - 00000835 ____A C:\Users\pilar.HCPHONE\Desktop\checkup.txt
2012-06-08 13:40 - 2012-06-08 13:40 - 00853862 ____A C:\Users\pilar.HCPHONE\Desktop\SecurityCheck.exe
2012-06-08 13:37 - 2012-06-08 13:37 - 00327168 ____A (C-Media Electronics Inc.) C:\Users\pilar.HCPHONE\AppData\Roaming\wmcrfx.dll
2012-06-08 11:32 - 2012-06-08 11:32 - 00013031 ____A C:\Users\pilar.HCPHONE\Documents\forma de contestar.docx
2012-06-07 09:15 - 2012-06-08 13:46 - 00000000 ____D C:\Users\pilar.HCPHONE\Desktop\gmer
2012-06-07 09:14 - 2012-06-07 09:14 - 00302592 ____A C:\Users\pilar.HCPHONE\Documents\wxckm507.exe
2012-06-07 09:01 - 2012-06-07 09:01 - 00607260 ____A (Swearware) C:\Users\pilar.HCPHONE\Downloads\dds.scr
2012-06-07 08:57 - 2012-06-07 08:57 - 00000000 ____A C:\Users\pilar.HCPHONE\defogger_reenable
2012-06-07 08:41 - 2012-06-07 08:41 - 00000000 ____D C:\_OTM
2012-06-07 08:39 - 2012-06-07 08:39 - 00523264 ____A (OldTimer Tools) C:\Users\pilar.HCPHONE\Downloads\OTM.exe
2012-06-07 07:18 - 2012-06-07 08:35 - 00268202 ____A C:\Windows\ntbtlog.txt
2012-06-06 16:52 - 2012-06-06 16:53 - 00127028 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_19.52.56_log.txt
2012-06-06 07:37 - 2012-06-06 07:37 - 00000162 ___AH C:\Users\pilar.HCPHONE\Documents\~$MILO ARIAS RESUME.doc
2012-06-06 07:34 - 2012-06-06 07:34 - 00000162 ___AH C:\Users\pilar.HCPHONE\Documents\~$MELA ARIAS.doc
2012-06-05 10:10 - 2012-06-08 13:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-05 10:10 - 2012-06-05 10:46 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-05 10:10 - 2012-06-05 10:10 - 00274944 ____A (SigmaTel, Inc.) C:\Users\pilar.HCPHONE\AppData\Roaming\utsprf.dll
2012-06-04 14:52 - 2012-06-04 14:52 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-04 14:48 - 2012-06-07 07:18 - 00000000 ____D C:\Program Files\Common Files\PSFactoryBuffer
2012-06-04 14:48 - 2012-06-05 10:30 - 00000000 ____D C:\Users\All Users\F4D55F3B0001D30400006E4CB4EB238B
2012-06-04 14:48 - 2012-06-04 14:48 - 00126464 __ASH (DT Soft Ltd) C:\Users\pilar.HCPHONE\AppData\Roaming\ncsip.dll
2012-06-04 14:48 - 2012-06-04 14:48 - 00016185 ____A C:\Users\pilar.HCPHONE\Desktop\hs_err_pid4216.log
2012-06-04 14:48 - 2012-06-04 14:48 - 00015200 ____A C:\Users\pilar.HCPHONE\Desktop\hs_err_pid28976.log
2012-05-29 08:46 - 2012-05-29 08:46 - 00029184 ____A C:\Users\pilar.HCPHONE\Documents\poder amplio y suficiente.doc
2012-05-25 10:46 - 2012-05-25 10:46 - 06123574 ____N C:\Users\pilar.HCPHONE\Desktop\I have a dream (FINAL).mp3
2012-05-25 10:45 - 2012-05-25 10:45 - 05060284 ____N C:\Users\pilar.HCPHONE\Desktop\Sophia Arias - Faith.mp3
2012-05-24 20:12 - 2012-05-24 20:12 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Local\Apps\2.0
2012-05-24 20:11 - 2012-05-24 20:11 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Local\Google
2012-05-24 20:11 - 2009-08-19 19:50 - 00022872 ___RA (Adobe Systems Inc.) C:\Windows\System32\AdobePDFUI.dll
2012-05-24 20:08 - 2012-05-24 20:09 - 18124080 ____A (Microsoft Corporation) C:\Users\pilar.HCPHONE\Desktop\IE9-Windows7-x86-enu.exe
2012-05-24 19:59 - 2012-05-24 19:59 - 00016096 ____A C:\Users\pilar.HCPHONE\Desktop\hs_err_pid5992.log
2012-05-22 05:55 - 2012-01-24 21:32 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-05-22 05:55 - 2012-01-24 21:32 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-05-22 05:38 - 2012-05-22 05:38 - 00000000 ____D C:\Windows\System32\SPReview
2012-05-22 05:36 - 2012-05-22 05:36 - 00000000 ____D C:\Windows\System32\EventProviders
2012-05-22 05:31 - 2012-06-07 10:06 - 00000000 ____A C:\Users\administrator.HCPHONE\AppData\Local\WavXMapDrive.bat
2012-05-22 05:31 - 2012-05-24 20:11 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Roaming\Adobe
2012-05-22 05:31 - 2012-05-22 05:31 - 00117176 ____A C:\Users\administrator.HCPHONE\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-22 05:31 - 2012-05-22 05:31 - 00000020 ___SH C:\Users\administrator.HCPHONE\ntuser.ini
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\Templates
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\Start Menu
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\PrintHood
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\NetHood
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\My Documents
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\Documents\My Videos
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\Documents\My Pictures
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\Documents\My Music
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\AppData\Local\Temporary Internet Files
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\AppData\Local\History
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Roaming\Wave Systems Corp
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Roaming\Intel Corporation
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Roaming\Broadcom
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Roaming\Apple Computer
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\LocalLow
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Local\LogMeIn
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Local\Apple Computer
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Local\Adobe
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\users\administrator.HCPHONE
2012-05-22 05:31 - 2011-10-25 00:04 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Local\Microsoft Help
2012-05-22 05:31 - 2011-08-24 05:54 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Roaming\Macromedia
2012-05-22 05:31 - 2009-07-13 23:49 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Roaming\Media Center Programs
2012-05-22 05:14 - 2012-05-22 05:16 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-22 05:12 - 2012-05-22 05:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2012-05-22 05:09 - 2012-05-22 05:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn
2012-05-22 05:09 - 2012-05-22 05:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2012-05-21 14:43 - 2012-05-21 14:43 - 00000000 ____D C:\Users\pilar.HCPHONE\Documents\Moneylender Portfolios
2012-05-21 14:39 - 2012-05-22 05:07 - 00000000 ____D C:\Users\pilar.HCPHONE\AppData\Local\ApplicationHistory
2012-05-21 14:38 - 2012-05-21 14:39 - 00002697 ____A C:\Users\Public\Desktop\Moneylender Professional.lnk
2012-05-21 14:38 - 2012-05-21 14:38 - 00000000 ____D C:\Program Files\TrailsWeb LLC
2012-05-21 14:33 - 2012-05-21 14:37 - 05020160 ____A C:\Users\pilar.HCPHONE\Downloads\MLPSetup.msi
2012-05-21 14:32 - 2012-05-21 14:37 - 24265736 ____A (Microsoft) C:\Users\pilar.HCPHONE\Downloads\dotnet.exe
2012-05-21 07:10 - 2012-05-21 07:10 - 00000000 ____D C:\Users\pilar.HCPHONE\AppData\Roaming\Malwarebytes
2012-05-17 11:26 - 2012-05-17 11:26 - 00013436 ____A C:\Users\pilar.HCPHONE\Documents\Sophia Arias link1.docx
2012-05-17 11:19 - 2012-05-17 11:19 - 00014230 ____A C:\Users\pilar.HCPHONE\Documents\Sophia Arias links.docx
2012-05-17 07:56 - 2012-05-17 07:56 - 00000000 ____D C:\Users\pilar.HCPHONE\AppData\Local\{1669E846-3EB0-4C0C-8AC9-434921A00DAF}


============ 3 Months Modified Files and Folders ===============

2012-06-09 13:04 - 2012-06-09 13:04 - 00000000 ____D C:\FRST
2012-06-09 09:55 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-09 09:55 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-09 02:33 - 2011-10-31 11:23 - 00000000 ____D C:\Users\All Users\LogMeIn
2012-06-08 14:32 - 2010-10-26 09:14 - 00745664 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-08 14:25 - 2012-06-08 13:45 - 00000000 ___SD C:\32788R22FWJFW
2012-06-08 14:21 - 2011-03-03 18:23 - 00000128 ____A C:\Windows\System32\config\netlogon.ftl
2012-06-08 14:09 - 2009-07-13 20:53 - 00017624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-08 13:57 - 2011-05-05 09:15 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-08 13:57 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-08 13:55 - 2012-06-08 13:56 - 04538510 ____R (Swearware) C:\Users\pilar.HCPHONE\Desktop\ComboFix.exe
2012-06-08 13:55 - 2012-06-08 13:55 - 04538510 ____A (Swearware) C:\Users\pilar.HCPHONE\Downloads\ComboFix.exe
2012-06-08 13:54 - 2009-07-13 20:55 - 01577967 ____A C:\Windows\WindowsUpdate.log
2012-06-08 13:51 - 2011-04-22 08:31 - 00000000 ____A C:\Users\pilar.HCPHONE\AppData\Local\WavXMapDrive.bat
2012-06-08 13:50 - 2011-05-05 09:15 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-08 13:47 - 2009-07-13 20:39 - 00044200 ____A C:\Windows\setupact.log
2012-06-08 13:46 - 2012-06-07 09:15 - 00000000 ____D C:\Users\pilar.HCPHONE\Desktop\gmer
2012-06-08 13:46 - 2012-06-05 10:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-08 13:44 - 2012-06-08 13:44 - 00000835 ____A C:\Users\pilar.HCPHONE\Desktop\checkup.txt
2012-06-08 13:40 - 2012-06-08 13:40 - 00853862 ____A C:\Users\pilar.HCPHONE\Desktop\SecurityCheck.exe
2012-06-08 13:37 - 2012-06-08 13:37 - 00327168 ____A (C-Media Electronics Inc.) C:\Users\pilar.HCPHONE\AppData\Roaming\wmcrfx.dll
2012-06-08 13:35 - 2010-10-26 12:02 - 00215784 ____A C:\Windows\PFRO.log
2012-06-08 13:35 - 2009-07-13 20:56 - 00000000 ____D C:\Windows\DigitalLocker
2012-06-08 13:33 - 2011-04-22 09:28 - 00000000 ____D C:\Users\pilar.HCPHONE\Documents\Outlook Files
2012-06-08 11:32 - 2012-06-08 11:32 - 00013031 ____A C:\Users\pilar.HCPHONE\Documents\forma de contestar.docx
2012-06-07 10:06 - 2012-05-22 05:31 - 00000000 ____A C:\Users\administrator.HCPHONE\AppData\Local\WavXMapDrive.bat
2012-06-07 09:14 - 2012-06-07 09:14 - 00302592 ____A C:\Users\pilar.HCPHONE\Documents\wxckm507.exe
2012-06-07 09:01 - 2012-06-07 09:01 - 00607260 ____A (Swearware) C:\Users\pilar.HCPHONE\Downloads\dds.scr
2012-06-07 08:57 - 2012-06-07 08:57 - 00000000 ____A C:\Users\pilar.HCPHONE\defogger_reenable
2012-06-07 08:57 - 2011-04-22 08:31 - 00000000 ____D C:\users\pilar.HCPHONE
2012-06-07 08:56 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Globalization
2012-06-07 08:41 - 2012-06-07 08:41 - 00000000 ____D C:\_OTM
2012-06-07 08:39 - 2012-06-07 08:39 - 00523264 ____A (OldTimer Tools) C:\Users\pilar.HCPHONE\Downloads\OTM.exe
2012-06-07 08:35 - 2012-06-07 07:18 - 00268202 ____A C:\Windows\ntbtlog.txt
2012-06-07 08:23 - 2011-05-05 09:15 - 00000000 ____D C:\Program Files\Google
2012-06-07 08:18 - 2012-01-11 06:59 - 00000000 __SHD C:\Users\pilar.HCPHONE\AppData\Local\{8f370541-ae86-845f-c373-d4f84ab5ae14}
2012-06-07 07:18 - 2012-06-04 14:48 - 00000000 ____D C:\Program Files\Common Files\PSFactoryBuffer
2012-06-06 16:53 - 2012-06-06 16:52 - 00127028 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_19.52.56_log.txt
2012-06-06 07:51 - 2011-04-22 09:26 - 00159744 ____A C:\Users\pilar.HCPHONE\Documents\PAMELA ARIAS.doc
2012-06-06 07:37 - 2012-06-06 07:37 - 00000162 ___AH C:\Users\pilar.HCPHONE\Documents\~$MILO ARIAS RESUME.doc
2012-06-06 07:34 - 2012-06-06 07:34 - 00000162 ___AH C:\Users\pilar.HCPHONE\Documents\~$MELA ARIAS.doc
2012-06-05 10:46 - 2012-06-05 10:10 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-05 10:46 - 2011-06-17 05:53 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-05 10:30 - 2012-06-04 14:48 - 00000000 ____D C:\Users\All Users\F4D55F3B0001D30400006E4CB4EB238B
2012-06-05 10:10 - 2012-06-05 10:10 - 00274944 ____A (SigmaTel, Inc.) C:\Users\pilar.HCPHONE\AppData\Roaming\utsprf.dll
2012-06-04 14:52 - 2012-06-04 14:52 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-04 14:48 - 2012-06-04 14:48 - 00126464 __ASH (DT Soft Ltd) C:\Users\pilar.HCPHONE\AppData\Roaming\ncsip.dll
2012-06-04 14:48 - 2012-06-04 14:48 - 00016185 ____A C:\Users\pilar.HCPHONE\Desktop\hs_err_pid4216.log
2012-06-04 14:48 - 2012-06-04 14:48 - 00015200 ____A C:\Users\pilar.HCPHONE\Desktop\hs_err_pid28976.log
2012-05-29 08:46 - 2012-05-29 08:46 - 00029184 ____A C:\Users\pilar.HCPHONE\Documents\poder amplio y suficiente.doc
2012-05-25 10:46 - 2012-05-25 10:46 - 06123574 ____N C:\Users\pilar.HCPHONE\Desktop\I have a dream (FINAL).mp3
2012-05-25 10:45 - 2012-05-25 10:45 - 05060284 ____N C:\Users\pilar.HCPHONE\Desktop\Sophia Arias - Faith.mp3
2012-05-24 20:12 - 2012-05-24 20:12 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Local\Apps\2.0
2012-05-24 20:11 - 2012-05-24 20:11 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Local\Google
2012-05-24 20:11 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Roaming\Adobe
2012-05-24 20:09 - 2012-05-24 20:08 - 18124080 ____A (Microsoft Corporation) C:\Users\pilar.HCPHONE\Desktop\IE9-Windows7-x86-enu.exe
2012-05-24 19:59 - 2012-05-24 19:59 - 00016096 ____A C:\Users\pilar.HCPHONE\Desktop\hs_err_pid5992.log
2012-05-23 00:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-05-23 00:18 - 2009-07-13 20:33 - 00424192 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-22 06:26 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2012-05-22 05:50 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-05-22 05:47 - 2009-07-13 23:50 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-22 05:47 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-05-22 05:47 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Portable Devices
2012-05-22 05:47 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2012-05-22 05:47 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2012-05-22 05:47 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\DVD Maker
2012-05-22 05:47 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\System
2012-05-22 05:46 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2012-05-22 05:43 - 2009-07-13 18:05 - 00152576 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-05-22 05:38 - 2012-05-22 05:38 - 00000000 ____D C:\Windows\System32\SPReview
2012-05-22 05:36 - 2012-05-22 05:36 - 00000000 ____D C:\Windows\System32\EventProviders
2012-05-22 05:31 - 2012-05-22 05:31 - 00117176 ____A C:\Users\administrator.HCPHONE\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-22 05:31 - 2012-05-22 05:31 - 00000020 ___SH C:\Users\administrator.HCPHONE\ntuser.ini
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\Templates
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\Start Menu
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\PrintHood
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\NetHood
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\My Documents
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\Documents\My Videos
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\Documents\My Pictures
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\Documents\My Music
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\AppData\Local\Temporary Internet Files
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 __SHD C:\Users\administrator.HCPHONE\AppData\Local\History
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Roaming\Wave Systems Corp
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Roaming\Intel Corporation
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Roaming\Broadcom
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Roaming\Apple Computer
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\LocalLow
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Local\LogMeIn
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Local\Apple Computer
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\Users\administrator.HCPHONE\AppData\Local\Adobe
2012-05-22 05:31 - 2012-05-22 05:31 - 00000000 ____D C:\users\administrator.HCPHONE
2012-05-22 05:31 - 2009-07-13 18:36 - 00000000 __SHD C:\$Recycle.Bin
2012-05-22 05:27 - 2009-07-13 20:34 - 00000000 ____D C:\Windows\ServiceProfiles
2012-05-22 05:16 - 2012-05-22 05:14 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-22 05:12 - 2012-05-22 05:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2012-05-22 05:09 - 2012-05-22 05:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn
2012-05-22 05:09 - 2012-05-22 05:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2012-05-22 05:09 - 2011-04-21 10:41 - 00000000 ____A C:\Users\Administrator\AppData\Local\WavXMapDrive.bat
2012-05-22 05:07 - 2012-05-21 14:39 - 00000000 ____D C:\Users\pilar.HCPHONE\AppData\Local\ApplicationHistory
2012-05-21 14:43 - 2012-05-21 14:43 - 00000000 ____D C:\Users\pilar.HCPHONE\Documents\Moneylender Portfolios
2012-05-21 14:39 - 2012-05-21 14:38 - 00002697 ____A C:\Users\Public\Desktop\Moneylender Professional.lnk
2012-05-21 14:38 - 2012-05-21 14:38 - 00000000 ____D C:\Program Files\TrailsWeb LLC
2012-05-21 14:37 - 2012-05-21 14:33 - 05020160 ____A C:\Users\pilar.HCPHONE\Downloads\MLPSetup.msi
2012-05-21 14:37 - 2012-05-21 14:32 - 24265736 ____A (Microsoft) C:\Users\pilar.HCPHONE\Downloads\dotnet.exe
2012-05-21 07:10 - 2012-05-21 07:10 - 00000000 ____D C:\Users\pilar.HCPHONE\AppData\Roaming\Malwarebytes
2012-05-18 15:06 - 2011-04-25 10:37 - 00000000 ____D C:\Users\pilar.HCPHONE\AppData\Local\Apple Computer
2012-05-18 15:06 - 2011-04-22 08:32 - 00000000 ____D C:\Users\pilar.HCPHONE\AppData\Roaming\Apple Computer
2012-05-17 11:26 - 2012-05-17 11:26 - 00013436 ____A C:\Users\pilar.HCPHONE\Documents\Sophia Arias link1.docx
2012-05-17 11:19 - 2012-05-17 11:19 - 00014230 ____A C:\Users\pilar.HCPHONE\Documents\Sophia Arias links.docx
2012-05-17 08:38 - 2011-04-21 12:50 - 00001945 ____A C:\Windows\epplauncher.mif
2012-05-17 07:56 - 2012-05-17 07:56 - 00000000 ____D C:\Users\pilar.HCPHONE\AppData\Local\{1669E846-3EB0-4C0C-8AC9-434921A00DAF}
2012-05-16 08:55 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2012-05-16 08:33 - 2011-11-05 15:11 - 00000000 ____D C:\Users\pilar.HCPHONE\AppData\Local\ElevatedDiagnostics
2012-05-16 07:04 - 2009-07-13 18:04 - 00000886 ___RH C:\Windows\System32\Drivers\etc\hosts
2012-05-10 00:10 - 2011-03-03 18:32 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 00:08 - 2011-03-03 18:51 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-09 05:25 - 2011-05-24 15:14 - 00004608 ____A C:\Users\pilar.HCPHONE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-09 05:16 - 2012-05-09 05:13 - 20983084 ____A C:\Users\pilar.HCPHONE\Downloads\DAN SCHNEIDER_CamiloArias_Casey_LMT (1).mov
2012-05-09 05:13 - 2012-05-09 05:10 - 20983084 ____A C:\Users\pilar.HCPHONE\Downloads\DAN SCHNEIDER_CamiloArias_Casey_LMT.mov
2012-05-07 10:09 - 2012-05-07 10:07 - 16458988 ____A C:\Users\pilar.HCPHONE\Downloads\BUBBLE GUPPIES_Camilo_Arias_Gil_LMT.mov
2012-05-07 10:04 - 2012-05-07 10:00 - 16458988 ____A C:\Users\pilar.HCPHONE\Downloads\BUBBLE GUPPIES_Camilo_Arias_Gil_LMT (1).mov
2012-05-02 08:26 - 2011-04-22 09:26 - 00013379 ____A C:\Users\pilar.HCPHONE\Documents\Sophia introduction.docx
2012-05-02 06:54 - 2012-05-02 06:54 - 01446139 ____A C:\Users\pilar.HCPHONE\Downloads\VID-20120114-00002.3GP
2012-05-02 06:39 - 2011-04-22 08:55 - 00001459 ____A C:\Users\pilar.HCPHONE\Desktop\Invoice Files.lnk
2012-04-27 08:37 - 2011-04-22 09:26 - 00012991 ____A C:\Users\pilar.HCPHONE\Documents\Nicholas Arias introduccion.docx
2012-04-26 10:16 - 2012-04-26 10:16 - 00041984 ____A C:\Users\pilar.HCPHONE\Documents\camilo arias voice over invoice.doc
2012-04-18 11:49 - 2012-04-18 11:49 - 00013682 ____A C:\Users\pilar.HCPHONE\Documents\Your order has been sent to Peak Height Online.docx
2012-04-18 11:48 - 2012-04-18 11:48 - 00023437 ____A C:\Users\pilar.HCPHONE\Documents\How it Works.docx
2012-04-13 09:14 - 2012-03-06 09:10 - 00000000 ____D C:\Program Files\iMesh Applications
2012-04-12 00:06 - 2009-07-13 18:04 - 00000601 ____A C:\Windows\win.ini
2012-04-05 09:00 - 2012-04-05 09:00 - 00000000 ____D C:\Users\pilar.HCPHONE\AppData\Local\{154A7E69-EA14-4902-81EC-7A6CB7C83A30}
2012-04-04 08:26 - 2012-04-04 08:25 - 00000000 ____D C:\Users\pilar.HCPHONE\AppData\Local\{D9370BA1-0911-4C18-9838-F05775DE49D6}
2012-04-04 08:25 - 2012-04-04 08:25 - 00000000 ____D C:\Users\pilar.HCPHONE\AppData\Local\{DDF5029B-6226-4602-B3E9-56AA5876BE90}
2012-04-03 10:29 - 2011-05-13 11:02 - 00000000 ____D C:\Users\pilar.HCPHONE\AppData\Local\Windows Live
2012-04-03 10:04 - 2012-04-03 10:04 - 00000000 ____D C:\Users\pilar.HCPHONE\AppData\Local\{995CFCD8-4034-49F7-A896-1B7C036E3EF9}
2012-04-02 10:49 - 2012-04-02 10:49 - 00000000 ____D C:\Users\pilar.HCPHONE\AppData\Local\{6A09F52E-ECCF-4533-8489-7BFE28D3C70C}
2012-03-30 20:39 - 2012-05-09 13:31 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-09 13:31 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 18:36 - 2012-05-09 13:31 - 02343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 02:23 - 2012-05-09 13:32 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-27 13:55 - 2012-03-27 13:55 - 00014227 ____A C:\Users\pilar.HCPHONE\Documents\Grenade Gum.docx
2012-03-21 10:57 - 2011-04-22 09:25 - 00093696 ____A C:\Users\pilar.HCPHONE\Documents\CAMILO ARIAS RESUME.doc
2012-03-20 13:11 - 2012-02-24 08:12 - 00011965 ____A C:\Users\pilar.HCPHONE\Documents\Copy of chase linea de credito y tarjetas de credito.xlsx
2012-03-19 12:53 - 2012-03-19 12:53 - 00027067 ____A C:\Users\pilar.HCPHONE\Downloads\Red_Tecnovigilancia_RNT_2012_con_Formulario_INVIMA.xlsx
2012-03-19 12:53 - 2012-03-19 12:53 - 00027067 ____A C:\Users\pilar.HCPHONE\Downloads\Red_Tecnovigilancia_RNT_2012_con_Formulario_INVIMA (1).xlsx
2012-03-19 12:36 - 2012-03-19 12:36 - 00013302 ____A C:\Users\pilar.HCPHONE\Downloads\370512_669028692_1636977465_n.jpg
2012-03-19 07:36 - 2012-03-19 07:36 - 00000000 ____D C:\Users\All Users\boost_interprocess
2012-03-18 14:35 - 2012-03-23 15:31 - 00028674 ____A C:\Users\pilar.HCPHONE\Documents\666.jpg
2012-03-18 14:18 - 2012-03-23 15:32 - 00180689 ____A C:\Users\pilar.HCPHONE\Documents\872.jpg
2012-03-18 13:54 - 2012-03-23 15:31 - 00008892 ____A C:\Users\pilar.HCPHONE\Documents\63664_481552859137_683494137_5479825_199561_a.jpg
2012-03-18 13:49 - 2012-03-23 15:31 - 00174000 ____A C:\Users\pilar.HCPHONE\Documents\449.jpg
2012-03-17 20:20 - 2012-03-23 15:32 - 00653978 ____A C:\Users\pilar.HCPHONE\Documents\DSC00227a.JPG
2012-03-16 23:27 - 2012-05-09 13:31 - 00056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 19:18 - 2012-03-23 15:31 - 00073873 ____A C:\Users\pilar.HCPHONE\Documents\269584_10150261905934138_683494137_7167940_6521331_n.jpg
2012-03-16 18:24 - 2012-03-23 15:32 - 04962948 ____A C:\Users\pilar.HCPHONE\Documents\DSC05073a.JPG
2012-03-12 00:45 - 2012-03-23 15:31 - 00064792 ____A C:\Users\pilar.HCPHONE\Documents\420793_10150662956159138_683494137_8886653_750453299_n.jpg

ZeroAccess:
C:\Windows\Installer\{8f370541-ae86-845f-c373-d4f84ab5ae14}
C:\Windows\Installer\{8f370541-ae86-845f-c373-d4f84ab5ae14}\@
C:\Windows\Installer\{8f370541-ae86-845f-c373-d4f84ab5ae14}\L
C:\Windows\Installer\{8f370541-ae86-845f-c373-d4f84ab5ae14}\U
C:\Windows\Installer\{8f370541-ae86-845f-c373-d4f84ab5ae14}\U\00000001.@
C:\Windows\Installer\{8f370541-ae86-845f-c373-d4f84ab5ae14}\U\80000000.@
C:\Windows\Installer\{8f370541-ae86-845f-c373-d4f84ab5ae14}\U\800000cb.@

ZeroAccess:
C:\Users\pilar.HCPHONE\AppData\Local\{8f370541-ae86-845f-c373-d4f84ab5ae14}
C:\Users\pilar.HCPHONE\AppData\Local\{8f370541-ae86-845f-c373-d4f84ab5ae14}\@
C:\Users\pilar.HCPHONE\AppData\Local\{8f370541-ae86-845f-c373-d4f84ab5ae14}\L
C:\Users\pilar.HCPHONE\AppData\Local\{8f370541-ae86-845f-c373-d4f84ab5ae14}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3035.59 MB
Available physical RAM: 2571.41 MB
Total Pagefile: 3033.87 MB
Available Pagefile: 2578.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:148.15 GB) (Free:21.8 GB) NTFS
2 Drive e: (WIN_7_PROFESSIONAL) (CDROM) (Total:4.78 GB) (Free:0 GB) UDF
3 Drive f: (Vamsi-TEK) (Removable) (Total:7.55 GB) (Free:1.13 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.54 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 7728 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 133 MB 31 KB
Partition 2 Primary 750 MB 134 MB
Partition 3 Primary 148 GB 884 MB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 133 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 750 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 148 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7727 MB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Vamsi-TEK NTFS Removable 7727 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-07 21:32

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:20 AM

Posted 09 June 2012 - 02:46 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{8f370541-ae86-845f-c373-d4f84ab5ae14}
C:\Users\pilar.HCPHONE\AppData\Local\{8f370541-ae86-845f-c373-d4f84ab5ae14}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 vamsia

vamsia
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 09 June 2012 - 04:52 PM

Thanks for the instructions. Google results get redirected. email links not working.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-06-2012 07
Ran by SYSTEM at 2012-06-09 16:58:33 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{8f370541-ae86-845f-c373-d4f84ab5ae14} moved successfully.
C:\Users\pilar.HCPHONE\AppData\Local\{8f370541-ae86-845f-c373-d4f84ab5ae14} moved successfully.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:20 AM

Posted 09 June 2012 - 06:10 PM

I would like you to try and run combofix for me now



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 vamsia

vamsia
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 09 June 2012 - 11:45 PM

Thanks Gringo. It looks like it ran without any problem. i am not sure if I should try browsing the net yet (if it will break anything). Here is the log. Thanks.


ComboFix 12-06-09.02 - pilar 06/09/2012 23:32:19.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3036.2051 [GMT -5:00]
Running from: c:\users\pilar.HCPHONE\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\c4a97d1b8a8fe65cfb03bedbb54f3cbd_c
c:\users\pilar.HCPHONE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\pilar.HCPHONE\AppData\Roaming\ncsip.dll
c:\users\pilar.HCPHONE\AppData\Roaming\utsprf.dll
c:\users\pilar.HCPHONE\AppData\Roaming\wmcrfx.dll
c:\users\pilar.HCPHONE\Desktop\Translator.url
c:\users\pilar.HCPHONE\Documents\~WRL0001.tmp
c:\users\pilar.HCPHONE\Favorites\Translator.url
c:\users\pilar123.HCPHONE\Desktop\Translator.url
c:\users\pilar123.HCPHONE\Favorites\Translator.url
c:\windows\system32\SET80CD.tmp
c:\windows\system32\SETA5B0.tmp
c:\windows\system32\test
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy1_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-10 04:40 . 2012-06-10 04:40 -------- d-----w- c:\users\pilar123.HCPHONE\AppData\Local\temp
2012-06-10 04:40 . 2012-06-10 04:40 -------- d-----w- c:\users\Pilar\AppData\Local\temp
2012-06-10 04:40 . 2012-06-10 04:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-10 04:40 . 2012-06-10 04:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-09 21:04 . 2012-06-09 21:05 -------- d-----w- C:\FRST
2012-06-07 16:41 . 2012-06-07 16:41 -------- d-----w- C:\_OTM
2012-06-05 18:10 . 2012-06-05 18:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-04 22:52 . 2012-06-04 22:52 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-04 22:48 . 2012-06-07 15:18 -------- d-----w- c:\program files\Common Files\PSFactoryBuffer
2012-06-04 22:48 . 2012-06-05 18:30 -------- d-----w- c:\programdata\F4D55F3B0001D30400006E4CB4EB238B
2012-05-25 04:11 . 2009-08-20 03:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-05-22 13:55 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-22 13:55 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-22 13:38 . 2012-05-22 13:38 -------- d-----w- c:\windows\system32\SPReview
2012-05-22 13:36 . 2012-05-22 13:36 -------- d-----w- c:\windows\system32\EventProviders
2012-05-22 13:31 . 2012-05-22 13:31 -------- d-----w- c:\users\administrator.HCPHONE
2012-05-22 13:12 . 2012-05-22 13:12 -------- d-----w- c:\users\Administrator\AppData\Local\Google
2012-05-22 13:09 . 2012-05-22 13:09 -------- d-----w- c:\users\Administrator\AppData\Local\LogMeIn
2012-05-22 13:09 . 2012-05-22 13:09 -------- d-----w- c:\users\Administrator\AppData\Local\Apple Computer
2012-05-21 22:39 . 2012-05-22 13:07 -------- d-----w- c:\users\pilar.HCPHONE\AppData\Local\ApplicationHistory
2012-05-21 22:38 . 2012-05-21 22:38 -------- d-----w- c:\program files\TrailsWeb LLC
2012-05-21 15:10 . 2012-05-21 15:10 -------- d-----w- c:\users\pilar.HCPHONE\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 04:45 . 2011-04-22 16:31 0 ----a-w- c:\users\pilar.HCPHONE\AppData\Local\WavXMapDrive.bat
2012-06-05 18:46 . 2011-06-17 13:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-22 13:43 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-22 13:09 . 2011-04-21 18:41 0 ----a-w- c:\users\Administrator\AppData\Local\WavXMapDrive.bat
2012-03-31 04:39 . 2012-05-09 21:31 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 21:31 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36 . 2012-05-09 21:31 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23 . 2012-05-09 21:32 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:27 . 2012-05-09 21:31 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 16:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 16:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 170520]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"PeachtreePrefetcher.exe"="c:\progra~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" [2011-02-16 28488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-04 1343400]
S2 FedExAdminService;FedEx Administration Service;c:\program files\FedEx\ShipManager\BIN\AdminService.exe [2010-04-16 24576]
S2 FedExLoggingService;FedEx Logging Service;c:\program files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe [2010-04-16 7168]
S2 FedExTransactionService;FedEx Transaction Engine;c:\program files\FedEx\ShipManager\BIN\TransEngineService.exe [2010-04-16 6656]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2009-04-07 435496]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-06 224424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 18:46]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 17:15]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-05 17:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 10.1.70.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-ncsip - c:\users\pilar.HCPHONE\AppData\Roaming\ncsip.dll
HKLM-Run-wmcrfx - c:\users\pilar.HCPHONE\AppData\Roaming\wmcrfx.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(560)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(2332)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Citrix\GoToMyPC\g2svc.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\sppsvc.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-06-09 23:49:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-10 04:49
.
Pre-Run: 23,119,118,336 bytes free
Post-Run: 23,675,641,856 bytes free
.
- - End Of File - - 537D3BAC4299A2C875F8222781C7C95A

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:20 AM

Posted 10 June 2012 - 12:11 AM

Greetings

yes check things out and let me know how things are

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 vamsia

vamsia
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 10 June 2012 - 12:28 AM

It is no longer redirecting links in Google search. As for links in emails, I get the following error message - "This operation has been cancelled due to the restrictions in effect on this computer. Please contact your administrator." I will post the aswMBR log in the next post. Thank you.

Here is the TDS log.

00:28:34.0381 4500 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
00:28:34.0801 4500 ============================================================
00:28:34.0801 4500 Current date / time: 2012/06/10 00:28:34.0801
00:28:34.0801 4500 SystemInfo:
00:28:34.0801 4500
00:28:34.0802 4500 OS Version: 6.1.7601 ServicePack: 1.0
00:28:34.0802 4500 Product type: Workstation
00:28:34.0802 4500 ComputerName: PILAR
00:28:34.0802 4500 UserName: pilar
00:28:34.0802 4500 Windows directory: C:\Windows
00:28:34.0802 4500 System windows directory: C:\Windows
00:28:34.0802 4500 Processor architecture: Intel x86
00:28:34.0802 4500 Number of processors: 2
00:28:34.0802 4500 Page size: 0x1000
00:28:34.0802 4500 Boot type: Normal boot
00:28:34.0802 4500 ============================================================
00:28:35.0126 4500 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:28:35.0127 4500 ============================================================
00:28:35.0127 4500 \Device\Harddisk0\DR0:
00:28:35.0127 4500 MBR partitions:
00:28:35.0127 4500 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x43000, BlocksNum 0x177000
00:28:35.0127 4500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BA000, BlocksNum 0x1284B000
00:28:35.0127 4500 ============================================================
00:28:35.0146 4500 C: <-> \Device\Harddisk0\DR0\Partition1
00:28:35.0146 4500 ============================================================
00:28:35.0146 4500 Initialize success
00:28:35.0146 4500 ============================================================
00:28:55.0649 0848 ============================================================
00:28:55.0649 0848 Scan started
00:28:55.0649 0848 Mode: Manual;
00:28:55.0649 0848 ============================================================
00:28:56.0063 0848 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
00:28:56.0065 0848 1394ohci - ok
00:28:56.0097 0848 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
00:28:56.0100 0848 ACPI - ok
00:28:56.0121 0848 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
00:28:56.0122 0848 AcpiPmi - ok
00:28:56.0164 0848 ADIHdAudAddService (9ae87d8e973b18b0cda4a6ac69943ba5) C:\Windows\system32\drivers\ADIHdAud.sys
00:28:56.0169 0848 ADIHdAudAddService - ok
00:28:56.0220 0848 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:28:56.0223 0848 AdobeFlashPlayerUpdateSvc - ok
00:28:56.0261 0848 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
00:28:56.0266 0848 adp94xx - ok
00:28:56.0289 0848 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
00:28:56.0292 0848 adpahci - ok
00:28:56.0307 0848 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
00:28:56.0310 0848 adpu320 - ok
00:28:56.0341 0848 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
00:28:56.0342 0848 AeLookupSvc - ok
00:28:56.0384 0848 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
00:28:56.0388 0848 AFD - ok
00:28:56.0419 0848 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
00:28:56.0420 0848 agp440 - ok
00:28:56.0464 0848 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
00:28:56.0465 0848 aic78xx - ok
00:28:56.0504 0848 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
00:28:56.0506 0848 ALG - ok
00:28:56.0524 0848 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
00:28:56.0524 0848 aliide - ok
00:28:56.0543 0848 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
00:28:56.0544 0848 amdagp - ok
00:28:56.0566 0848 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
00:28:56.0566 0848 amdide - ok
00:28:56.0600 0848 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
00:28:56.0601 0848 AmdK8 - ok
00:28:56.0613 0848 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
00:28:56.0615 0848 AmdPPM - ok
00:28:56.0638 0848 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
00:28:56.0640 0848 amdsata - ok
00:28:56.0662 0848 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
00:28:56.0664 0848 amdsbs - ok
00:28:56.0684 0848 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
00:28:56.0685 0848 amdxata - ok
00:28:56.0717 0848 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
00:28:56.0718 0848 AppID - ok
00:28:56.0756 0848 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
00:28:56.0758 0848 AppIDSvc - ok
00:28:56.0793 0848 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
00:28:56.0795 0848 Appinfo - ok
00:28:56.0848 0848 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:28:56.0850 0848 Apple Mobile Device - ok
00:28:56.0885 0848 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
00:28:56.0887 0848 AppMgmt - ok
00:28:56.0925 0848 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
00:28:56.0926 0848 arc - ok
00:28:56.0942 0848 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
00:28:56.0943 0848 arcsas - ok
00:28:57.0030 0848 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:28:57.0031 0848 aspnet_state - ok
00:28:57.0054 0848 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:28:57.0054 0848 AsyncMac - ok
00:28:57.0086 0848 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
00:28:57.0087 0848 atapi - ok
00:28:57.0128 0848 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
00:28:57.0133 0848 AudioEndpointBuilder - ok
00:28:57.0141 0848 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
00:28:57.0145 0848 Audiosrv - ok
00:28:57.0192 0848 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
00:28:57.0194 0848 AxInstSV - ok
00:28:57.0239 0848 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
00:28:57.0245 0848 b06bdrv - ok
00:28:57.0292 0848 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:28:57.0295 0848 b57nd60x - ok
00:28:57.0338 0848 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
00:28:57.0339 0848 BDESVC - ok
00:28:57.0359 0848 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:28:57.0360 0848 Beep - ok
00:28:57.0404 0848 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
00:28:57.0410 0848 BFE - ok
00:28:57.0439 0848 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
00:28:57.0455 0848 BITS - ok
00:28:57.0468 0848 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
00:28:57.0469 0848 blbdrive - ok
00:28:57.0535 0848 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
00:28:57.0539 0848 Bonjour Service - ok
00:28:57.0575 0848 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
00:28:57.0576 0848 bowser - ok
00:28:57.0600 0848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:28:57.0600 0848 BrFiltLo - ok
00:28:57.0615 0848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:28:57.0616 0848 BrFiltUp - ok
00:28:57.0645 0848 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
00:28:57.0647 0848 BridgeMP - ok
00:28:57.0678 0848 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
00:28:57.0680 0848 Browser - ok
00:28:57.0707 0848 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:28:57.0710 0848 Brserid - ok
00:28:57.0726 0848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:28:57.0728 0848 BrSerWdm - ok
00:28:57.0744 0848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:28:57.0744 0848 BrUsbMdm - ok
00:28:57.0752 0848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:28:57.0753 0848 BrUsbSer - ok
00:28:57.0768 0848 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
00:28:57.0770 0848 BTHMODEM - ok
00:28:57.0804 0848 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
00:28:57.0805 0848 bthserv - ok
00:28:57.0874 0848 catchme - ok
00:28:57.0908 0848 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:28:57.0909 0848 cdfs - ok
00:28:57.0939 0848 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
00:28:57.0941 0848 cdrom - ok
00:28:57.0970 0848 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
00:28:57.0972 0848 CertPropSvc - ok
00:28:57.0994 0848 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
00:28:57.0995 0848 circlass - ok
00:28:58.0028 0848 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:28:58.0032 0848 CLFS - ok
00:28:58.0105 0848 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:28:58.0106 0848 clr_optimization_v2.0.50727_32 - ok
00:28:58.0158 0848 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:28:58.0160 0848 clr_optimization_v4.0.30319_32 - ok
00:28:58.0185 0848 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
00:28:58.0185 0848 CmBatt - ok
00:28:58.0214 0848 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
00:28:58.0215 0848 cmdide - ok
00:28:58.0246 0848 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
00:28:58.0250 0848 CNG - ok
00:28:58.0269 0848 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
00:28:58.0270 0848 Compbatt - ok
00:28:58.0316 0848 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
00:28:58.0317 0848 CompositeBus - ok
00:28:58.0326 0848 COMSysApp - ok
00:28:58.0353 0848 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
00:28:58.0353 0848 crcdisk - ok
00:28:58.0386 0848 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
00:28:58.0388 0848 CryptSvc - ok
00:28:58.0406 0848 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
00:28:58.0410 0848 CSC - ok
00:28:58.0429 0848 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
00:28:58.0434 0848 CscService - ok
00:28:58.0467 0848 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
00:28:58.0473 0848 DcomLaunch - ok
00:28:58.0498 0848 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
00:28:58.0500 0848 defragsvc - ok
00:28:58.0542 0848 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
00:28:58.0543 0848 DfsC - ok
00:28:58.0577 0848 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
00:28:58.0581 0848 Dhcp - ok
00:28:58.0599 0848 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:28:58.0600 0848 discache - ok
00:28:58.0620 0848 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
00:28:58.0621 0848 Disk - ok
00:28:58.0648 0848 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
00:28:58.0651 0848 Dnscache - ok
00:28:58.0678 0848 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
00:28:58.0682 0848 dot3svc - ok
00:28:58.0707 0848 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
00:28:58.0710 0848 DPS - ok
00:28:58.0739 0848 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:28:58.0740 0848 drmkaud - ok
00:28:58.0780 0848 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
00:28:58.0785 0848 DXGKrnl - ok
00:28:58.0819 0848 e1kexpress (19e30c3c80d8ce29944b3f30ff9c8b76) C:\Windows\system32\DRIVERS\e1k6232.sys
00:28:58.0820 0848 e1kexpress - ok
00:28:58.0844 0848 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
00:28:58.0847 0848 EapHost - ok
00:28:58.0951 0848 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
00:28:59.0008 0848 ebdrv - ok
00:28:59.0085 0848 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
00:28:59.0087 0848 EFS - ok
00:28:59.0649 0848 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
00:28:59.0662 0848 ehRecvr - ok
00:28:59.0687 0848 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
00:28:59.0689 0848 ehSched - ok
00:28:59.0738 0848 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
00:28:59.0744 0848 elxstor - ok
00:28:59.0775 0848 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
00:28:59.0775 0848 ErrDev - ok
00:28:59.0822 0848 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
00:28:59.0826 0848 EventSystem - ok
00:28:59.0851 0848 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:28:59.0854 0848 exfat - ok
00:28:59.0877 0848 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:28:59.0878 0848 fastfat - ok
00:28:59.0920 0848 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
00:28:59.0928 0848 Fax - ok
00:28:59.0952 0848 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
00:28:59.0953 0848 fdc - ok
00:28:59.0974 0848 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
00:28:59.0976 0848 fdPHost - ok
00:28:59.0982 0848 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
00:28:59.0983 0848 FDResPub - ok
00:29:00.0035 0848 FedExAdminService (d41835e149e5744890aff34b7ab9d315) C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
00:29:00.0036 0848 FedExAdminService - ok
00:29:00.0049 0848 FedExLoggingService (f13a1654d7e0a328a563c26d11702ab6) C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe
00:29:00.0053 0848 FedExLoggingService - ok
00:29:00.0062 0848 FedExTransactionService (5641653c9564f89818847d1ba2dad5d9) C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe
00:29:00.0064 0848 FedExTransactionService - ok
00:29:00.0077 0848 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:29:00.0077 0848 FileInfo - ok
00:29:00.0094 0848 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:29:00.0095 0848 Filetrace - ok
00:29:00.0154 0848 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:29:00.0175 0848 FLEXnet Licensing Service - ok
00:29:00.0193 0848 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
00:29:00.0194 0848 flpydisk - ok
00:29:00.0229 0848 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:29:00.0231 0848 FltMgr - ok
00:29:00.0272 0848 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
00:29:00.0290 0848 FontCache - ok
00:29:00.0350 0848 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:29:00.0352 0848 FontCache3.0.0.0 - ok
00:29:00.0369 0848 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:29:00.0370 0848 FsDepends - ok
00:29:00.0396 0848 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
00:29:00.0396 0848 Fs_Rec - ok
00:29:00.0436 0848 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
00:29:00.0438 0848 fvevol - ok
00:29:00.0472 0848 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:29:00.0473 0848 gagp30kx - ok
00:29:00.0499 0848 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:29:00.0500 0848 GEARAspiWDM - ok
00:29:00.0573 0848 GoToMyPC (fcec59f16559bb038ffa87c2d86a8a8f) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
00:29:00.0591 0848 GoToMyPC - ok
00:29:00.0624 0848 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
00:29:00.0637 0848 gpsvc - ok
00:29:00.0705 0848 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
00:29:00.0707 0848 gupdate - ok
00:29:00.0726 0848 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
00:29:00.0727 0848 gupdatem - ok
00:29:00.0754 0848 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:29:00.0757 0848 gusvc - ok
00:29:00.0802 0848 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:29:00.0803 0848 hcw85cir - ok
00:29:00.0833 0848 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
00:29:00.0835 0848 HDAudBus - ok
00:29:00.0847 0848 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
00:29:00.0848 0848 HidBatt - ok
00:29:00.0866 0848 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
00:29:00.0868 0848 HidBth - ok
00:29:00.0908 0848 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
00:29:00.0909 0848 HidIr - ok
00:29:00.0929 0848 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
00:29:00.0931 0848 hidserv - ok
00:29:00.0967 0848 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
00:29:00.0968 0848 HidUsb - ok
00:29:00.0990 0848 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
00:29:00.0993 0848 hkmsvc - ok
00:29:01.0009 0848 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
00:29:01.0014 0848 HomeGroupListener - ok
00:29:01.0039 0848 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
00:29:01.0042 0848 HomeGroupProvider - ok
00:29:01.0079 0848 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
00:29:01.0080 0848 HpSAMD - ok
00:29:01.0126 0848 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
00:29:01.0132 0848 HTTP - ok
00:29:01.0148 0848 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
00:29:01.0149 0848 hwpolicy - ok
00:29:01.0187 0848 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
00:29:01.0188 0848 i8042prt - ok
00:29:01.0231 0848 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
00:29:01.0234 0848 iaStor - ok
00:29:01.0302 0848 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
00:29:01.0303 0848 IAStorDataMgrSvc - ok
00:29:01.0338 0848 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
00:29:01.0342 0848 iaStorV - ok
00:29:01.0411 0848 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:29:01.0413 0848 IDriverT - ok
00:29:01.0496 0848 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:29:01.0516 0848 idsvc - ok
00:29:01.0789 0848 igfx (c5589781f75de0bfb26e221649c80d00) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:29:01.0931 0848 igfx - ok
00:29:02.0015 0848 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
00:29:02.0016 0848 iirsp - ok
00:29:02.0067 0848 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
00:29:02.0087 0848 IKEEXT - ok
00:29:02.0115 0848 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
00:29:02.0116 0848 intelide - ok
00:29:02.0143 0848 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
00:29:02.0144 0848 intelppm - ok
00:29:02.0164 0848 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
00:29:02.0167 0848 IPBusEnum - ok
00:29:02.0184 0848 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:29:02.0185 0848 IpFilterDriver - ok
00:29:02.0237 0848 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
00:29:02.0244 0848 iphlpsvc - ok
00:29:02.0267 0848 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
00:29:02.0268 0848 IPMIDRV - ok
00:29:02.0291 0848 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:29:02.0292 0848 IPNAT - ok
00:29:02.0350 0848 iPod Service (e51bd095b2fdf56b17ee010bb794d6ed) C:\Program Files\iPod\bin\iPodService.exe
00:29:02.0368 0848 iPod Service - ok
00:29:02.0397 0848 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:29:02.0398 0848 IRENUM - ok
00:29:02.0415 0848 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
00:29:02.0416 0848 isapnp - ok
00:29:02.0452 0848 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
00:29:02.0454 0848 iScsiPrt - ok
00:29:02.0495 0848 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
00:29:02.0496 0848 kbdclass - ok
00:29:02.0504 0848 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
00:29:02.0506 0848 kbdhid - ok
00:29:02.0523 0848 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:29:02.0524 0848 KeyIso - ok
00:29:02.0534 0848 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
00:29:02.0535 0848 KSecDD - ok
00:29:02.0547 0848 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
00:29:02.0548 0848 KSecPkg - ok
00:29:02.0577 0848 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
00:29:02.0582 0848 KtmRm - ok
00:29:02.0617 0848 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
00:29:02.0622 0848 LanmanServer - ok
00:29:02.0650 0848 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
00:29:02.0654 0848 LanmanWorkstation - ok
00:29:02.0688 0848 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:29:02.0689 0848 lltdio - ok
00:29:02.0717 0848 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
00:29:02.0721 0848 lltdsvc - ok
00:29:02.0740 0848 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
00:29:02.0743 0848 lmhosts - ok
00:29:02.0802 0848 LMIGuardianSvc (f622a3c0c10a26c1dc789cdeb0b2a4eb) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
00:29:02.0806 0848 LMIGuardianSvc - ok
00:29:02.0826 0848 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
00:29:02.0827 0848 LMIInfo - ok
00:29:02.0853 0848 LMIMaint (ce9e8bf4e9194b29767cda90f8bdc675) C:\Program Files\LogMeIn\x86\RaMaint.exe
00:29:02.0855 0848 LMIMaint - ok
00:29:02.0883 0848 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
00:29:02.0883 0848 lmimirr - ok
00:29:02.0902 0848 LMIRfsClientNP - ok
00:29:02.0925 0848 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
00:29:02.0926 0848 LMIRfsDriver - ok
00:29:02.0956 0848 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
00:29:02.0960 0848 LogMeIn - ok
00:29:03.0000 0848 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:29:03.0001 0848 LSI_FC - ok
00:29:03.0017 0848 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:29:03.0018 0848 LSI_SAS - ok
00:29:03.0034 0848 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:29:03.0036 0848 LSI_SAS2 - ok
00:29:03.0051 0848 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:29:03.0052 0848 LSI_SCSI - ok
00:29:03.0073 0848 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:29:03.0074 0848 luafv - ok
00:29:03.0100 0848 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
00:29:03.0103 0848 Mcx2Svc - ok
00:29:03.0121 0848 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
00:29:03.0122 0848 megasas - ok
00:29:03.0152 0848 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
00:29:03.0155 0848 MegaSR - ok
00:29:03.0173 0848 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:29:03.0175 0848 MMCSS - ok
00:29:03.0188 0848 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:29:03.0190 0848 Modem - ok
00:29:03.0212 0848 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:29:03.0213 0848 monitor - ok
00:29:03.0238 0848 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
00:29:03.0239 0848 mouclass - ok
00:29:03.0255 0848 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
00:29:03.0256 0848 mouhid - ok
00:29:03.0276 0848 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
00:29:03.0278 0848 mountmgr - ok
00:29:03.0304 0848 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
00:29:03.0305 0848 mpio - ok
00:29:03.0320 0848 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:29:03.0322 0848 mpsdrv - ok
00:29:03.0366 0848 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
00:29:03.0386 0848 MpsSvc - ok
00:29:03.0417 0848 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
00:29:03.0419 0848 MRxDAV - ok
00:29:03.0462 0848 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:29:03.0464 0848 mrxsmb - ok
00:29:03.0484 0848 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:29:03.0487 0848 mrxsmb10 - ok
00:29:03.0498 0848 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:29:03.0500 0848 mrxsmb20 - ok
00:29:03.0522 0848 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
00:29:03.0523 0848 msahci - ok
00:29:03.0553 0848 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
00:29:03.0555 0848 msdsm - ok
00:29:03.0591 0848 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
00:29:03.0594 0848 MSDTC - ok
00:29:03.0627 0848 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:29:03.0628 0848 Msfs - ok
00:29:03.0637 0848 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:29:03.0638 0848 mshidkmdf - ok
00:29:03.0657 0848 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
00:29:03.0658 0848 msisadrv - ok
00:29:03.0689 0848 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
00:29:03.0692 0848 MSiSCSI - ok
00:29:03.0697 0848 msiserver - ok
00:29:03.0732 0848 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:29:03.0733 0848 MSKSSRV - ok
00:29:03.0745 0848 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:29:03.0746 0848 MSPCLOCK - ok
00:29:03.0763 0848 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:29:03.0763 0848 MSPQM - ok
00:29:03.0779 0848 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:29:03.0780 0848 MsRPC - ok
00:29:03.0796 0848 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
00:29:03.0796 0848 mssmbios - ok
00:29:03.0815 0848 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:29:03.0816 0848 MSTEE - ok
00:29:03.0830 0848 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
00:29:03.0831 0848 MTConfig - ok
00:29:03.0845 0848 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:29:03.0846 0848 Mup - ok
00:29:03.0873 0848 NAL (428c611928df3e96538a482117e659f7) C:\Windows\system32\Drivers\iqvw32.sys
00:29:03.0874 0848 NAL - ok
00:29:03.0904 0848 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
00:29:03.0910 0848 napagent - ok
00:29:03.0937 0848 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:29:03.0940 0848 NativeWifiP - ok
00:29:03.0981 0848 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
00:29:04.0000 0848 NDIS - ok
00:29:04.0033 0848 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:29:04.0034 0848 NdisCap - ok
00:29:04.0052 0848 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:29:04.0053 0848 NdisTapi - ok
00:29:04.0073 0848 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
00:29:04.0074 0848 Ndisuio - ok
00:29:04.0092 0848 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
00:29:04.0094 0848 NdisWan - ok
00:29:04.0114 0848 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
00:29:04.0115 0848 NDProxy - ok
00:29:04.0141 0848 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
00:29:04.0143 0848 Net Driver HPZ12 - ok
00:29:04.0171 0848 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:29:04.0172 0848 NetBIOS - ok
00:29:04.0193 0848 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
00:29:04.0195 0848 NetBT - ok
00:29:04.0212 0848 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:29:04.0214 0848 Netlogon - ok
00:29:04.0253 0848 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
00:29:04.0257 0848 Netman - ok
00:29:04.0267 0848 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
00:29:04.0272 0848 netprofm - ok
00:29:04.0322 0848 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:29:04.0324 0848 NetTcpPortSharing - ok
00:29:04.0351 0848 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
00:29:04.0352 0848 nfrd960 - ok
00:29:04.0379 0848 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
00:29:04.0384 0848 NlaSvc - ok
00:29:04.0398 0848 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:29:04.0399 0848 Npfs - ok
00:29:04.0416 0848 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
00:29:04.0418 0848 nsi - ok
00:29:04.0431 0848 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:29:04.0432 0848 nsiproxy - ok
00:29:04.0482 0848 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
00:29:04.0504 0848 Ntfs - ok
00:29:04.0580 0848 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:29:04.0581 0848 Null - ok
00:29:04.0608 0848 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
00:29:04.0610 0848 nvraid - ok
00:29:04.0626 0848 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
00:29:04.0628 0848 nvstor - ok
00:29:04.0659 0848 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
00:29:04.0661 0848 nv_agp - ok
00:29:04.0688 0848 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
00:29:04.0690 0848 ohci1394 - ok
00:29:04.0767 0848 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:29:04.0769 0848 ose - ok
00:29:04.0919 0848 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:29:05.0015 0848 osppsvc - ok
00:29:05.0098 0848 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:29:05.0103 0848 p2pimsvc - ok
00:29:05.0138 0848 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
00:29:05.0144 0848 p2psvc - ok
00:29:05.0194 0848 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
00:29:05.0196 0848 Parport - ok
00:29:05.0218 0848 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
00:29:05.0219 0848 partmgr - ok
00:29:05.0232 0848 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
00:29:05.0233 0848 Parvdm - ok
00:29:05.0263 0848 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
00:29:05.0264 0848 PBADRV - ok
00:29:05.0286 0848 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
00:29:05.0290 0848 PcaSvc - ok
00:29:05.0312 0848 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
00:29:05.0315 0848 pci - ok
00:29:05.0333 0848 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
00:29:05.0334 0848 pciide - ok
00:29:05.0365 0848 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
00:29:05.0367 0848 pcmcia - ok
00:29:05.0390 0848 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:29:05.0391 0848 pcw - ok
00:29:05.0424 0848 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:29:05.0436 0848 PEAUTH - ok
00:29:05.0476 0848 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
00:29:05.0510 0848 PeerDistSvc - ok
00:29:05.0587 0848 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
00:29:05.0618 0848 pla - ok
00:29:05.0699 0848 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
00:29:05.0705 0848 PlugPlay - ok
00:29:05.0735 0848 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
00:29:05.0737 0848 Pml Driver HPZ12 - ok
00:29:05.0763 0848 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
00:29:05.0766 0848 PNRPAutoReg - ok
00:29:05.0781 0848 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:29:05.0785 0848 PNRPsvc - ok
00:29:05.0814 0848 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
00:29:05.0819 0848 PolicyAgent - ok
00:29:05.0836 0848 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
00:29:05.0840 0848 Power - ok
00:29:05.0885 0848 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:29:05.0886 0848 PptpMiniport - ok
00:29:05.0904 0848 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
00:29:05.0906 0848 Processor - ok
00:29:05.0940 0848 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
00:29:05.0944 0848 ProfSvc - ok
00:29:05.0960 0848 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:29:05.0963 0848 ProtectedStorage - ok
00:29:05.0994 0848 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:29:05.0995 0848 Psched - ok
00:29:06.0060 0848 psqlWGE (5d059e1f56576a9264d2243d0c8dd7fa) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
00:29:06.0065 0848 psqlWGE - ok
00:29:06.0117 0848 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
00:29:06.0150 0848 ql2300 - ok
00:29:06.0241 0848 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
00:29:06.0243 0848 ql40xx - ok
00:29:06.0276 0848 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
00:29:06.0281 0848 QWAVE - ok
00:29:06.0297 0848 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:29:06.0298 0848 QWAVEdrv - ok
00:29:06.0309 0848 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:29:06.0310 0848 RasAcd - ok
00:29:06.0347 0848 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:29:06.0348 0848 RasAgileVpn - ok
00:29:06.0374 0848 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
00:29:06.0378 0848 RasAuto - ok
00:29:06.0404 0848 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:29:06.0406 0848 Rasl2tp - ok
00:29:06.0436 0848 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
00:29:06.0441 0848 RasMan - ok
00:29:06.0461 0848 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:29:06.0463 0848 RasPppoe - ok
00:29:06.0488 0848 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:29:06.0489 0848 RasSstp - ok
00:29:06.0505 0848 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
00:29:06.0508 0848 rdbss - ok
00:29:06.0523 0848 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
00:29:06.0524 0848 rdpbus - ok
00:29:06.0548 0848 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:29:06.0549 0848 RDPCDD - ok
00:29:06.0578 0848 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
00:29:06.0580 0848 RDPDR - ok
00:29:06.0611 0848 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:29:06.0612 0848 RDPENCDD - ok
00:29:06.0623 0848 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:29:06.0624 0848 RDPREFMP - ok
00:29:06.0645 0848 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
00:29:06.0647 0848 RDPWD - ok
00:29:06.0679 0848 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
00:29:06.0680 0848 rdyboost - ok
00:29:06.0698 0848 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
00:29:06.0700 0848 RemoteAccess - ok
00:29:06.0724 0848 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
00:29:06.0727 0848 RemoteRegistry - ok
00:29:06.0743 0848 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
00:29:06.0746 0848 RpcEptMapper - ok
00:29:06.0762 0848 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
00:29:06.0764 0848 RpcLocator - ok
00:29:06.0791 0848 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
00:29:06.0795 0848 RpcSs - ok
00:29:06.0827 0848 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:29:06.0828 0848 rspndr - ok
00:29:06.0846 0848 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
00:29:06.0847 0848 s3cap - ok
00:29:06.0868 0848 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:29:06.0870 0848 SamSs - ok
00:29:06.0905 0848 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
00:29:06.0907 0848 sbp2port - ok
00:29:06.0940 0848 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
00:29:06.0945 0848 SCardSvr - ok
00:29:07.0003 0848 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
00:29:07.0004 0848 scfilter - ok
00:29:07.0043 0848 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
00:29:07.0063 0848 Schedule - ok
00:29:07.0094 0848 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
00:29:07.0095 0848 SCPolicySvc - ok
00:29:07.0114 0848 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
00:29:07.0119 0848 SDRSVC - ok
00:29:07.0153 0848 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:29:07.0154 0848 secdrv - ok
00:29:07.0216 0848 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
00:29:07.0219 0848 seclogon - ok
00:29:07.0326 0848 SecureStorageService (e396fbc469df73692318dc90ad13ce86) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
00:29:07.0353 0848 SecureStorageService - ok
00:29:07.0382 0848 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
00:29:07.0384 0848 SENS - ok
00:29:07.0415 0848 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
00:29:07.0418 0848 SensrSvc - ok
00:29:07.0457 0848 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
00:29:07.0457 0848 Serenum - ok
00:29:07.0467 0848 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
00:29:07.0469 0848 Serial - ok
00:29:07.0489 0848 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
00:29:07.0490 0848 sermouse - ok
00:29:07.0515 0848 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
00:29:07.0517 0848 SessionEnv - ok
00:29:07.0534 0848 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
00:29:07.0534 0848 sffdisk - ok
00:29:07.0545 0848 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
00:29:07.0546 0848 sffp_mmc - ok
00:29:07.0555 0848 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
00:29:07.0556 0848 sffp_sd - ok
00:29:07.0579 0848 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
00:29:07.0580 0848 sfloppy - ok
00:29:07.0621 0848 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
00:29:07.0626 0848 SharedAccess - ok
00:29:07.0654 0848 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
00:29:07.0660 0848 ShellHWDetection - ok
00:29:07.0684 0848 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
00:29:07.0685 0848 sisagp - ok
00:29:07.0726 0848 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:29:07.0728 0848 SiSRaid2 - ok
00:29:07.0743 0848 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
00:29:07.0745 0848 SiSRaid4 - ok
00:29:07.0779 0848 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:29:07.0781 0848 Smb - ok
00:29:07.0821 0848 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
00:29:07.0824 0848 SNMPTRAP - ok
00:29:07.0884 0848 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
00:29:07.0885 0848 spldr - ok
00:29:07.0918 0848 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
00:29:07.0924 0848 Spooler - ok
00:29:08.0012 0848 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
00:29:08.0061 0848 sppsvc - ok
00:29:08.0129 0848 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
00:29:08.0133 0848 sppuinotify - ok
00:29:08.0173 0848 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
00:29:08.0177 0848 srv - ok
00:29:08.0198 0848 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
00:29:08.0201 0848 srv2 - ok
00:29:08.0217 0848 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
00:29:08.0219 0848 srvnet - ok
00:29:08.0244 0848 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
00:29:08.0247 0848 SSDPSRV - ok
00:29:08.0259 0848 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
00:29:08.0262 0848 SstpSvc - ok
00:29:08.0289 0848 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
00:29:08.0289 0848 stexstor - ok
00:29:08.0320 0848 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
00:29:08.0328 0848 StiSvc - ok
00:29:08.0356 0848 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
00:29:08.0357 0848 storflt - ok
00:29:08.0377 0848 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
00:29:08.0381 0848 StorSvc - ok
00:29:08.0400 0848 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
00:29:08.0401 0848 storvsc - ok
00:29:08.0427 0848 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
00:29:08.0428 0848 swenum - ok
00:29:08.0456 0848 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
00:29:08.0462 0848 swprv - ok
00:29:08.0511 0848 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
00:29:08.0537 0848 SysMain - ok
00:29:08.0559 0848 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
00:29:08.0561 0848 TabletInputService - ok
00:29:08.0578 0848 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
00:29:08.0583 0848 TapiSrv - ok
00:29:08.0605 0848 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
00:29:08.0607 0848 TBS - ok
00:29:08.0683 0848 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
00:29:08.0706 0848 Tcpip - ok
00:29:08.0825 0848 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
00:29:08.0834 0848 TCPIP6 - ok
00:29:08.0899 0848 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
00:29:08.0900 0848 tcpipreg - ok
00:29:08.0990 0848 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
00:29:09.0014 0848 tcsd_win32.exe - ok
00:29:09.0094 0848 TdmService (a405d39f4dd131954c39114fba31a5e0) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
00:29:09.0136 0848 TdmService - ok
00:29:09.0217 0848 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
00:29:09.0218 0848 TDPIPE - ok
00:29:09.0235 0848 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
00:29:09.0236 0848 TDTCP - ok
00:29:09.0268 0848 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
00:29:09.0270 0848 tdx - ok
00:29:09.0290 0848 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
00:29:09.0291 0848 TermDD - ok
00:29:09.0333 0848 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
00:29:09.0341 0848 TermService - ok
00:29:09.0361 0848 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
00:29:09.0363 0848 Themes - ok
00:29:09.0383 0848 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:29:09.0384 0848 THREADORDER - ok
00:29:09.0401 0848 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
00:29:09.0404 0848 TrkWks - ok
00:29:09.0441 0848 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
00:29:09.0444 0848 TrustedInstaller - ok
00:29:09.0463 0848 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:29:09.0464 0848 tssecsrv - ok
00:29:09.0496 0848 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
00:29:09.0498 0848 TsUsbFlt - ok
00:29:09.0542 0848 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
00:29:09.0544 0848 tunnel - ok
00:29:09.0576 0848 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
00:29:09.0577 0848 uagp35 - ok
00:29:09.0739 0848 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
00:29:09.0857 0848 udfs - ok
00:29:09.0992 0848 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
00:29:09.0995 0848 UI0Detect - ok
00:29:10.0025 0848 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
00:29:10.0026 0848 uliagpkx - ok
00:29:10.0051 0848 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
00:29:10.0052 0848 umbus - ok
00:29:10.0081 0848 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
00:29:10.0082 0848 UmPass - ok
00:29:10.0111 0848 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
00:29:10.0117 0848 UmRdpService - ok
00:29:10.0140 0848 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
00:29:10.0146 0848 upnphost - ok
00:29:10.0176 0848 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
00:29:10.0177 0848 USBAAPL - ok
00:29:10.0204 0848 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
00:29:10.0205 0848 usbccgp - ok
00:29:10.0252 0848 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
00:29:10.0254 0848 usbcir - ok
00:29:10.0279 0848 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
00:29:10.0281 0848 usbehci - ok
00:29:10.0307 0848 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
00:29:10.0311 0848 usbhub - ok
00:29:10.0338 0848 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
00:29:10.0339 0848 usbohci - ok
00:29:10.0368 0848 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
00:29:10.0369 0848 usbprint - ok
00:29:10.0389 0848 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
00:29:10.0390 0848 usbscan - ok
00:29:10.0403 0848 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
00:29:10.0405 0848 USBSTOR - ok
00:29:10.0427 0848 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
00:29:10.0428 0848 usbuhci - ok
00:29:10.0445 0848 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
00:29:10.0448 0848 UxSms - ok
00:29:10.0464 0848 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:29:10.0465 0848 VaultSvc - ok
00:29:10.0491 0848 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
00:29:10.0492 0848 vdrvroot - ok
00:29:10.0521 0848 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
00:29:10.0528 0848 vds - ok
00:29:10.0564 0848 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
00:29:10.0565 0848 vga - ok
00:29:10.0587 0848 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
00:29:10.0589 0848 VgaSave - ok
00:29:10.0611 0848 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
00:29:10.0613 0848 vhdmp - ok
00:29:10.0647 0848 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
00:29:10.0649 0848 viaagp - ok
00:29:10.0683 0848 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
00:29:10.0685 0848 ViaC7 - ok
00:29:10.0704 0848 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
00:29:10.0705 0848 viaide - ok
00:29:10.0730 0848 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
00:29:10.0733 0848 vmbus - ok
00:29:10.0744 0848 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
00:29:10.0745 0848 VMBusHID - ok
00:29:10.0766 0848 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
00:29:10.0766 0848 volmgr - ok
00:29:10.0799 0848 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
00:29:10.0803 0848 volmgrx - ok
00:29:10.0834 0848 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
00:29:10.0837 0848 volsnap - ok
00:29:10.0864 0848 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
00:29:10.0867 0848 vsmraid - ok
00:29:10.0917 0848 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
00:29:10.0942 0848 VSS - ok
00:29:10.0958 0848 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
00:29:10.0959 0848 vwifibus - ok
00:29:10.0982 0848 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
00:29:10.0989 0848 W32Time - ok
00:29:11.0021 0848 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
00:29:11.0022 0848 WacomPen - ok
00:29:11.0061 0848 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:29:11.0062 0848 WANARP - ok
00:29:11.0066 0848 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:29:11.0068 0848 Wanarpv6 - ok
00:29:11.0133 0848 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
00:29:11.0173 0848 WatAdminSvc - ok
00:29:11.0247 0848 WavxDMgr (fbf43b275efc98799e76d57e5437edee) C:\Windows\system32\DRIVERS\WavxDMgr.sys
00:29:11.0250 0848 WavxDMgr - ok
00:29:11.0302 0848 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
00:29:11.0323 0848 wbengine - ok
00:29:11.0348 0848 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
00:29:11.0351 0848 WbioSrvc - ok
00:29:11.0375 0848 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
00:29:11.0380 0848 wcncsvc - ok
00:29:11.0391 0848 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
00:29:11.0394 0848 WcsPlugInService - ok
00:29:11.0437 0848 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
00:29:11.0438 0848 Wd - ok
00:29:11.0467 0848 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:29:11.0472 0848 Wdf01000 - ok
00:29:11.0486 0848 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:29:11.0490 0848 WdiServiceHost - ok
00:29:11.0492 0848 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:29:11.0495 0848 WdiSystemHost - ok
00:29:11.0526 0848 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
00:29:11.0530 0848 WebClient - ok
00:29:11.0555 0848 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
00:29:11.0558 0848 Wecsvc - ok
00:29:11.0570 0848 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
00:29:11.0573 0848 wercplsupport - ok
00:29:11.0593 0848 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
00:29:11.0595 0848 WerSvc - ok
00:29:11.0608 0848 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
00:29:11.0609 0848 WfpLwf - ok
00:29:11.0624 0848 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
00:29:11.0625 0848 WIMMount - ok
00:29:11.0699 0848 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
00:29:11.0718 0848 WinDefend - ok
00:29:11.0726 0848 WinHttpAutoProxySvc - ok
00:29:11.0779 0848 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
00:29:11.0781 0848 Winmgmt - ok
00:29:11.0834 0848 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
00:29:11.0858 0848 WinRM - ok
00:29:11.0916 0848 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
00:29:11.0918 0848 WinUsb - ok
00:29:11.0954 0848 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
00:29:11.0973 0848 Wlansvc - ok
00:29:12.0083 0848 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:29:12.0121 0848 wlidsvc - ok
00:29:12.0192 0848 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
00:29:12.0193 0848 WmiAcpi - ok
00:29:12.0243 0848 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
00:29:12.0245 0848 wmiApSrv - ok
00:29:12.0328 0848 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:29:12.0353 0848 WMPNetworkSvc - ok
00:29:12.0423 0848 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
00:29:12.0426 0848 WPCSvc - ok
00:29:12.0446 0848 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
00:29:12.0451 0848 WPDBusEnum - ok
00:29:12.0479 0848 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
00:29:12.0480 0848 ws2ifsl - ok
00:29:12.0522 0848 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
00:29:12.0526 0848 wscsvc - ok
00:29:12.0530 0848 WSearch - ok
00:29:12.0600 0848 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
00:29:12.0638 0848 wuauserv - ok
00:29:12.0719 0848 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
00:29:12.0721 0848 WudfPf - ok
00:29:12.0747 0848 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:29:12.0749 0848 WUDFRd - ok
00:29:12.0780 0848 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
00:29:12.0784 0848 wudfsvc - ok
00:29:12.0808 0848 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
00:29:12.0813 0848 WwanSvc - ok
00:29:12.0843 0848 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:29:12.0971 0848 \Device\Harddisk0\DR0 - ok
00:29:12.0976 0848 Boot (0x1200) (9a8d11c4ccfbf492bb2e62f77e4814c7) \Device\Harddisk0\DR0\Partition0
00:29:12.0977 0848 \Device\Harddisk0\DR0\Partition0 - ok
00:29:12.0998 0848 Boot (0x1200) (ef408440766fd321d363323a9beb44d7) \Device\Harddisk0\DR0\Partition1
00:29:12.0999 0848 \Device\Harddisk0\DR0\Partition1 - ok
00:29:12.0999 0848 ============================================================
00:29:12.0999 0848 Scan finished
00:29:12.0999 0848 ============================================================
00:29:13.0009 4700 Detected object count: 0
00:29:13.0009 4700 Actual detected object count: 0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:20 AM

Posted 10 June 2012 - 12:48 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 vamsia

vamsia
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 10 June 2012 - 12:58 AM

:thumbsup: Thanks to you.

I am not sure why I am getting the error while opening links in emails. Here is the log from aswMBR. Thank you.

Another thing I forgot to mention is, before approaching this forum, I tried logging in as local Admin, hoping it was a profile issue. But it looks like that account is infected as well. Do I need to follow these steps on that account as well?

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 00:38:07
-----------------------------
00:38:07.316 OS Version: Windows 6.1.7601 Service Pack 1
00:38:07.316 Number of processors: 2 586 0x170A
00:38:07.317 ComputerName: PILAR UserName: pilar
00:38:26.222 Initialize success
00:44:29.088 AVAST engine defs: 12060901
00:46:18.692 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:46:18.696 Disk 0 Vendor: ST316031 CC46 Size: 152587MB BusType: 8
00:46:18.713 Disk 0 MBR read successfully
00:46:18.718 Disk 0 MBR scan
00:46:18.721 Disk 0 Windows 7 default MBR code
00:46:18.724 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 133 MB offset 63
00:46:18.738 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 274432
00:46:18.751 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 151702 MB offset 1810432
00:46:18.756 Disk 0 scanning sectors +312496128
00:46:18.830 Disk 0 scanning C:\Windows\system32\drivers
00:46:28.934 Service scanning
00:46:48.296 Modules scanning
00:47:00.696 Disk 0 trace - called modules:
00:47:00.725 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
00:47:00.731 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d5b030]
00:47:00.737 3 CLASSPNP.SYS[8b7b259e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85e49028]
00:47:09.173 AVAST engine scan C:\Windows
00:47:11.570 AVAST engine scan C:\Windows\system32
00:50:28.335 AVAST engine scan C:\Windows\system32\drivers
00:50:40.089 AVAST engine scan C:\Users\pilar.HCPHONE
00:56:46.347 AVAST engine scan C:\ProgramData
00:57:33.787 Scan finished successfully
00:58:01.514 Disk 0 MBR has been saved successfully to "C:\Users\pilar.HCPHONE\Desktop\MBR.dat"
00:58:01.517 The log file has been saved successfully to "C:\Users\pilar.HCPHONE\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users